Date: Wed, 14 Jan 2015 14:31:09 +0100 From: Michelle Sullivan <michelle@sorbs.net> To: Matt Smith <fbsd@xtaz.co.uk>, Michelle Sullivan <michelle@sorbs.net>, freebsd-ports@freebsd.org Subject: Re: BIND REPLACE_BASE option Message-ID: <54B66F9D.4030005@sorbs.net> In-Reply-To: <20150114124139.GB17865@xtaz.uk> References: <ee422bd630292fe6f7bc5439799667de@lhaven.homeip.net> <2A3ABE9AE68B3CE8E1B7C1A1@ogg.in.absolight.net> <20150113163325.3A8FCBDC24@prod2.absolight.net> <67897B782F897C2A66FCD458@atuin.in.mat.cc> <20150113233952.BF862BDC24@prod2.absolight.net> <B5BC1F9B1E9B32C89F11B397@atuin.in.mat.cc> <20150114031156.400F2BDC3E@prod2.absolight.net> <507F8738895177F5640A4090@atuin.in.mat.cc> <20150114120852.GA17865@xtaz.uk> <54B66183.8040403@sorbs.net> <20150114124139.GB17865@xtaz.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Matt Smith wrote: > On Jan 14 13:30, Michelle Sullivan wrote: >> Matt Smith wrote: >>> Doug Barton who used to maintain BIND in both the base system and the >>> port used to always say that the version in the base system was only >>> designed to be used as a local resolver on a laptop/desktop. If it was >>> used as a proper DNS server the port version was meant to be used >>> instead. Based on this it makes perfect sense why BIND was replaced >>> with local Unbound in the base, and the ports system still has BIND >>> for people that were using it. >> >> Was this ever documented? (I've been using bind in base for servers for >> many years and this is the first time I've heard of it - and it is >> unlikely I'm the only one.) >> > > I'm not sure if it was documented anywhere in particular. I've just > seen it mentioned lots of times on these mailing lists in the past. > Specifically around the time he was experimenting with slaving the > root and arpa zones and there were a few configuration changes to > named.conf at that time. > > The main reasoning is that the versions of things in the base system > are usually old and rarely get updated. They occasionally get patches > if there's a serious security vulnerability but for minor bugs it's > unlikely you'll see any patch. And to patch it you quite often need to > do a full O/S upgrade which is very time consuming and probably needs > a reboot. The port versions are updated straight away, even for minor > bugs and because you've not also updated half the O/S in the process > you don't need to do anything other than restart named. > And that is precisely the reason I used the 'REPLACE_BASE' option... BTW, what happens if you /usr/local/etc/rc.d/named start and /etc/rc.d/named start now (particularly the latter) ? ... I'm assuming some thought of this and removed /etc/rc.d/named as part of a freebsd-update ...? (note: some of use cannot 'freebsd-update' the 'delete-old' stuff because some <expletive deleted> got it also to delete the pkg_* tools - which some of us have to use currently - despite that same <expletive deleted> attempting to force production systems into untested configurations... even when patching exploits. Regards, -- Michelle Sullivan http://www.mhix.org/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54B66F9D.4030005>