Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 05 Aug 2007 09:42:47 -0700
From:      Doug Barton <>
To:        Rakhesh Sasidharan <>
Cc:        Zbigniew Szalbot <>, "A.G. Russell IV" <>, Jeffrey Goldberg <>, Freebsd questions <>
Subject:   Re: Waiting for BIND security announcement
Message-ID:  <>
In-Reply-To: <>
References:  <> <> <> <> <> <> <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Rakhesh Sasidharan wrote:

> This has probably been asked before,

Heh, no, never. :)

> but if BIND is available in ports then why is it also available in
> contrib?

Couple of reasons, of relatively equal importance depending on who you
speak to. BSD systems have "always" (I haven't verified this, but
people who should know have told me) shipped with dns stuff on board,
so there is resistance to the idea of stripping it out for that
reason. The other thing that is a concern to a lot of people is that
BIND is more than just named. Take a look at the WITHOUT_BIND* knobs
in src.conf(1) in 7-current or make.conf(1) in 6-stable to get an idea
of how things break down. I have a standing offer to either remove
BIND from the base, or flip the defaults for some of those knobs to
"NO" if the community wants it that way.

> Are there any benefits in choosing the one in contrib over the one 
> in ports?

Advantage to the one in contrib is that it's right there, and the new
default named.conf (and associated files) makes it possible to start
up a local resolver "out of the box."

If you want a greater degree of freedom in build-time configuration,
or you want a version other than what is in your base (for example,
you want to use 9.4.x but you're on a 6-stable machine), then you can
use the ports. The ports also have an option to overwrite the files in
the base if that makes things easier in your environment.




    This .signature sanitized for your protection

Want to link to this message? Use this URL: <>