Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 03 Dec 2013 10:05:49 -0600
From:      Mark Felder <feld@FreeBSD.org>
To:        freebsd-stable@freebsd.org
Subject:   Re: BIND chroot environment in 10-RELEASE...gone?
Message-ID:  <1386086749.9599.54995173.6CD35E54@webmail.messagingengine.com>
In-Reply-To: <CA%2BE3k93XpRGr822YgNYFRPQPid9PucPYufgvUTV=jjirYR7gmg@mail.gmail.com>
References:  <529D9CC5.8060709@rancid.berkeley.edu> <529DF7FA.7050207@passap.ru> <CA%2BE3k93XpRGr822YgNYFRPQPid9PucPYufgvUTV=jjirYR7gmg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Dec 3, 2013, at 9:58, Royce Williams wrote:
> On Tue, Dec 3, 2013 at 6:25 AM, Boris Samorodov <bsam@passap.ru> wrote:
> >
> > 03.12.2013 12:56, Michael Sinatra =D0=BF=D0=B8=D1=88=D0=B5=D1=82:
> >
> > > I am aware of the fact that unbound has "replaced" BIND in the base
> > > system, starting with 10.0-RELEASE.  What surprised me was recent
> > > commits to ports/dns/bind99 (and presumably other versions) that appe=
ars
> > > to take away the supported chroot capabilities.
> >
> > /usr/ports/UPDATING has some info about the matter.
>=20
>=20
> Specifically, 20131112 says:
>=20
>   All bind9 ports have been updated to support FreeBSD 10.x after
>   BIND was removed from the base system.  It is now self-contained
>   in ${PREFIX}/etc/namedb, and chroot and symlinking options are
>   no longer supported out of the box.
>=20
> Does that mean that those options now need to be manually configured
> by each team running BIND?
>=20
> If so, that is a net negative for security.  Even if everyone running
> public-facing BIND knows how to chroot, it means more work -- and more
> potential implementation errors.
>=20

I had not seen that UPDATING entry... I assume that due to shortage of
time by the maintainer and the urgency to just get the port working it
has been discarded for now. You could try adding the features back to
the port and seeing if the maintainer accepts them. Unfortunately I
don't have any inside information to assist you further.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1386086749.9599.54995173.6CD35E54>