Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 30 Jul 2013 06:49:34 -0800
From:      Royce Williams <royce@tycho.org>
To:        freebsd-stable <freebsd-stable@freebsd.org>
Subject:   Re: Bind in FreeBSD, security advisories
Message-ID:  <CA%2BE3k9271mocBcPC63buKuXkKOv_33DS8w%2Bsz2Q6R6BuGmE01A@mail.gmail.com>
In-Reply-To: <7cc4b6841ce070bef40ed28780ae00d6@mx1.enfer-du-nord.net>
References:  <CAO%2BPfDctepQY0mGH7H%2BgOSm4HJwhe-RCND%2BmxAArnRxpWiCsjg@mail.gmail.com> <1375186900.23467.3223791.24CB348A@webmail.messagingengine.com> <51F7B5C7.6050008@digsys.bg> <CAOgwaMt4G02yhU0cbiq_EEwhi4=mgt2kLGJf0Rgb8t9wECsGJA@mail.gmail.com> <51F7C07C.9060606@digsys.bg> <1375193086.25610.3260371.08421FD0@webmail.messagingengine.com> <7cc4b6841ce070bef40ed28780ae00d6@mx1.enfer-du-nord.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Jul 30, 2013 at 6:29 AM, Michael Grimm
<trashcan@odo.in-berlin.de> wrote:
>
> On 2013-07-30 16:04, Mark Felder wrote:
>
>> Unbound/NSD are suitable replacements if we really need something in
>> base, and they have been picked up by OpenBSD for a good reason --
>> clean, secure, readable, maintainable codebases and their use across the
>> internet and on the ROOT servers is growing.

I don't know enough about BIND replacements to identify them all by
sight, but according to bsdstats.org's ports/dns category:

    http://bsdstats.org/ports.php?category=27

... across all OSes (I'm not sure how to filter on just FreeBSD), of
the 23996 systems reporting , 4966 (~20.71%) are running something
from ports that I roughly recognize as a potential replacement for
BIND in base:

bind84-base 15
bind9 152
bind9-base 187
bind9-dlz+mysql+db41 5
bind9-sdb-ldap 36
bind9-sdb-ldap-base 20
bind94 40
bind94-base 157
bind95 29
bind95-base 54
bind96 146
bind96-base 181
bind97 120
bind97-base 429
bind97-sdb 8
bind97-sdb-base 12
bind98 202
bind98-base 423
bind98-devel 13
bind99 259
bind99-base 405
bind99-devel 12
djbdns 629
djbdns-ipv6 392
nsd 140
powerdns 189
powerdns-devel 17
powerdns-recursor 120
udns 215
unbound 359

4966/23977 = 0.20712

Given how many PC-BSD boxes there are, and how many folks that are
running FreeBSD and bsdstats may not know why (or how) to replace
BIND, ~20% seems like a significant number.

I'm not advocating either way; I'm just providing some data points.

Royce

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BE3k9271mocBcPC63buKuXkKOv_33DS8w%2Bsz2Q6R6BuGmE01A>