Date: Sat, 07 Dec 2013 09:00:16 +1100 From: Mark Andrews <marka@isc.org> To: Rainer Duffner <rainer@ultra-secure.de> Cc: freebsd-stable@freebsd.org, Torfinn Ingolfsen <torfinn.ingolfsen@getmail.no> Subject: Re: BIND chroot environment in 10-RELEASE...gone? Message-ID: <20131206220016.BADCAB556F4@rock.dv.isc.org> In-Reply-To: Your message of "Fri, 06 Dec 2013 14:39:44 %2B0100." <20131206143944.4873391d@suse3> References: <529D9CC5.8060709@rancid.berkeley.edu> <20131204095855.GY29825@droso.dk> <alpine.BSF.2.00.1312041212000.2022@badger.tharned.org> <E915D8A5-1CD0-465B-BAD1-59C45C9415F4@gid.co.uk> <20131205193815.05de3829de9e33197fe210ac@getmail.no> <20131206143944.4873391d@suse3>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20131206143944.4873391d@suse3>, Rainer Duffner writes: > > > > 2) that this mess around FreeBSD 10 will not slow the > > adoption rate of FreeBSD 10. > > > I don't think so. > Only a fraction of my servers ever needed BIND. > And where we need it, we're happy to install a port of it (which has a > lot of OPTIONS, which I saw for the first time only recently...) Actually *all* your machines (that include mobile phones, tablets, etc.) need a validating resolver on them which BIND can supply for FreeBSD boxes. Just because it can do other things is not a reason to discount it as a validating resolver. Setting up secure paths between machines is difficult. Setting up secure paths intra machine is trivial. > I can see the point for somebody who is running dozens of BIND-servers, > though. > Tracking BIND-updates via freebsd-update was/is probably quite > convenient. > > But, I have to say: if you do a major version upgrade, don't read the > release-notes (which will mention the absence of BIND, I assume) and > don't do a test-run of the upgrade on a non-critical-system, And lots of people don't have test machines and need to take a leap of faith when upgrading. 99.999% of the world takes Leap of Faith upgrades whether it is FreeBSD, Windows, Apple or Linux. > maybe you > shouldn't be running a nameserver at all in the first place. And BIND > even less so, IMHO. But they should all be running a resursive validating resolver on every box. Release notes are really only useful for small percentage of people. The same way as options on ports are only useful for small percentage of people. People don't expect stuff to be taked way in a upgrade as it is no longer a upgrade. And this was taken away after a long sustained religious battle going back years based on bogus arguments. > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20131206220016.BADCAB556F4>