LAST CALL FOR TEST: Re: Suggestion: Removal of BIND from base / Import alternative DNS Library ldns / import dig replacement drill

Daniel Bond db at nsn.no
Thu Apr 8 01:05:02 PDT 2010


Hi,

I would prefer it if someone took the time to maintain bind, rather than
throwing it out. I think bind is still the most deployed dns-server, and it
is nice to be able to use it, without dealing with pkgsrc etc. I also think
people are very much used to tools like 'dig' and friends - I'm sure I can
get used to drill, if it can do all the things dig can, but I'd rather not.

However, if nobody is willing to maintain Bind, I think it is much better to
throw it out, than to have it rotting in our base, possibly having security
issues, due to lack of testing.

Great work, and thank you for your interesst in this issue Jan!


Cheers,

DB.


Jan Lentfer <Jan.Lentfer at web.de> skrev følgende den 4/8/10 9:32 AM:

> On Wed, 07 Apr 2010 18:57:00 -1000, Peter Avalos <pavalos at theshell.com>
> wrote:
> 
>> I don't like the idea of having contrib source somewhere other than
>> contrib/.  I'm out of the country with barely functioning network
>> connectivity so I'm unable to view your changes.  Apparently you are
> moving
>> BIND's resolver library sources into src/lib/libc/.  That seems strange
> to
>> me.  Also, what are we gaining by switching from BIND's dns tools to
>> someone else's?
> 
> Yes, I am moving BIND's resolver lib to libc, as any of the other BSDs are
> doing it (which I admit is a weak reason by itself). The problem I see atm
> is that if we provide BIND in base it should be actual, actually always
> latest patch level and it seems to me we lack the man power to achieve
> this. Otherwise we only carry BIND around with us to have the resolver lib,
> because BIND itself and related tools are bareley usable (at least from a
> security poing of view) because they are out of date.
> When I updated BIND we still had 9.3 in base, which was EOL for more than
> a year at that time. I choose to update to 9.5.2 (and not 9.6) because the
> directory layout remained the same in comparison to 9.3, so the upgrade
> seem to be less painful (still it was) but would at least provide us with a
> maintained version of BIND.
> 
> So I find it the better approach to only keep what is absolutley necessary
> and let people use the Nameserver software of their choice from pkgsrc.
> 
> Regarding import of ldns/drill: This is a comprimise. Most people (on IRC
> that is) seem to be happy with removing BIND but didn't want to pay the
> price of losing host and friends. ldns seems to be a lot more lightweight
> then BIND and has a strong focus on DNSSEC, drill is just a host
> replacement to keep those happy that demand a dns query tool.
> 
> Jan







More information about the Submit mailing list