LAST CALL FOR TEST: Re: Suggestion: Removal of BIND from base / Import alternative DNS Library ldns / import dig replacement drill

Jan Lentfer Jan.Lentfer at
Thu Apr 8 00:33:41 PDT 2010

On Wed, 07 Apr 2010 18:57:00 -1000, Peter Avalos <pavalos at>

> I don't like the idea of having contrib source somewhere other than
> contrib/.  I'm out of the country with barely functioning network
> connectivity so I'm unable to view your changes.  Apparently you are
> BIND's resolver library sources into src/lib/libc/.  That seems strange
> me.  Also, what are we gaining by switching from BIND's dns tools to
> someone else's?

Yes, I am moving BIND's resolver lib to libc, as any of the other BSDs are
doing it (which I admit is a weak reason by itself). The problem I see atm
is that if we provide BIND in base it should be actual, actually always
latest patch level and it seems to me we lack the man power to achieve
this. Otherwise we only carry BIND around with us to have the resolver lib,
because BIND itself and related tools are bareley usable (at least from a
security poing of view) because they are out of date.
When I updated BIND we still had 9.3 in base, which was EOL for more than
a year at that time. I choose to update to 9.5.2 (and not 9.6) because the
directory layout remained the same in comparison to 9.3, so the upgrade
seem to be less painful (still it was) but would at least provide us with a
maintained version of BIND.

So I find it the better approach to only keep what is absolutley necessary
and let people use the Nameserver software of their choice from pkgsrc.

Regarding import of ldns/drill: This is a comprimise. Most people (on IRC
that is) seem to be happy with removing BIND but didn't want to pay the
price of losing host and friends. ldns seems to be a lot more lightweight
then BIND and has a strong focus on DNSSEC, drill is just a host
replacement to keep those happy that demand a dns query tool.



More information about the Submit mailing list