On 2013-10-12 14:18, Allan Jude wrote: > On 2013-10-12 12:34, Julian H. Stacey wrote: >> RW wrote: >>> On Sat, 12 Oct 2013 10:44:56 +0200 >>> Ivan Voras wrote: >>> >>>> explaning the user what has happened and optionally invoking "host" >>>> or "dig". >>> Actually dig has gone >> Rather cryptic for me so I looked: >> >> dig has gone from current src/usr.bin/dig >> nslookup & dig & host >> are all installed by either of current >> ports/dns/bind99 or ports/dns/bind-tools >> >> >>> and has been replaced by the unbound utility >>> drill. >> src/usr.bin/drill/ >> >> >> I agree with O.P. Zhifeng Hu's "this is a very basic tools". >> >> Removing src/contrib/bind9 from FreeBSD-10 will get criticised as: >> "Calls itself a server OS, but no name server out of the box!" >> >> Please resist periodic urges to strip src/ towards just a tool set >> capable of rebuilding itself. Tossing expected tools (even if a >> port is more up to date & secure) will annoy users, & potential >> immigrants from other Unixes may try then toss FreeBSD. >> >> Cheers, >> Julian > It is easier to keep bind up to date from ports. If you want DNSSEC > support in 9, you have to replace the bind in base anyway.... > > bind is replaced with unbound, which providers most of the functionality > required in most instances. > > I forget the exact numbers, but when I looked about 20 of the security > advisories over the last 10 years have been because of bind. That is > over 12% of all vulnerabilities. > des_at_'s blog adds another important point, bind10 required python. FreeBSD doesn't want to ship with python in base, so keeping bind wasn't really an optionReceived on Sat Oct 12 2013 - 16:25:13 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:42 UTC