dns/bind* ports overwriting conf files
dougb at dougbarton.us
Sat Dec 28 01:18:45 UTC 2013
On 12/27/2013 04:00 PM, Mathieu Arnold wrote:
> +--On 25 décembre 2013 22:16:07 -0800 Doug Barton <dougb at dougbarton.us>
> | While looking at the UPDATING entry for the bdb mess (more on that later)
> | I happened to see this:
> | 20131209:
> | AFFECTS: users of dns/bind96, dns/bind98 and bind99 on FreeBSD 10.0
> | AUTHOR: erwin at FreeBSD.org
> | Bind versions before 126.96.36.199.ESV.R10_2, 9.8.6_2, and 9.9.4_2 on
> | FreeBSD 10.0 will replace named.conf on upgrade. Make sure to
> | backup any local changes before upgrading to the _2 versions.
> | This is not Ok. FreeBSD ports are NEVER supposed to blindly overwrite
> | config files. Please fix this so that it confirms to over a decade of
> | policy that FreeBSD ports users should be able to safely depend on.
> That's ok, because FreeBSD 10.0 is not released yet, and the current
> version of the bind ports doesn't overwrite the config files.
It's not Ok under any circumstances. FreeBSD ports should NEVER blindly
overwrite config files. Period, end of discussion.
There is no doubt that the work to remove BIND from the base and make
the ports version robust on 10.x will be difficult due to the fact that
the port relied on several things already being present in the default
base install. However "it's hard" is no excuse for not doing the work
What I proposed as part of this work years ago was to create something
like a bind-config package that would (optionally) install the same
default files and configuration for the port that are still in the base
for .x. That way users who just wanted the old default local
resolver could get that behavior easily, and users with other needs
would not have to have it. I still think that's the easiest and least
painful way to manage the transition, and would encourage Erwin to
consider it. (For extra credit, a different but similar sort of port
should be created to enable DNSSEC validation, and should include the
root zone trust anchor, and a description of how the user can validate
it for themselves.)
In any case even a _plan_ to overwrite conf files blindly is a bad idea.
So much the better to fix it now before it actually bites any users.
More information about the freebsd-ports