dns/bind* ports overwriting conf files

Mathieu Arnold mat at mat.cc
Sat Dec 28 10:57:47 UTC 2013

+--On 27 décembre 2013 17:18:43 -0800 Doug Barton <dougb at dougbarton.us>
| What I proposed as part of this work years ago was to create something
| like a bind-config package that would (optionally) install the same
| default files and configuration for the port that are still in the base
| for [89].x. That way users who just wanted the old default local resolver
| could get that behavior easily, and users with other needs would not have
| to have it. I still think that's the easiest and least painful way to
| manage the transition, and would encourage Erwin to consider it. (For
| extra credit, a different but similar sort of port should be created to
| enable DNSSEC validation, and should include the root zone trust anchor,
| and a description of how the user can validate it for themselves.)

That's some interesting ideas, yes, the maintainer of bind will certainly
keep them in mind, whoever he is in the future. Having the possibility of
get sub packages and flavors in a few months will really help in that way.

| In any case even a _plan_ to overwrite conf files blindly is a bad idea.
| So much the better to fix it now before it actually bites any users.

Yes, it was, and it was fixed as soon as Erwin learnt about it. What I was
saying is that it only appears on freebsd where bind was absent from the
base, which, at that time was 10.0-BETAsomething or 11-CURRENT. I know it
was a *big* bug, but the impact was small because the os versions were not

Mathieu Arnold

More information about the freebsd-ports mailing list