dns/bind* ports overwriting conf files
Doug Barton
dougb at dougbarton.us
Sat Dec 28 23:47:23 UTC 2013
On 12/28/2013 02:57 AM, Mathieu Arnold wrote:
> +--On 27 décembre 2013 17:18:43 -0800 Doug Barton <dougb at dougbarton.us>
> wrote:
> | What I proposed as part of this work years ago was to create something
> | like a bind-config package that would (optionally) install the same
> | default files and configuration for the port that are still in the base
> | for [89].x. That way users who just wanted the old default local resolver
> | could get that behavior easily, and users with other needs would not have
> | to have it. I still think that's the easiest and least painful way to
> | manage the transition, and would encourage Erwin to consider it. (For
> | extra credit, a different but similar sort of port should be created to
> | enable DNSSEC validation, and should include the root zone trust anchor,
> | and a description of how the user can validate it for themselves.)
>
> That's some interesting ideas, yes, the maintainer of bind will certainly
> keep them in mind, whoever he is in the future. Having the possibility of
> get sub packages and flavors in a few months will really help in that way.
>
> | In any case even a _plan_ to overwrite conf files blindly is a bad idea.
> | So much the better to fix it now before it actually bites any users.
>
> Yes, it was, and it was fixed as soon as Erwin learnt about it. What I was
> saying is that it only appears on freebsd where bind was absent from the
> base, which, at that time was 10.0-BETAsomething or 11-CURRENT. I know it
> was a *big* bug, but the impact was small because the os versions were not
> releases.
Thank you for considering my thoughts on the matter.
Doug
More information about the freebsd-ports
mailing list