BIND REPLACE_BASE option
michelle at sorbs.net
Wed Jan 14 13:31:14 UTC 2015
Matt Smith wrote:
> On Jan 14 13:30, Michelle Sullivan wrote:
>> Matt Smith wrote:
>>> Doug Barton who used to maintain BIND in both the base system and the
>>> port used to always say that the version in the base system was only
>>> designed to be used as a local resolver on a laptop/desktop. If it was
>>> used as a proper DNS server the port version was meant to be used
>>> instead. Based on this it makes perfect sense why BIND was replaced
>>> with local Unbound in the base, and the ports system still has BIND
>>> for people that were using it.
>> Was this ever documented? (I've been using bind in base for servers for
>> many years and this is the first time I've heard of it - and it is
>> unlikely I'm the only one.)
> I'm not sure if it was documented anywhere in particular. I've just
> seen it mentioned lots of times on these mailing lists in the past.
> Specifically around the time he was experimenting with slaving the
> root and arpa zones and there were a few configuration changes to
> named.conf at that time.
> The main reasoning is that the versions of things in the base system
> are usually old and rarely get updated. They occasionally get patches
> if there's a serious security vulnerability but for minor bugs it's
> unlikely you'll see any patch. And to patch it you quite often need to
> do a full O/S upgrade which is very time consuming and probably needs
> a reboot. The port versions are updated straight away, even for minor
> bugs and because you've not also updated half the O/S in the process
> you don't need to do anything other than restart named.
And that is precisely the reason I used the 'REPLACE_BASE' option...
BTW, what happens if you /usr/local/etc/rc.d/named start and
/etc/rc.d/named start now (particularly the latter) ? ... I'm assuming
some thought of this and removed /etc/rc.d/named as part of a
freebsd-update ...? (note: some of use cannot 'freebsd-update' the
'delete-old' stuff because some <expletive deleted> got it also to
delete the pkg_* tools - which some of us have to use currently -
despite that same <expletive deleted> attempting to force production
systems into untested configurations... even when patching exploits.
More information about the freebsd-ports