Waiting for BIND security announcement

[Rakhesh Sasidharan]

>
>> This has probably been asked before,
>
> Heh, no, never. :)

That's a relief. :)

>> but if BIND is available in ports then why is it also available in
>> contrib?
>
> Couple of reasons, of relatively equal importance depending on who you
> speak to. BSD systems have "always" (I haven't verified this, but
> people who should know have told me) shipped with dns stuff on board,
> so there is resistance to the idea of stripping it out for that
> reason. The other thing that is a concern to a lot of people is that
> BIND is more than just named. Take a look at the WITHOUT_BIND* knobs
> in src.conf(1) in 7-current or make.conf(1) in 6-stable to get an idea
> of how things break down. I have a standing offer to either remove
> BIND from the base, or flip the defaults for some of those knobs to
> "NO" if the community wants it that way.

Makes sense. So to summarize the answer to my question:

* BIND is there in contrib coz lot of stuff depends on it and so its best 
left there.

* BIND is also there in ports coz the one there offers you a lot more 
build time options, is newer, gets updates faster, and is also easier to 
get up and running with out of the box (in some situations atleast).

Neat! :)

>> Are there any benefits in choosing the one in contrib over the one
>> in ports?
>
> Advantage to the one in contrib is that it's right there, and the new
> default named.conf (and associated files) makes it possible to start
> up a local resolver "out of the box."
>
> If you want a greater degree of freedom in build-time configuration,
> or you want a version other than what is in your base (for example,
> you want to use 9.4.x but you're on a 6-stable machine), then you can
> use the ports. The ports also have an option to overwrite the files in
> the base if that makes things easier in your environment.
>
> hth,

Thanks!

Rakhesh

>
> Doug
>
> -- 
>
>    This .signature sanitized for your protection
>
>