BIND chroot environment in 10-RELEASE...gone?
Royce Williams
royce at tycho.org
Tue Dec 3 15:58:36 UTC 2013
On Tue, Dec 3, 2013 at 6:25 AM, Boris Samorodov <bsam at passap.ru> wrote:
>
> 03.12.2013 12:56, Michael Sinatra пишет:
>
> > I am aware of the fact that unbound has "replaced" BIND in the base
> > system, starting with 10.0-RELEASE. What surprised me was recent
> > commits to ports/dns/bind99 (and presumably other versions) that appears
> > to take away the supported chroot capabilities.
>
> /usr/ports/UPDATING has some info about the matter.
Specifically, 20131112 says:
All bind9 ports have been updated to support FreeBSD 10.x after
BIND was removed from the base system. It is now self-contained
in ${PREFIX}/etc/namedb, and chroot and symlinking options are
no longer supported out of the box.
Does that mean that those options now need to be manually configured
by each team running BIND?
If so, that is a net negative for security. Even if everyone running
public-facing BIND knows how to chroot, it means more work -- and more
potential implementation errors.
Royce
More information about the freebsd-stable
mailing list