BIND chroot environment in 10-RELEASE...gone?
Darren Pilgrim
list_freebsd at bluerosetech.com
Sat Dec 7 07:18:05 UTC 2013
On 12/6/2013 2:33 PM, Mark Andrews wrote:
> In message <1386367748.17212.56515229.7C50AFEB at webmail.messagingengine.com>, Ma
> rk Felder writes:
>> On Fri, Dec 6, 2013, at 16:00, Mark Andrews wrote:
>>>
>>> But they should all be running a resursive validating resolver on
>>> every box.
>>
>> Are you *really* suggesting that I should run a recursive validating
>> server on every single server I admin?
>
> I'm suggesting that it should be run on *every* machine in the
> world, until all the applications that use data from the DNS have
> been upgraded to validate the data they get from the DNS, need to
> be be running a validating resolver.
Yes, everything needs a validating resolver; but everything only needs
something behind getaddrinfo() that validates the responses provided by
the servers listed in /etc/resolv.conf. BIND and Unbound do not operate
as forwarding servers by default and we really do not want everything
running its own root-hinted resolver.
More information about the freebsd-stable
mailing list