Bind in FreeBSD, security advisories
Daniel Kalchev
daniel at digsys.bg
Tue Jul 30 12:48:45 UTC 2013
On 30.07.13 15:21, Mark Felder wrote:
> People don't seem upset about not having a webserver, IMAP/POP daemon,
> or LDAP server in base, so I don't understand what the big deal is about
> removing BIND.
I believe the primary reason these things are not in the base system is
that they have plenty of dependencies, with possibly conflicting
licenses etc.
> If the concern is over the rare case when you absolutely
> need a DNS recursor and there are none you can reach I suppose we should
> just import Unbound.
There are many and good reasons to include an fully featured name
server, or at least full recursive resolver. For example, for properly
supporting DNSSEC.
We could in theory remove the BIND's authoritative name server
executable... if that is attracting the SAs.
The justification "reduce the number of SA's", that is, "the bad PR" is
probably not enough. Going that direction, we should consider Comrade
Stalin's maxim "FreeBSD exists, there are problems, here is the solution
-- no FreeBSD, no problems!" :-)
Daniel
More information about the freebsd-stable
mailing list