Bind in FreeBSD, security advisories
Daniel Kalchev
daniel at digsys.bg
Tue Jul 30 13:32:47 UTC 2013
On 30.07.13 16:13, Mehmet Erol Sanliturk wrote:
>
>
>
> On Tue, Jul 30, 2013 at 8:47 AM, Daniel Kalchev <daniel at digsys.bg
> <mailto:daniel at digsys.bg>> wrote:
>
>
> Going that direction, we should consider Comrade Stalin's maxim
> "FreeBSD exists, there are problems, here is the solution -- no
> FreeBSD, no problems!" :-)
>
> Daniel
>
>
>
>
> Then , there exists a new problem :
>
>
> "There is no FreeBSD ..."
We already know Comrade Stalin's solution had... bugs. Not before
millions parted with their lives...
When/if we remove BIND from FreeBSD, we might find out whether that
solution has bugs, or not. Not until then, though.
Back to the topic :)
My take on this is that removing BIND from the base today is..
irresponsible. First, most who use FreeBSD expect an DNS server to be
readily available. Some people would just avoid to use any ports etc.
BIND in base is well tested and known evil. If we are ever to replace it
with something else, that something else has to prove itself -
demonstrate that it is at least as good as BIND -- in the base system.
In practice, not in theory.
This is very much an situation like replacing gcc with clang/llvm.
However, in the case of BIND we have no licensing problems, stability
problems, performance problems etc --- just concerns that BIND generates
many SAs -- which might be actually good indicator, as it demonstrates
that BIND is worked on.
I personally see no reason to remove BIND from base. If someone does not
want BIND in their system, they could always use the WITHOUT_BIND build
switch.
Daniel
More information about the freebsd-stable
mailing list