Bind in FreeBSD, security advisories
Royce Williams
royce at tycho.org
Tue Jul 30 14:49:56 UTC 2013
On Tue, Jul 30, 2013 at 6:29 AM, Michael Grimm
<trashcan at odo.in-berlin.de> wrote:
>
> On 2013-07-30 16:04, Mark Felder wrote:
>
>> Unbound/NSD are suitable replacements if we really need something in
>> base, and they have been picked up by OpenBSD for a good reason --
>> clean, secure, readable, maintainable codebases and their use across the
>> internet and on the ROOT servers is growing.
I don't know enough about BIND replacements to identify them all by
sight, but according to bsdstats.org's ports/dns category:
http://bsdstats.org/ports.php?category=27
... across all OSes (I'm not sure how to filter on just FreeBSD), of
the 23996 systems reporting , 4966 (~20.71%) are running something
from ports that I roughly recognize as a potential replacement for
BIND in base:
bind84-base 15
bind9 152
bind9-base 187
bind9-dlz+mysql+db41 5
bind9-sdb-ldap 36
bind9-sdb-ldap-base 20
bind94 40
bind94-base 157
bind95 29
bind95-base 54
bind96 146
bind96-base 181
bind97 120
bind97-base 429
bind97-sdb 8
bind97-sdb-base 12
bind98 202
bind98-base 423
bind98-devel 13
bind99 259
bind99-base 405
bind99-devel 12
djbdns 629
djbdns-ipv6 392
nsd 140
powerdns 189
powerdns-devel 17
powerdns-recursor 120
udns 215
unbound 359
4966/23977 = 0.20712
Given how many PC-BSD boxes there are, and how many folks that are
running FreeBSD and bsdstats may not know why (or how) to replace
BIND, ~20% seems like a significant number.
I'm not advocating either way; I'm just providing some data points.
Royce
More information about the freebsd-stable
mailing list