On Sat, 27 Jun 2026, Peter 'PMc' Much wrote:
On Sat, Jun 27, 2026 at 11:52:48AM -0700, Fred Morris wrote: ! Hopefully you're referring to BSD itself... ! ! On Sat, 27 Jun 2026, Peter 'PMc' Much wrote: ! > ! > On Fri, Jun 26, 2026 at 05:57:15PM -0700, Fred Morris wrote: ! > ! Apologies in advance, I realize you're trying to run on BSD, and I only run ! > ! / test on Linux so it may not work. -- FWM ! > ! > That wouldn't normally be a problem. But it doesn't fit on disk. ! > I gave up when it started to compile rust (the machine has 500m ram and ! > 10g disk) ! ! ShoDoHFlo (https://github.com/m3047/shodohflo) doesn't have any dependency ! on rust. If that's occurring on account of ShoDoHFlo I'd like to know about ! your tool / build chain and the provenance of what you downloaded. I don't know ShoDoflo, I just tried to run Your script dnstap2json.py, as is. So I installed python311, and then the script complained: "ModuleNotFoundError: No module named 'dns'"
Yes, dnspython.
[...] I found the required package in /usr/ports/dns/py-dnspython, and the prereqs: root@wand:/usr/ports/dns/py-dnspython # make build-depends-list /usr/ports/devel/py-hatchling /usr/ports/lang/python311 /usr/ports/devel/py-build /usr/ports/devel/py-installer root@wand:/usr/ports/dns/py-dnspython # make run-depends-list /usr/ports/www/py-h2 /usr/ports/www/py-httpcore /usr/ports/www/py-httpx /usr/ports/www/py-aioquic /usr/ports/dns/py-idna /usr/ports/net/py-trio /usr/ports/security/py-cryptography /usr/ports/lang/python311 [...] So yes, it needs rust at least for building. And I remember other discussions also, where people complained that py-cryptography now requires rust, so this is probably not a mistake.
Well that's news to me! I will raise it with the proper authorities, although I don't know that it will make a difference. That is enough to make me question whether or not dnspython is fit for purpose any longer.
I don't want to write a DNS library for python. :-( Maybe resurrecting old code should come back into fashion... my goal was to support LOTL to the extent possible.
Anyway, Ondrey now pushed me into a promising direction. I looked into truss and sometimes the socket seems to open successfully, and sometimes I see an EPERM. Seeing an error is a good thing here. Probably at some point the named honors "-u bind" and switches UID. This needs a bit of analysis, and is likely solveable from that..
Yes, I've run into permissions issues myself. My framestream server attempts to remove and re-create the socket with the proper owner / permissions.
Happy hunting... -- Fred -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list.
