Re: Bind in FreeBSD, security advisories
I think you could conceptually differentiate between DNS clients and servers and remove bind without removing the DNS clients. On 7/30/13 8:39 AM, Tom Evans tevans...@googlemail.com wrote: On Tue, Jul 30, 2013 at 8:55 AM, David Demelier demelier.da...@gmail.com wrote: Hi, For years, a lot of security advisories have been present for bind. I'm just guessing if it's not a good idea to remove bind from base? This will probably free by half the number of FreeBSD SA's in the future. Sure, but no bind in base also implies no dig, nslookup or host. Cheers Tom ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Bind in FreeBSD, security advisories
The package would have to be reworked to remove the name server - not an impossible task and you could make a case for it from an ideological perspective, but is it worth the work? On 7/30/13 8:59 AM, Mark Felder f...@freebsd.org wrote: On Tue, Jul 30, 2013, at 7:47, Daniel Kalchev wrote: We could in theory remove the BIND's authoritative name server executable... if that is attracting the SAs. It's the same executable, that's the problem :-) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Bind in FreeBSD, security advisories
Verisign is currently actively developing the getdns API description that Paul Hoffman put together and documented at http://www.vpnc.org/getdns-api/ This includes a stub resolver, a recursive resolver and could provide functionality independent of the BIND distribution. We have adopted the BSD coding standards for the project and will be making the github repository public later this year. On 7/30/13 11:58 AM, Daniel Kalchev dan...@digsys.bg wrote: snip Having said this, it is perfectly ok to replace BIND with any other resolver + name server as long as there is suitable candidate that has passed enough testing. Is there one? Do we know enough of their quirks? Daniel ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: RELENG_9 panic with PERC 6/i (mfi)
Did you guys end up identifying the cause of that panic? -- Glen Wiley Systems Architect Verisign Inc. On 12/23/12 12:56 PM, Sean Kelly smke...@flightaware.com wrote: Greetings. All I have to do to panic it is boot it. As you can see from the dump, it died after about 30 seconds without me doing anything. I can't provide those sysctl values easily, as it panics too quickly. I suppose I can convince it to drop to DDB and pick them out if that would be helpful. Here they are from the working 8.2-R kernel. vm.kmem_map_free: 49870348288 vm.kmem_map_size: 68964352 This box, unlike most of our others, doesn't even utilizing ZFS. root@papa:~# gpart show =63 1141899192 mfid0 MBR (545G) 63 1141884072 1 freebsd [active] (544G) 1141884135 15120 - free - (7.4M) = 0 1141884072 mfid0s1 BSD (544G) 0 83886081 freebsd-ufs (4.0G) 8388608167772164 freebsd-ufs (8.0G) 25165824335544325 freebsd-ufs (16G) 58720256671088642 freebsd-swap (32G) 125829120671088647 freebsd-swap (32G) 192937984671088648 freebsd-swap (32G) 260046848 8818372246 freebsd-ufs (420G) From: Daniel Braniss [da...@cs.huji.ac.il] Sent: Sunday, December 23, 2012 1:43 AM To: Sean Kelly Subject: Re: RELENG_9 panic with PERC 6/i (mfi) btw: sysctl -a | grep kmem_map vm.kmem_map_free: 8859570176 vm.kmem_map_size: 6037008384 danny ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
