Re: bind -> unbound/nsd

2016-08-30 Thread Erik Berls
On August 29, 2016 at 8:36:23 PM, Thor Lancelot Simon (t...@panix.com) wrote: > On Sun, Aug 28, 2016 at 06:24:41AM +, David Holland wrote: > > > > So for what it's worth: I don't see any need to have a DNS server in > > base. It may be traditional, but few people use it; the landscape's >

Re: bind -> unbound/nsd

2016-08-29 Thread Thor Lancelot Simon
On Sun, Aug 28, 2016 at 06:24:41AM +, David Holland wrote: > > So for what it's worth: I don't see any need to have a DNS server in > base. It may be traditional, but few people use it; the landscape's As a guy who spent the best part of a decade building embedded products out of NetBSD:

Re: bind -> unbound/nsd

2016-08-29 Thread Jeremy C. Reed
It would be good to be able to have local DNSSEC validation work (especially if we want to use TLSA). I also serve authoritative DNS using NetBSD currently and for over a decade. I am fine with installing an authoritative server via a package.

Re: bind -> unbound/nsd

2016-08-28 Thread David Holland
On Sun, Aug 21, 2016 at 10:28:39AM -0400, Thor Lancelot Simon wrote: > On Fri, Aug 19, 2016 at 06:13:13PM +0200, Joerg Sonnenberger wrote: > > On Fri, Aug 19, 2016 at 09:55:48AM +0100, Roy Marples wrote: > > > For example, I would use nsd on exactly one machine in my environment, > > > my

Re: bind -> unbound/nsd

2016-08-22 Thread Jeremy C. Reed
On Sun, 21 Aug 2016, co...@sdf.org wrote: > Would we update for security reasons despite the license change? The upstream will continue to provide security fixes for the stable supported version that uses the old license for at least a couple years. (The license change is in the new feature

Re: bind -> unbound/nsd

2016-08-22 Thread Joerg Sonnenberger
On Mon, Aug 22, 2016 at 12:21:00PM +0100, Patrick Welche wrote: > On Fri, Aug 19, 2016 at 06:13:13PM +0200, Joerg Sonnenberger wrote: > > On Fri, Aug 19, 2016 at 09:55:48AM +0100, Roy Marples wrote: > > > For example, I would use nsd on exactly one machine in my environment, > > > my public facing

Re: bind -> unbound/nsd, Re: bind -> unbound/nsd

2016-08-22 Thread Robert Elz
| On Aug 22, 4:02am, r...@marples.name (Roy Marples) wrote: | -- Subject: Re: bind -> unbound/nsd, Re: bind -> unbound/nsd | | | Please describe how nsd has a "tighter integration" or (i assume | | better?) "out of the box usability" when in -base vs pkgsrc.

Re: bind -> unbound/nsd

2016-08-22 Thread Patrick Welche
On Fri, Aug 19, 2016 at 06:13:13PM +0200, Joerg Sonnenberger wrote: > On Fri, Aug 19, 2016 at 09:55:48AM +0100, Roy Marples wrote: > > For example, I would use nsd on exactly one machine in my environment, > > my public facing DNS server which is exactly where it belongs. > > > > On the other

Re: bind -> unbound/nsd, Re: bind -> unbound/nsd

2016-08-22 Thread Christos Zoulas
On Aug 22, 4:02am, r...@marples.name (Roy Marples) wrote: -- Subject: Re: bind -> unbound/nsd, Re: bind -> unbound/nsd | OK, I'll bite. | | Please describe how nsd has a "tighter integration" or (i assume | better?) "out of the box usability" | when in -base vs pkgsrc

Re: bind -> unbound/nsd

2016-08-21 Thread Roy Marples
On 2016-08-21 15:38, chris...@zoulas.com wrote: On Aug 21, 10:28am, t...@panix.com (Thor Lancelot Simon) wrote: -- Subject: Re: bind -> unbound/nsd | I am strongly opposed to removing basic server functionality present | in BSD Unix for over 30 years -- and still in widespread use -- f

Re: bind -> unbound/nsd

2016-08-21 Thread coypu
On Sun, Aug 21, 2016 at 03:07:18PM -0700, John Nemeth wrote: > There are regular pullups for security issues. Thus your list > would only be correct for 6.0 itself, and not for subsequent 6.x > releases. And, if one didn't update from 6.0 at all, there would > be plenty of other issues

Re: bind -> unbound/nsd

2016-08-21 Thread John Nemeth
On Aug 21, 9:47pm, co...@sdf.org wrote: } On Thu, Aug 18, 2016 at 11:10:18AM -0400, Christos Zoulas wrote: } > } > The recent change of ISC/bind licensing from BSD to MPL for the } > next release has provided us with an opportunity to re-evaluate } > the preferred daemon status for NetBSD and

Re: bind -> unbound/nsd

2016-08-21 Thread coypu
On Thu, Aug 18, 2016 at 11:10:18AM -0400, Christos Zoulas wrote: > > Hello, > > The recent change of ISC/bind licensing from BSD to MPL for the > next release has provided us with an opportunity to re-evaluate > the preferred daemon status for NetBSD and DNS resolution. Board/Core > have decided

Re: bind -> unbound/nsd

2016-08-21 Thread John Nemeth
On Aug 21, 10:28am, Thor Lancelot Simon wrote: } On Fri, Aug 19, 2016 at 06:13:13PM +0200, Joerg Sonnenberger wrote: } > On Fri, Aug 19, 2016 at 09:55:48AM +0100, Roy Marples wrote: } > > For example, I would use nsd on exactly one machine in my environment, } > > my public facing DNS server which

Re: bind -> unbound/nsd

2016-08-21 Thread Joerg Sonnenberger
On Sun, Aug 21, 2016 at 10:28:39AM -0400, Thor Lancelot Simon wrote: > On Fri, Aug 19, 2016 at 06:13:13PM +0200, Joerg Sonnenberger wrote: > > On Fri, Aug 19, 2016 at 09:55:48AM +0100, Roy Marples wrote: > > > For example, I would use nsd on exactly one machine in my environment, > > > my public

Re: bind -> unbound/nsd

2016-08-21 Thread David Young
On Sun, Aug 21, 2016 at 10:38:44AM -0400, Christos Zoulas wrote: > On Aug 21, 10:28am, t...@panix.com (Thor Lancelot Simon) wrote: > -- Subject: Re: bind -> unbound/nsd > | I am strongly opposed to removing basic server functionality present > | in BSD Unix for over 30 yea

Re: bind -> unbound/nsd

2016-08-21 Thread Christos Zoulas
On Aug 21, 10:28am, t...@panix.com (Thor Lancelot Simon) wrote: -- Subject: Re: bind -> unbound/nsd | I am strongly opposed to removing basic server functionality present | in BSD Unix for over 30 years -- and still in widespread use -- from NetBSD. | I don't mind replacing BIND but all

Re: bind -> unbound/nsd

2016-08-21 Thread Thor Lancelot Simon
On Fri, Aug 19, 2016 at 06:13:13PM +0200, Joerg Sonnenberger wrote: > On Fri, Aug 19, 2016 at 09:55:48AM +0100, Roy Marples wrote: > > For example, I would use nsd on exactly one machine in my environment, > > my public facing DNS server which is exactly where it belongs. > > > > On the other

Re: bind -> unbound/nsd

2016-08-19 Thread Swift Griggs
On Fri, 19 Aug 2016, Joerg Sonnenberger wrote: > To slightly expand that. You don't need nsd if you just want to serve a > few local host names for a local network. You only need nsd if you want > to provide an authoritive DNS server. IMO that is a decently small use > case that it doesn't

Re: bind -> unbound/nsd

2016-08-19 Thread Roy Marples
On 19/08/2016 07:16, Christos Zoulas wrote: > - Needs additional components nsd, openDNSSEC, ldns to match bind's > functionality Maybe we should take a step back and consider what functionality we need rather than trying to match bind. For example, I would use nsd on exactly one machine in my

Re: bind -> unbound/nsd

2016-08-19 Thread Christos Zoulas
On Aug 18, 1:27pm, g...@ir.bbn.com (Greg Troxel) wrote: -- Subject: Re: bind -> unbound/nsd | Please note that I'm not objecting; I'm just asking for the rationale to | be articulated. There are many analyses on the web comparing bind and unbound, here are 3: http://info.menandmice.com/b

Re: bind -> unbound/nsd

2016-08-18 Thread Mike
On Thu, Aug 18, 2016 at 02:53:38PM -0600, Swift Griggs wrote: > On Thu, 18 Aug 2016, Greg Troxel wrote: > > Is it about security track record? > > I'm not wanting to get into the discussion of fiat versus consensus > decision making. However, I'd like to give my own personal answer on some > of

Re: bind -> unbound/nsd

2016-08-18 Thread Matt Sporleder
> On Aug 18, 2016, at 4:53 PM, Swift Griggs wrote: > >> On Thu, 18 Aug 2016, Greg Troxel wrote: >> Is it about security track record? > > I'm not wanting to get into the discussion of fiat versus consensus > decision making. However, I'd like to give my own personal

Re: bind -> unbound/nsd

2016-08-18 Thread Swift Griggs
On Thu, 18 Aug 2016, Greg Troxel wrote: > Is it about security track record? I'm not wanting to get into the discussion of fiat versus consensus decision making. However, I'd like to give my own personal answer on some of the questions you raise, as a heavy DNS user/sysadmin. Bind's security

Re: bind -> unbound/nsd

2016-08-18 Thread Greg Troxel
chris...@astron.com (Christos Zoulas) writes: > In article , > Greg Troxel wrote: >> >>I don't see any real problems, but I think there should have been public >>discussion rather than announcing a decision. > > We can have it now... Well,

Re: bind -> unbound/nsd

2016-08-18 Thread Swift Griggs
On Thu, 18 Aug 2016, Christos Zoulas wrote: > The recent change of ISC/bind licensing from BSD to MPL for the next > release has provided us with an opportunity to re-evaluate the preferred > daemon status for NetBSD and DNS resolution. Wouldn't the license change result in some kind of status

Re: bind -> unbound/nsd

2016-08-18 Thread Christos Zoulas
In article , Greg Troxel wrote: > >I don't see any real problems, but I think there should have been public >discussion rather than announcing a decision. We can have it now... christos

Re: bind -> unbound/nsd

2016-08-18 Thread Greg Troxel
chris...@zoulas.com (Christos Zoulas) writes: > The recent change of ISC/bind licensing from BSD to MPL for the > next release has provided us with an opportunity to re-evaluate > the preferred daemon status for NetBSD and DNS resolution. Board/Core > have decided not to import the next version

bind -> unbound/nsd

2016-08-18 Thread Christos Zoulas
Hello, The recent change of ISC/bind licensing from BSD to MPL for the next release has provided us with an opportunity to re-evaluate the preferred daemon status for NetBSD and DNS resolution. Board/Core have decided not to import the next version of bind, and instead import the current version