On Monday 09 July 2012 22:53:14 Doug Barton wrote:
We get it, change is hard.
No, that isn't what I said at all. I was pointing out that there's some
inconsistency between arguing that we need to make things more predictable
for new users, while simultaneously arguing that we should remove
On 07/09/2012 16:45, George Mitchell wrote:
On 07/09/12 17:01, Doug Barton wrote:
On 07/09/2012 06:45, Mark Blackman wrote:
Indeed, 'dig' and 'host' must be present and working as expected
in a minimally installed system.
So if you don't like the versions that get imported, install
On Tue, Jul 10, 2012 at 12:18 AM, Doug Barton do...@freebsd.org wrote:
But I think you are wrong about this one aspect of your
proposed change. To discover that dig is suddenly not in the base
FreeBSD system any more some day would be just about the worst
violation of the Principle of Least
On 07/08/2012 23:16, Avleen Vig wrote:
On Sun, Jul 8, 2012 at 10:51 PM, Doug Barton do...@freebsd.org wrote:
On 07/08/2012 22:43, Avleen Vig wrote:
It would be silly not to keep bind-tools in base.
Sounds easy, but not so much in practice. Keeping any of the code
doesn't solve the problem of
On 07/09/2012 00:34, Avleen Vig wrote:
On Sun, Jul 8, 2012 at 11:26 PM, Doug Barton do...@freebsd.org wrote:
On 07/08/2012 23:16, Avleen Vig wrote:
On Sun, Jul 8, 2012 at 10:51 PM, Doug Barton do...@freebsd.org wrote:
On 07/08/2012 22:43, Avleen Vig wrote:
It would be silly not to keep
On 7/9/12 12:44 AM, Dan Lukes wrote:
On 07/08/12 23:55, Doug Barton:
On 07/08/2012 07:41, Dan Lukes wrote:
...
Sorry, you're not understanding what is being proposed. Specifically
you're confusing the system stub resolver (the bit that's compiled into
libc, and used by binaries) and the
On Sun, Jul 8, 2012 at 10:29 AM, Doug Barton do...@freebsd.org wrote:
Unbound has different policies and release schedules that are more in
line with ours. So in the short term (as in, the next few years) we're
better off with unbound in the base.
Where is there information about this / what
On Sat, Jul 7, 2012 at 4:38 PM, Doug Barton do...@freebsd.org wrote:
On 07/07/2012 16:33, Garrett Wollman wrote:
On Sat, 07 Jul 2012 16:17:53 -0700, Doug Barton do...@freebsd.org said:
BIND in the base today comes with a full-featured local resolver
configuration, which I'm confident
On Sun, Jul 8, 2012 at 2:39 PM, Doug Barton do...@freebsd.org wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/08/2012 10:10, Jason Hellenthal wrote:
From first impression it seems that drill(1) has a syntax that
leaves something to be desired like the eased use of host or dig.
On Sun, Jul 8, 2012 at 10:51 PM, Doug Barton do...@freebsd.org wrote:
On 07/08/2012 22:43, Avleen Vig wrote:
It would be silly not to keep bind-tools in base.
Sounds easy, but not so much in practice. Keeping any of the code
doesn't solve the problem of the release cycles not syncing up. And
On Sun, 8 Jul 2012 23:16:04 -0700, Avleen Vig avl...@gmail.com said:
I could care less about the resolver daemon itself, I agree with what
you're saying and I don't think most end users will care about that.
But getting rid of dig and host in base would be bad.
I don't think it's as bad as
On Sun, Jul 8, 2012 at 11:26 PM, Doug Barton do...@freebsd.org wrote:
On 07/08/2012 23:16, Avleen Vig wrote:
On Sun, Jul 8, 2012 at 10:51 PM, Doug Barton do...@freebsd.org wrote:
On 07/08/2012 22:43, Avleen Vig wrote:
It would be silly not to keep bind-tools in base.
Sounds easy, but not so
On Monday 09 July 2012 09:34:34 Avleen Vig wrote:
The issue is also one of barrier-to-entry. By removing `dig` and
`host`, I think we're making things unnecessarily more difficult for
people who don't *know* FreeBSD. `dig` and `host` a universally
standard tools for doing DNS lookups. Taking
On 9 Jul 2012, at 08:34, Avleen Vig wrote:
Agreed. The idea of a minimally functional system itself might be
flawed. Do you consider having `dig` and `host` essential in a
minimally functioning system? I do.
It's pretty f'king hard to resolve problems with installing the
bind-utils port,
On Mon, Jul 9, 2012 at 12:34 AM, Avleen Vig avl...@gmail.com wrote:
[snip]
The issue is also one of barrier-to-entry. By removing `dig` and
`host`, I think we're making things unnecessarily more difficult for
people who don't *know* FreeBSD. `dig` and `host` a universally
standard tools for
On Mon, Jul 09, 2012 at 09:42:43AM -0700, Jos Backus wrote:
On Mon, Jul 9, 2012 at 12:34 AM, Avleen Vig avl...@gmail.com wrote:
[snip]
The issue is also one of barrier-to-entry. By removing `dig` and
`host`, I think we're making things unnecessarily more difficult for
people who
On 2012-Jul-09 14:15:13 +0200, in freebsd-security, Andrej (Andy) Brodnik
and...@brodnik.org wrote:
Excuse my ignorance - but is there a how-to paper on transition from
bind to unbound for SOHO?
In particular, if unbound has no authoritative server capabilities, what
suggestions are there for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/09/2012 13:47, Peter Jeremy wrote:
On 2012-Jul-09 14:15:13 +0200, in freebsd-security, Andrej (Andy)
Brodnik and...@brodnik.org wrote:
Excuse my ignorance - but is there a how-to paper on transition
from bind to unbound for SOHO?
You
On 07/09/2012 06:33, Jonathan McKeown wrote:
On Monday 09 July 2012 09:34:34 Avleen Vig wrote:
The issue is also one of barrier-to-entry. By removing `dig` and
`host`, I think we're making things unnecessarily more difficult for
people who don't *know* FreeBSD. `dig` and `host` a universally
On 07/09/2012 06:45, Mark Blackman wrote:
Indeed, 'dig' and 'host' must be present and working as expected
in a minimally installed system.
So if you don't like the versions that get imported, install bind-tools
from ports.
Doug
--
This .signature sanitized for your protection
On 9 Jul 2012, at 22:01, Doug Barton wrote:
On 07/09/2012 06:45, Mark Blackman wrote:
Indeed, 'dig' and 'host' must be present and working as expected
in a minimally installed system.
So if you don't like the versions that get imported, install bind-tools
from ports.
my DNS resolution
On 07/09/12 17:01, Doug Barton wrote:
On 07/09/2012 06:45, Mark Blackman wrote:
Indeed, 'dig' and 'host' must be present and working as expected
in a minimally installed system.
So if you don't like the versions that get imported, install bind-tools
from ports.
Doug
Doug, you are one of
what integration are you concerned about?
The utilities (specifically host(1) and dig(1)) are the only
user-visible interfaces I care about. I don't see any need for there
to be an authoritative name server in the base system. So long as the
resolver works properly and does DNSsec
On 8. Jul 2012, at 02:44 , Warner Losh wrote:
On Jul 7, 2012, at 5:33 PM, Garrett Wollman wrote:
On Sat, 07 Jul 2012 16:17:53 -0700, Doug Barton do...@freebsd.org said:
BIND in the base today comes with a full-featured local resolver
configuration, which I'm confident that Dag-Erling can
On 7. Jul 2012, at 23:45 , Doug Barton wrote:
On 07/07/2012 16:34, Bjoern A. Zeeb wrote:
On 7. Jul 2012, at 23:17 , Doug Barton wrote:
Other than authoritative DNS, what features does unbound lack that you want?
DNS64 as a start.
Personally I would classify that as a highly-specialized
On 07/07/2012 19:44, Warner Losh wrote:
On Jul 7, 2012, at 5:33 PM, Garrett Wollman wrote:
On Sat, 07 Jul 2012 16:17:53 -0700, Doug Barton do...@freebsd.org said:
BIND in the base today comes with a full-featured local resolver
configuration, which I'm confident that Dag-Erling can do for
On 07/08/2012 01:03, Bjoern A. Zeeb wrote:
On 8. Jul 2012, at 02:44 , Warner Losh wrote:
On Jul 7, 2012, at 5:33 PM, Garrett Wollman wrote:
On Sat, 07 Jul 2012 16:17:53 -0700, Doug Barton do...@freebsd.org said:
BIND in the base today comes with a full-featured local resolver
On 07/08/2012 01:07, Bjoern A. Zeeb wrote:
On 7. Jul 2012, at 23:45 , Doug Barton wrote:
On 07/07/2012 16:34, Bjoern A. Zeeb wrote:
On 7. Jul 2012, at 23:17 , Doug Barton wrote:
Other than authoritative DNS, what features does unbound lack that you
want?
DNS64 as a start.
Personally
On 07/07/2012 17:35, Adam Vande More wrote:
I am unclear on how this solves the main problem I think was stated
about syncing up with release branches.
I've already explained this at length in the past. ISC has changed both
their release schedule and their policy regarding not allowing new
line with ours. So in the short term (as in, the next few years) we're
better off with unbound in the base.
The ideal, long-term solution is to re-think what The Base is, and
give users more flexibility at install time. Unfortunately, there is a
making base as minimal as possible give you
On 07/07/2012 17:47, Darren Pilgrim wrote:
On 2012-07-07 16:45, Doug Barton wrote:
Also re DNSSEC integration in the base, I've stated before that I
believe very strongly that any kind of hard-coding of trust anchors as
part of the base resolver setup is a bad idea, and should not be done.
We
On 2012-07-08 02:31, Doug Barton wrote:
On 07/07/2012 17:47, Darren Pilgrim wrote:
On 2012-07-07 16:45, Doug Barton wrote:
Also re DNSSEC integration in the base, I've stated before that I
believe very strongly that any kind of hard-coding of trust anchors as
part of the base resolver setup is
On Sun, Jul 08, 2012 at 02:21:46AM -0700, Doug Barton wrote:
On 07/08/2012 01:03, Bjoern A. Zeeb wrote:
On 8. Jul 2012, at 02:44 , Warner Losh wrote:
On Jul 7, 2012, at 5:33 PM, Garrett Wollman wrote:
On Sat, 07 Jul 2012 16:17:53 -0700, Doug Barton do...@freebsd.org
said:
The ideal, long-term solution is to re-think what The Base is, and
give users more flexibility at install time.
Flexibility is double-edged sword.
Feel free to replace one resolver with another resolver (but don't do it
so often, please). Applications can be patched to fit new API, scripts
On Sun, 08 Jul 2012 02:31:17 -0700, Doug Barton do...@freebsd.org said:
Neither of which has any relevance to the actual root zone ZSK, which
could require an emergency roll tomorrow.
Surely that's why there's a separate KSK. The ZSK can be rolled at
any time.
-GAWollman
On 2012.07.08. 1:17, Doug Barton wrote:
Other than authoritative DNS, what features does unbound lack that you want?
[Picking up a random mail from the thread.]
Other than the functionality, when we replace something, it is also
important to do some benchmarks and assure that the performance
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/08/2012 10:10, Jason Hellenthal wrote:
From first impression it seems that drill(1) has a syntax that
leaves something to be desired like the eased use of host or dig.
So once again, if you need the exact capabilities of ISC host and dig,
On 07/08/2012 10:43, Garrett Wollman wrote:
On Sun, 08 Jul 2012 02:31:17 -0700, Doug Barton do...@freebsd.org said:
Neither of which has any relevance to the actual root zone ZSK, which
could require an emergency roll tomorrow.
Surely that's why there's a separate KSK. The ZSK can be
On 07/08/2012 13:25, Gabor Kovesdan wrote:
On 2012.07.08. 1:17, Doug Barton wrote:
Other than authoritative DNS, what features does unbound lack that you
want?
[Picking up a random mail from the thread.]
Other than the functionality, when we replace something, it is also
important to do
On 07/08/2012 07:41, Dan Lukes wrote:
The ideal, long-term solution is to re-think what The Base is, and
give users more flexibility at install time.
Flexibility is double-edged sword.
Feel free to replace one resolver with another resolver (but don't do it
so often, please). Applications
On 07/08/12 23:55, Doug Barton:
On 07/08/2012 07:41, Dan Lukes wrote:
...
Sorry, you're not understanding what is being proposed. Specifically
you're confusing the system stub resolver (the bit that's compiled into
libc, and used by binaries) and the resolving name server (BIND). No one
is
On Sun, Jul 08, 2012 at 02:39:55PM -0700, Doug Barton wrote:
On 07/08/2012 10:10, Jason Hellenthal wrote:
From first impression it seems that drill(1) has a syntax that
leaves something to be desired like the eased use of host or dig.
So once again, if you need the exact capabilities of
On 07/08/2012 22:43, Avleen Vig wrote:
It would be silly not to keep bind-tools in base.
Sounds easy, but not so much in practice. Keeping any of the code
doesn't solve the problem of the release cycles not syncing up. And for
the vast majority of users needs the tools we will import will be
On 07/07/2012 14:16, Bjoern A. Zeeb wrote:
On 3. Jul 2012, at 12:39 , Dag-Erling Smørgrav wrote:
Doug Barton do...@freebsd.org writes:
The correct solution to this problem is to remove BIND from the base
altogether, but I have no energy for all the whinging that would happen
if I tried
On 7. Jul 2012, at 23:17 , Doug Barton wrote:
On 07/07/2012 14:16, Bjoern A. Zeeb wrote:
On 3. Jul 2012, at 12:39 , Dag-Erling Smørgrav wrote:
Doug Barton do...@freebsd.org writes:
The correct solution to this problem is to remove BIND from the base
altogether, but I have no energy for
On 07/07/2012 16:33, Garrett Wollman wrote:
On Sat, 07 Jul 2012 16:17:53 -0700, Doug Barton do...@freebsd.org said:
BIND in the base today comes with a full-featured local resolver
configuration, which I'm confident that Dag-Erling can do for unbound
(and which I would be glad to assist with
On 07/07/2012 16:34, Bjoern A. Zeeb wrote:
On 7. Jul 2012, at 23:17 , Doug Barton wrote:
On 07/07/2012 14:16, Bjoern A. Zeeb wrote:
On 3. Jul 2012, at 12:39 , Dag-Erling Smørgrav wrote:
Doug Barton do...@freebsd.org writes:
The correct solution to this problem is to remove BIND from the
On Sat, 07 Jul 2012 16:17:53 -0700, Doug Barton do...@freebsd.org said:
BIND in the base today comes with a full-featured local resolver
configuration, which I'm confident that Dag-Erling can do for unbound
(and which I would be glad to assist with if needed). Other than that,
what
On Sat, Jul 7, 2012 at 6:45 PM, Doug Barton do...@freebsd.org wrote:
On 07/07/2012 16:34, Bjoern A. Zeeb wrote:
On 7. Jul 2012, at 23:17 , Doug Barton wrote:
On 07/07/2012 14:16, Bjoern A. Zeeb wrote:
On 3. Jul 2012, at 12:39 , Dag-Erling Smørgrav wrote:
Doug Barton
On 2012-07-07 16:45, Doug Barton wrote:
Also re DNSSEC integration in the base, I've stated before that I
believe very strongly that any kind of hard-coding of trust anchors as
part of the base resolver setup is a bad idea, and should not be done.
We need to leverage the ports system for this so
On Jul 7, 2012, at 5:33 PM, Garrett Wollman wrote:
On Sat, 07 Jul 2012 16:17:53 -0700, Doug Barton do...@freebsd.org said:
BIND in the base today comes with a full-featured local resolver
configuration, which I'm confident that Dag-Erling can do for unbound
(and which I would be glad to
51 matches
Mail list logo