BIND chroot environment in 10-RELEASE...gone?

Michael Sinatra michael at rancid.berkeley.edu
Tue Dec 3 19:27:58 UTC 2013 

On 12/3/13 9:57 AM, Mark Felder wrote:
> On Tue, Dec 3, 2013, at 11:40, Michael Sinatra wrote:
>>
>> I am going to put as many of the bits together as I can to see if I can
>> recreate the chroot environment via a port on 10.0-RELEASE.  I'll also
>> submit a PR.  But I agree with the others that this is not a good idea,
>> and if I had known that the port would remove support for chroot, I
>> would have vigorously protested the switch to unbound.
>>
> 
> There was no alternative; we couldn't keep BIND in base. BIND 9 will
> certainly have a EoL before the EoL of FreeBSD 10.x, and we can't use
> BIND 10 because it requires importing Python to base.
> 
> Keep in mind that Unbound is not planned to be a permanent addition to
> base either. It's merely a stop-gap until Capser is complete, which will
> then provide the DNS services in base.
> 
> http://blog.des.no/2013/09/dns-again-a-clarification/

Yes, I read the blog post.  I assume that dougb believed back in 2012
that BIND 9.x would be EOL before FreeBSD 10.x, but, based on every
indication I have had from ISC, I doubt that will be the case.  Has ISC
made a public statement about the support for BIND 9.x?  All I know
publicly is that 9.9-ESV will be supported until late 2017, and BIND
9.10 is about to be released.  Both trains are under active development,
and I doubt that ISC will even stop *developing* BIND 9 until will into
the midpoint of 10.x's lifecycle.  But if the FreeBSD developers have
had conversations with ISC that I am not aware, you may have different
interpretations.

But that's water under the bridge.  A lot of work was put into BIND 9
integration and a lot of work was put into unbound integration.  We
should be preserving the former and not throwing it away at the expense
of functionality.  Again, I didn't have a quibble with FreeBSD's
decision until the chroot functionality support was removed from the port.

I also think that this is something that's fixable in the port and will
see what I can do to make it work.

michael

More information about the freebsd-stable mailing list