Hello Doug, List,
I confirm the upgrade from 94 to 96 is very minor. I'm running several fbsd8.0 and 8.1 servers but I still have a 7.2-STABLE box here. I just upgraded from the ports collections 9.4.4.ESV.2 to 9.6.3.ESV3 named-checkconf doesn't report any error, neither does checkzone. I started the new named daemon successfully and can still resolve just fine, both with recursion from localhost and without from external hosts. Please note that I was using 94 from ports and not the base system, but either way I haven't made a single change to my configuration files. I am also in favor of upgrading the base system's version of BIND to 9.6. -- Damien On 12/18/10 6:41 AM, Doug Barton wrote: > Howdy, > > Traditionally for contributed software generally, and BIND in particular > we have tried to keep the major version of the contributed software > consistent throughout a given RELENG_$N branch of FreeBSD. Hopefully the > reasoning for this is obvious, we want to avoid POLA violations. > > However this policy led to an unfortunate situation with FreeBSD 6 and > BIND 9.3. We ended up "supporting" it long after the vendor's EOL date, > both in ports and in the base. I have written previously about this > issue being an inevitable result of the fact that our release > engineering schedule and ISC's have both changed, and diverged. In > RELENG_6 the problem was exacerbated by the fact that BIND 9.3 was such > an old version that there was no clean upgrade path, users needed to > make changes to configuration files, regression test, etc. Therefore the > decision was made to live with the issue in RELENG_6. > > We currently face a similar situation in RELENG_7, which has BIND > 9.4-ESV; scheduled to EOL in May 2011. > https://www.isc.org/software/bind/versions In contrast, BIND 9.6-ESV > will be supported until March 2013. Additionally BIND 9.6 is a superset > of 9.4, and users should not need to make any changes to their > configuration files. In fact, at the moment src/etc/namedb is identical > in head/ stable/8, and stable/7. There may be some differences in > operation; for example in some situations BIND 9.6 can use more memory > than an identically configured 9.4 server. But in the overwhelming > number of situations users would simply be able to upgrade in place > without concern. > > In order to avoid repeating the scenario where we have a version of BIND > in the base that is not supported by the vendor I am proposing that we > upgrade to BIND 9.6-ESV in FreeBSD RELENG_7. > > There is an additional element to this decision that is relevant for > users who wish to set up their resolving name servers for DNSSEC > validation. BIND 9.6 is the oldest version that has (or will have) > support for the algorithms and other features necessary for modern > DNSSEC. While I do not think that the decision of changing BIND versions > should turn exclusively on this element, I do think it is a factor that > should be considered. > > My purpose in writing this message is to solicit feedback from users who > would be adversely affected if this change was made. Please do not > devolve down the rathole of whether BIND should be removed from the base > altogether. This is incredibly unlikely to happen for RELENG_7 or > RELENG_8. The question of whether or not it should happen in HEAD prior > to the eventual 9.0-RELEASE is a topic for another thread. > > I am particularly interested in feedback from users with significant DNS > usage that are still using 9.4, especially if you're using the version > in the base. I would appreciate it if you could install 9.6 from the > ports and at minimum run /usr/local/sbin/named-checkconf to see if any > errors are generated. Of course it would be that much more helpful if > you could also evaluate BIND 9.6 in operation in your environment. > > Your feedback on the issue of upgrading BIND in RELENG_7 is welcome. > Sooner is better. :) > > > Regards, > > Doug > _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org" _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
