On Wed, Jul 31, 2013 at 07:22:20AM -0500, Mark Felder wrote: > > Let's take a moment and consider the state of the internet and DNS > attacks. The RRL and RPZ2 patchsets[1] are newer developments that > successfully add additional security and features to BIND. It was also > recently announced that due to the success of this work the RRL[2] patch > will be accepted by ISC into BIND mainline. > > How many users of BIND on FreeBSD are going to realize they need to run > a copy of BIND from ports to get this extremely important protection? It > certainly isn't going to get backported to 8-STABLE or 9-STABLE; I don't > even know if it will show up in 10.0-RELEASE as a quick grep shows it's > not there. To put some perspective on it, FreeBSD 8.x users are > literally 6 years behind CURRENT... >
3rd party, and especially those that are still being distributed as experimental, will not be part of the base BIND code. It will only contain a direct import from the vendor sources. After a -STABLE branche is branched into a -RELEASE branch, the latter will only get security updates, sometimes backported depending on the upstream life cycle. For feature update, users have always been dependent on ports as the BIND versions included in -RELEASE are quickly falling behind. On a side note, BIND 10 introduces a large number of 3rd party dependencies, none of which are very attractive to include in the FreeBSD base system by default. This means that we can use BIND9 so far, but for the long term, we'll have to look into a more viable alternative anyway. Erwin -- Erwin Lansing http://droso.dk er...@freebsd.org http:// www.FreeBSD.org _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
