freebsd-stable Digest, Vol 350, Issue 6
freebsd-sta...@freebsd.org
freebsd...@freebsd.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
or, via email, send a message with subject or body 'help' to
freebsd-sta...@freebsd.org
You can reach the person managing the list at
freebsd-st...@freebsd.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of freebsd-stable digest..."
Today's Topics:
1. Re: panic during work with jailed postgresql8.4 (pluknet)
2. Re: Results of BIND RFC (Randy Bush)
3. Re: Results of BIND RFC (jhell)
4. Re: Results of BIND RFC (Stanislav Sedov)
5. Re: panic during work with jailed postgresql8.4 (Oleg Lomaka)
6. Re: Results of BIND RFC (Andrey V. Elsukov)
7. Re: Results of BIND RFC (Randy Bush)
8. Re: Results of BIND RFC (Stanislav Sedov)
9. Re: Results of BIND RFC (Poul-Henning Kamp)
10. Re: Results of BIND RFC (Stanislav Sedov)
11. Re: Results of BIND RFC (Poul-Henning Kamp)
12. Re: Results of BIND RFC (Jeremy Chadwick)
13. Re: Results of BIND RFC (sth...@nethelp.no)
14. Re: Results of BIND RFC (Svein Skogen (Listmail Account))
15. Re: Results of BIND RFC (Robert Watson)
16. Re: Results of BIND RFC (Erik Trulsson)
17. Re: Results of BIND RFC (Reko Turja)
18. Re: Results of BIND RFC (Denny Lin)
----------------------------------------------------------------------
Message: 1
Date: Fri, 2 Apr 2010 05:52:54 +0400
From: pluknet <plu...@gmail.com>
Subject: Re: panic during work with jailed postgresql8.4
To: Oleg Lomaka <oleg....@gmail.com>
Cc: freebsd...@freebsd.org
Message-ID:
<g2qa31046fc1004011852p3...@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
On 1 April 2010 22:18, Oleg Lomaka <oleg....@gmail.com> wrote:
> Hello,
>
> I have a kernel panic when connect to postgresql8.4 server installed in one of jails from another jail. It's 100% reproducible.
> Also I have tried to connect from host machine to jailed pg server. That way it works fine without crash.
>
> Server configuration uses geli and zfs. Four disks encrypted using geli. And raidz2 is using ad8.eli, ad10.eli, ad12.eli, ad14.eli providers. All jails located at this raidz2 pool.
>
> Also I use ezjail for jails management. And it uses NFS to mount directories with base system.
>
> atal double fault
> rip = 0xffffffff8063510a
> rsp = 0xffffff80eaec5f50
> rbp = 0xffffff80eaec6040
> cpuid = 1; apic id = 02
> panic: double fault
> cpuid = 1
> Uptime: 7m11s
> Physical memory: 8169 MB
>
> uname -a
> FreeBSD cerberus.regredi.com 8.0-STABLE FreeBSD 8.0-STABLE #7 r206031: Thu Apr 1 13:43:57 EEST 2010 ro...@cerberus.regredi.com:/usr/obj/usr/src/sys/GENERIC amd64
>
> Link to dmesg.boot:
> http://docs.google.com/leaf?id=0B-irbkAqk9i7OGY2ZWJiODgtOWJmMy00NDQ1LTliZDctZjU3N2YwNmMxNjZl&hl=en
>
> Link to kernel core backtrace:
> http://docs.google.com/Doc?docid=0AeirbkAqk9i7ZGc5Yzc2ZndfM2M4NzYydmRw&hl=en
Looking at backtrace, I wonder whether tp->t_maxseg changes in
tcp_mtudisc() at all.
You should be able to extract its value on each 2*n frame in that big
recursive call.
--
wbr,
pluknet
------------------------------
Message: 2
Date: Fri, 02 Apr 2010 12:48:36 +0900
From: Randy Bush <ra...@psg.com>
Subject: Re: Results of BIND RFC
To: Peter Thoenen <peter....@yahoo.com>
Cc: Doug Barton <do...@FreeBSD.org>, freebsd...@FreeBSD.org,
freebsd...@FreeBSD.org, freebs...@FreeBSD.org
Message-ID: <m24ojuo6p7.wl%ra...@psg.com>
Content-Type: text/plain; charset=US-ASCII
> May I only hope this is legit and not a April Fool's joke :)
actually, as an unbound user, i would be quite happy to have bind
removed. bloated, ever-buggy, config religion, ...
randy
------------------------------
Message: 3
Date: Fri, 02 Apr 2010 00:27:57 -0400
From: jhell <jh...@dataix.net>
Subject: Re: Results of BIND RFC
To: Randy Bush <ra...@psg.com>
Cc: Peter Thoenen <peter....@yahoo.com>, freebs...@freebsd.org,
Doug Barton <do...@freebsd.org>, freebsd...@freebsd.org,
freebsd...@freebsd.org
Message-ID: <4BB5724D...@dataix.net>
Content-Type: text/plain; charset=ISO-8859-1
On 04/01/2010 23:48, Randy Bush wrote:
>> May I only hope this is legit and not a April Fool's joke :)
>
> actually, as an unbound user, i would be quite happy to have bind
> removed. bloated, ever-buggy, config religion, ...
>
> randy
At least I hope that this will be removed and added to the distribution
as a package upon release time.
--
jhell
------------------------------
Message: 4
Date: Thu, 1 Apr 2010 22:24:04 -0700
From: Stanislav Sedov <st...@FreeBSD.org>
Subject: Re: Results of BIND RFC
To: Doug Barton <do...@FreeBSD.org>
Cc: freebsd...@FreeBSD.org, freebsd...@FreeBSD.org,
freebs...@FreeBSD.org
Message-ID: <20100401222404...@FreeBSD.org>
Content-Type: text/plain; charset="us-ascii"
On Thu, 01 Apr 2010 15:16:59 -0700
Doug Barton <do...@FreeBSD.org> mentioned:
>
> Of course this change will have some costs. Users of named who rely on
> the current defaults will have some change management to deal with,
> however the costs will be minimal. The one area that has come up
> repeatedly in previous discussions about this topic is that users like
> having access to the command line tools dig, host, and nslookup. To deal
> with that issue I will be creating a bind-tools port so that those who
> want just those tools can easily add them, without the overhead of the
> rest of the BIND suite. If anyone has suggestions for other BIND tools
> that should be included in the port, please let me know.
Hey, Doug!
While it certainly might make sense to drop BIND out of the base, I'm not
sure dropping bind tools as well from it is the best decision. How hard
it will be to continue maintaining bind tools inside the base (so the
critical ones like dig and nslookup still will be available), while moving
the rest of it (the server itself and supporting tools) to the port?
--
Stanislav Sedov
ST4096-RIPE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20100402/19ed69cb/attachment-0001.pgp
------------------------------
Message: 5
Date: Fri, 2 Apr 2010 08:46:29 +0300
From: Oleg Lomaka <oleg....@gmail.com>
Subject: Re: panic during work with jailed postgresql8.4
To: pluknet <plu...@gmail.com>
Cc: freebsd...@freebsd.org
Message-ID: <67FC0BD4-E06F-4DA1...@gmail.com>
Content-Type: text/plain; charset="us-ascii"
On Apr 2, 2010, at 4:52 AM, pluknet wrote:
> On 1 April 2010 22:18, Oleg Lomaka <oleg....@gmail.com> wrote:
>>
>>
>> I have a kernel panic when connect to postgresql8.4 server installed in one of jails from another jail. It's 100% reproducible.
>> Also I have tried to connect from host machine to jailed pg server. That way it works fine without crash.
>>
>> Server configuration uses geli and zfs. Four disks encrypted using geli. And raidz2 is using ad8.eli, ad10.eli, ad12.eli, ad14.eli providers. All jails located at this raidz2 pool.
>>
>> Also I use ezjail for jails management. And it uses NFS to mount directories with base system.
>>
>> atal double fault
>> rip = 0xffffffff8063510a
>> rsp = 0xffffff80eaec5f50
>> rbp = 0xffffff80eaec6040
>> cpuid = 1; apic id = 02
>> panic: double fault
>> cpuid = 1
>> Uptime: 7m11s
>> Physical memory: 8169 MB
>>
>> uname -a
>> FreeBSD cerberus.regredi.com 8.0-STABLE FreeBSD 8.0-STABLE #7 r206031: Thu Apr 1 13:43:57 EEST 2010 ro...@cerberus.regredi.com:/usr/obj/usr/src/sys/GENERIC amd64
>>
>> Link to dmesg.boot:
>> http://docs.google.com/leaf?id=0B-irbkAqk9i7OGY2ZWJiODgtOWJmMy00NDQ1LTliZDctZjU3N2YwNmMxNjZl&hl=en
>>
>> Link to kernel core backtrace:
>> http://docs.google.com/Doc?docid=0AeirbkAqk9i7ZGc5Yzc2ZndfM2M4NzYydmRw&hl=en
>
> Looking at backtrace, I wonder whether tp->t_maxseg changes in
> tcp_mtudisc() at all.
> You should be able to extract its value on each 2*n frame in that big
> recursive call.
You are right, pt->t_maxseg doesn't change
(kgdb) frame 9
#9 0xffffffff807097e8 in tcp_mtudisc (inp=0xffffff00193c53f0, errno=Variable "errno" is not available.
) at tcp_offload.h:282
282 return (tcp_output(tp));
(kgdb) p tp->t_maxseg
$1 = 14336
(kgdb) frame 11
#11 0xffffffff807097e8 in tcp_mtudisc (inp=0xffffff00193c53f0, errno=Variable "errno" is not available.
) at tcp_offload.h:282
282 return (tcp_output(tp));
(kgdb) p tp->t_maxseg
$2 = 14336
... (full log at http://docs.google.com/Doc?docid=0AeirbkAqk9i7ZGc5Yzc2ZndfNGQ4cWpia2dz&hl=en )
(kgdb) frame 81
#81 0xffffffff807097e8 in tcp_mtudisc (inp=0xffffff00193c53f0, errno=Variable "errno" is not available.
) at tcp_offload.h:282
282 return (tcp_output(tp));
(kgdb) p tp->t_maxseg
$37 = 14336
(kgdb)
------------------------------
Message: 6
Date: Fri, 02 Apr 2010 10:11:50 +0400
From: "Andrey V. Elsukov" <bu7...@yandex.ru>
Subject: Re: Results of BIND RFC
To: Stanislav Sedov <st...@FreeBSD.org>
Cc: freebsd...@FreeBSD.org, Doug Barton <do...@FreeBSD.org>,
freebsd...@FreeBSD.org, freebs...@FreeBSD.org
Message-ID: <4BB58AA6...@yandex.ru>
Content-Type: text/plain; charset=KOI8-R; format=flowed
On 02.04.2010 9:24, Stanislav Sedov wrote:
> While it certainly might make sense to drop BIND out of the base, I'm not
> sure dropping bind tools as well from it is the best decision. How hard
> it will be to continue maintaining bind tools inside the base (so the
> critical ones like dig and nslookup still will be available), while moving
> the rest of it (the server itself and supporting tools) to the port?
Hi, All.
I'm agree with Stas. If it is not so hard to maintain "bind-tools" in the base,
It is very useful to still having them in base system.
--
WBR, Andrey V. Elsukov
------------------------------
Message: 7
Date: Fri, 02 Apr 2010 17:26:13 +0900
From: Randy Bush <ra...@psg.com>
Subject: Re: Results of BIND RFC
To: Stanislav Sedov <st...@FreeBSD.org>
Cc: freebsd...@FreeBSD.org, Doug Barton <do...@FreeBSD.org>,
freebsd...@FreeBSD.org, freebs...@FreeBSD.org
Message-ID: <m2eiiymfa2.wl%ra...@psg.com>
Content-Type: text/plain; charset=US-ASCII
> While it certainly might make sense to drop BIND out of the base, I'm not
> sure dropping bind tools as well from it is the best decision. How hard
> it will be to continue maintaining bind tools inside the base (so the
> critical ones like dig and nslookup still will be available), while moving
> the rest of it (the server itself and supporting tools) to the port?
i don't mind if dig, doc, et alia are not in base, as long as they are a
separate port from the bind hippo.
randy
------------------------------
Message: 8
Date: Fri, 2 Apr 2010 01:33:53 -0700
From: Stanislav Sedov <st...@FreeBSD.org>
Subject: Re: Results of BIND RFC
To: Randy Bush <ra...@psg.com>
Cc: freebsd...@FreeBSD.org, Doug Barton <do...@FreeBSD.org>,
freebsd...@FreeBSD.org, freebs...@FreeBSD.org
Message-ID: <20100402013353...@FreeBSD.org>
Content-Type: text/plain; charset=US-ASCII
On Fri, 02 Apr 2010 17:26:13 +0900
Randy Bush <ra...@psg.com> mentioned:
>
> i don't mind if dig, doc, et alia are not in base, as long as they are a
> separate port from the bind hippo.
>
The major benefit of having them in the base
is the ability to cross-compile them when
building the distribution for another platform.
Ports doesn't support cross-compilation yet,
and it would be a pity to find yourself
bootstrapping another tiny arm platform and
having to use ports to have a usable system.
--
Stanislav Sedov
ST4096-RIPE
------------------------------
Message: 9
Date: Fri, 02 Apr 2010 08:55:07 +0000
From: "Poul-Henning Kamp" <p...@phk.freebsd.dk>
Subject: Re: Results of BIND RFC
To: Stanislav Sedov <st...@FreeBSD.org>
Cc: Randy Bush <ra...@psg.com>, freebsd...@FreeBSD.org,
freebsd...@FreeBSD.org, Doug Barton <do...@FreeBSD.org>,
freebs...@FreeBSD.org
Message-ID: <11351.12...@critter.freebsd.dk>
In message <20100402013353...@FreeBSD.org>, Stanislav Sedov writes:
>On Fri, 02 Apr 2010 17:26:13 +0900
>Randy Bush <ra...@psg.com> mentioned:
>Ports doesn't support cross-compilation yet,
>and it would be a pity to find yourself
>bootstrapping another tiny arm platform and
>having to use ports to have a usable system.
The result of the RFC was that bind is not a mandatory component
to make "a usable system", so you argument suffers from bad logic.
The fact that you want BIND on your arm, is no different from
somebody else wanting postfix on a MIPS.
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
p...@FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
------------------------------
Message: 10
Date: Fri, 2 Apr 2010 02:17:15 -0700
From: Stanislav Sedov <st...@FreeBSD.org>
Subject: Re: Results of BIND RFC
To: "Poul-Henning Kamp" <p...@phk.freebsd.dk>
Cc: Randy Bush <ra...@psg.com>, freebsd...@FreeBSD.org,
freebsd...@FreeBSD.org, Doug Barton <do...@FreeBSD.org>,
freebs...@FreeBSD.org
Message-ID: <20100402021715...@FreeBSD.org>
Content-Type: text/plain; charset=US-ASCII
On Fri, 02 Apr 2010 08:55:07 +0000
"Poul-Henning Kamp" <p...@phk.freebsd.dk> mentioned:
> In message <20100402013353...@FreeBSD.org>, Stanislav Sedov writes:
> >On Fri, 02 Apr 2010 17:26:13 +0900
> >Randy Bush <ra...@psg.com> mentioned:
>
> >Ports doesn't support cross-compilation yet,
> >and it would be a pity to find yourself
> >bootstrapping another tiny arm platform and
> >having to use ports to have a usable system.
>
> The result of the RFC was that bind is not a mandatory component
> to make "a usable system", so you argument suffers from bad logic.
>
> The fact that you want BIND on your arm, is no different from
> somebody else wanting postfix on a MIPS.
Sorry, I think I was not clear enough.
What I actually want is to have a couple
of the important tools in the base while
moving everything also in ports. By important
tools I mean nslookup (and maybe dig), and at
least the first one is cruicial for the system
bringup. That one is also nice to have on the
livecd, which currently includes (I believe)
only the base system.
--
Stanislav Sedov
ST4096-RIPE
------------------------------
Message: 11
Date: Fri, 02 Apr 2010 09:24:51 +0000
From: "Poul-Henning Kamp" <p...@phk.freebsd.dk>
Subject: Re: Results of BIND RFC
To: Stanislav Sedov <st...@FreeBSD.org>
Cc: Randy Bush <ra...@psg.com>, freebsd...@FreeBSD.org,
freebsd...@FreeBSD.org, Doug Barton <do...@FreeBSD.org>,
freebs...@FreeBSD.org
Message-ID: <11597.12...@critter.freebsd.dk>
In message <20100402021715...@FreeBSD.org>, Stanislav Sedov writes:
>On Fri, 02 Apr 2010 08:55:07 +0000
>"Poul-Henning Kamp" <p...@phk.freebsd.dk> mentioned:
>Sorry, I think I was not clear enough.
Sorry for misunderstanding.
Yes, the case can certainly be made that DNS query tool belongs in the
base system.
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
p...@FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
------------------------------
Message: 12
Date: Fri, 2 Apr 2010 03:14:54 -0700
From: Jeremy Chadwick <fre...@jdc.parodius.com>
Subject: Re: Results of BIND RFC
To: Poul-Henning Kamp <p...@phk.freebsd.dk>
Cc: Randy Bush <ra...@psg.com>, Doug Barton <do...@FreeBSD.org>,
freebsd...@FreeBSD.org, Stanislav Sedov <st...@FreeBSD.org>,
freebsd...@FreeBSD.org, freebs...@FreeBSD.org
Message-ID: <20100402101...@icarus.home.lan>
Content-Type: text/plain; charset=us-ascii
On Fri, Apr 02, 2010 at 09:24:51AM +0000, Poul-Henning Kamp wrote:
> In message <20100402021715...@FreeBSD.org>, Stanislav Sedov writes:
> >On Fri, 02 Apr 2010 08:55:07 +0000
> >"Poul-Henning Kamp" <p...@phk.freebsd.dk> mentioned:
>
> >Sorry, I think I was not clear enough.
>
> Sorry for misunderstanding.
>
> Yes, the case can certainly be made that DNS query tool belongs in the
> base system.
I disagree (so what else is new?) It should be kept out of the base
system. KISS:
Doug pulling BIND out of the base system / going ports-only = excellent.
Doug making a separate port for BIND-esque DNS query/maintenance tools =
excellent.
Both of the above can be made into packages. Vendors who use FreeBSD
can incorporate said package(s) into their build infrastructure. Folks
who do not have Internet connections (yet for some reason want said DNS
tools) can install the package(s) from CD/DVD/USB.
I want the bikeshed to be black. :-)
[1]: FreeBSD really needs to move away from the "base system" as a
concept, as I've ranted about in the past. Or if it cannot, the "base
system" needs to start using pkg_* (somehow) for use, and src.conf
WITHOUT_xxx (where xxx = some software) removed. Concept being: "I
don't need Kerberos; pkg_delete base-krb5. I also don't need lib32;
pkg_delete base-lib32". Beautiful concept, hard to implement due to
libraries being yanked out from underneathe binaries that are linked to
them. But you get the idea.
--
| Jeremy Chadwick j...@parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP: 4BD6C0CB |
------------------------------
Message: 13
Date: Fri, 02 Apr 2010 12:28:36 +0200 (CEST)
From: sth...@nethelp.no
Subject: Re: Results of BIND RFC
To: fre...@jdc.parodius.com
Cc: st...@FreeBSD.org, do...@FreeBSD.org, freebsd...@FreeBSD.org,
ra...@psg.com, p...@phk.freebsd.dk, freebsd...@FreeBSD.org,
freebs...@FreeBSD.org
Message-ID: <20100402.122836...@nethelp.no>
Content-Type: Text/Plain; charset=us-ascii
> [1]: FreeBSD really needs to move away from the "base system" as a
> concept, as I've ranted about in the past.
Strongly disagree.
> Or if it cannot, the "base
> system" needs to start using pkg_* (somehow) for use, and src.conf
> WITHOUT_xxx (where xxx = some software) removed. Concept being: "I
> don't need Kerberos; pkg_delete base-krb5. I also don't need lib32;
> pkg_delete base-lib32". Beautiful concept, hard to implement due to
> libraries being yanked out from underneathe binaries that are linked to
> them. But you get the idea.
This *might* be workable. However, in general - a large part of the
reason why I use FreeBSD is that the FreeBSD base system gives me
most of what I want, in *one* well defined chunk, *without* having
to install a zillion extra packages, and without umpteen different
versions of config files and locations for the important information.
So please don't destroy this.
Steinar Haug, Nethelp consulting, sth...@nethelp.no
------------------------------
Message: 14
Date: Fri, 02 Apr 2010 12:44:55 +0200
From: "Svein Skogen (Listmail Account)"
<svein-l...@stillbilde.net>
Subject: Re: Results of BIND RFC
To: freebsd...@freebsd.org
Message-ID: <4BB5CAA7...@stillbilde.net>
Content-Type: text/plain; charset="iso-8859-1"
On 02.04.2010 12:28, sth...@nethelp.no wrote:
>> [1]: FreeBSD really needs to move away from the "base system" as a
>> concept, as I've ranted about in the past.
>
> Strongly disagree.
>
>> Or if it cannot, the "base
>> system" needs to start using pkg_* (somehow) for use, and src.conf
>> WITHOUT_xxx (where xxx = some software) removed. Concept being: "I
>> don't need Kerberos; pkg_delete base-krb5. I also don't need lib32;
>> pkg_delete base-lib32". Beautiful concept, hard to implement due to
>> libraries being yanked out from underneathe binaries that are linked to
>> them. But you get the idea.
>
> This *might* be workable. However, in general - a large part of the
> reason why I use FreeBSD is that the FreeBSD base system gives me
> most of what I want, in *one* well defined chunk, *without* having
> to install a zillion extra packages, and without umpteen different
> versions of config files and locations for the important information.
>
> So please don't destroy this.
With the risk of sounding like a me-too-ist: "me too!"
I can see the point some have in wanting to run a version from ports
over running the base system one. This is doable in the current setup.
However the bundled versions of bind (and the other base system
packages) are rock stable and there for a reason.
Following the "I want this slimmed down and moved to the ports/packages
section", further, you could argue that ls, dd, and basically most of
/usr/bin could go the same way. Giving FreeBSD the same "distribution
nightmare" that some of the ... other unix-like os'es have. Is this
really where the users of the OS want it to go? We'll end up spending
more time updating tidbits of the system now moved to packages, than
actually using it. But why stop there? We could do the same to the
src/sys/dev subdirectories as well...
Let's not do that, please?
//Svein
--
--------+-------------------+-------------------------------
/"\ |Svein Skogen | sv...@d80.iso100.no
\ / |Solberg Østli 9 | PGP Key: 0xE5E76831
X |2020 Skedsmokorset | sv...@jernhuset.no
/ \ |Norway | PGP Key: 0xCE96CE13
| | sv...@stillbilde.net
ascii | | PGP Key: 0x58CD33B6
ribbon |System Admin | svein-l...@stillbilde.net
Campaign|stillbilde.net | PGP Key: 0x22D494A4
+-------------------+-------------------------------
|msn messenger: | Mobile Phone: +47 907 03 575
|sv...@jernhuset.no | RIPE handle: SS16503-RIPE
--------+-------------------+-------------------------------
If you really are in a hurry, mail me at
svein-...@stillbilde.net
This mailbox goes directly to my cellphone and is checked
even when I'm not in front of my computer.
------------------------------------------------------------
Picture Gallery:
https://gallery.stillbilde.net/v/svein/
------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20100402/ec74fb44/signature-0001.pgp
------------------------------
Message: 15
Date: Fri, 2 Apr 2010 11:52:20 +0100 (BST)
From: Robert Watson <rwa...@FreeBSD.org>
Subject: Re: Results of BIND RFC
To: Poul-Henning Kamp <p...@phk.freebsd.dk>
Cc: Randy Bush <ra...@psg.com>, Doug Barton <do...@FreeBSD.org>,
freebsd...@FreeBSD.org, Stanislav Sedov <st...@FreeBSD.org>,
freebsd...@FreeBSD.org, freebs...@FreeBSD.org
Message-ID: <alpine.BSF.2.00.1...@fledge.watson.org>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
On Fri, 2 Apr 2010, Poul-Henning Kamp wrote:
> The result of the RFC was that bind is not a mandatory component to make "a
> usable system", so you argument suffers from bad logic.
With an eye on the date of Doug's suggestive e-mail, I actually am concerned
that we maintain support for DNSSEC validation in the base system. If this
can be accomplished by keeping DNS debugging tools and the lightweight
resolver in the base, then I'm fine with that world view. However, if we
can't do DNSSEC record validation without installing the BIND package, then
that worries me.
As we go forward, DNSSEC is going to become increasingly important, and being
unable to bootstrap a system will be a problem, and it will become an
increasingly critical part of the security bootstrap process for networked
systems. While some DNSSEC folk consider it anathema ("DNS is not a directory
service!"), the ability to securely distribute keying material via an existing
network service has enourmous value: for example, early DNSSEC prototypes in
the late 1990's/early 2000's included SSH key distribution via cert records in
DNSSEC. Similarly, as proposals to tie DHCP security and mobility security to
DNSSEC expand, any decision to require a package to do DNSSEC would mean any
component depending on that also has to be outside our base.
If all requirements along these lines are met by the lightweight resolver,
then this is less of a concern.
Robert
------------------------------
Message: 16
Date: Fri, 2 Apr 2010 13:14:30 +0200
From: Erik Trulsson <ertr...@student.uu.se>
Subject: Re: Results of BIND RFC
To: Jeremy Chadwick <fre...@jdc.parodius.com>
Cc: Stanislav Sedov <st...@FreeBSD.org>, Doug Barton
<do...@FreeBSD.org>, freebsd...@FreeBSD.org, Randy Bush
<ra...@psg.com>, Poul-Henning Kamp <p...@phk.freebsd.dk>,
freebsd...@FreeBSD.org, freebs...@FreeBSD.org
Message-ID: <2010040211...@owl.midgard.homeip.net>
Content-Type: text/plain; charset=us-ascii
On Fri, Apr 02, 2010 at 03:14:54AM -0700, Jeremy Chadwick wrote:
>
> [1]: FreeBSD really needs to move away from the "base system" as a
> concept, as I've ranted about in the past. Or if it cannot, the "base
> system" needs to start using pkg_* (somehow)
No, it does not need to do that. It might be a good idea (but I am far
from convinced of it), but there most certainly is no *need* to move in
that direction.
--
<Insert your favourite quote here.>
Erik Trulsson
ertr...@student.uu.se
------------------------------
Message: 17
Date: Fri, 2 Apr 2010 14:01:57 +0300
From: "Reko Turja" <reko....@liukuma.net>
Subject: Re: Results of BIND RFC
To: <freebs...@FreeBSD.org>
Cc: freebsd...@FreeBSD.org, do...@FreeBSD.org,
freebsd...@FreeBSD.org
Message-ID: <A55EBCA8826D40E6965F9DBE30B7C311@rivendell>
Content-Type: text/plain; format=flowed; charset="utf-7";
reply-type=original
+AD4- Strongly disagree.
+AD4-
+AD4APg- Or if it cannot, the +ACI-base
+AD4APg- system+ACI- needs to start using pkg+AF8AKg- (somehow) for use, and src.conf
+AD4APg- WITHOUT+AF8-xxx (where xxx +AD0- some software) removed. Concept being: +ACI-I
+AD4APg- don't need Kerberos+ADs- pkg+AF8-delete base-krb5. I also don't need
+AD4APg- lib32+ADs-
+AD4APg- pkg+AF8-delete base-lib32+ACI-. Beautiful concept, hard to implement due
+AD4APg- to
+AD4APg- libraries being yanked out from underneathe binaries that are
+AD4APg- linked to
+AD4APg- them. But you get the idea.
+AD4-
+AD4- This +ACo-might+ACo- be workable. However, in general - a large part of the
+AD4- reason why I use FreeBSD is that the FreeBSD base system gives me
+AD4- most of what I want, in +ACo-one+ACo- well defined chunk, +ACo-without+ACo- having
+AD4- to install a zillion extra packages, and without umpteen different
+AD4- versions of config files and locations for the important
+AD4- information.
me +-1
If I wanted to go Gnu/BSD (or Loonix) route, I'd already installed
either thank you. Funny though that BIND which is pretty
straightforward as configuration goes and as much essential system
component as Sendmail is getting the axe. I thought one of the main
philosophies in FreeBSD always was being a system in itself, rather
than kernel with some haphazardly thrown in components added.
-Reko
------------------------------
Message: 18
Date: Fri, 2 Apr 2010 19:27:36 +0800
From: Denny Lin <denny...@hs.ntnu.edu.tw>
Subject: Re: Results of BIND RFC
To: "Andrey V. Elsukov" <bu7...@yandex.ru>
Cc: do...@FreeBSD.org, freebsd...@FreeBSD.org,
freebsd...@FreeBSD.org, freebs...@FreeBSD.org
Message-ID: <2010040211...@mail.hs.ntnu.edu.tw>
Content-Type: text/plain; charset=utf-8
On Fri, Apr 02, 2010 at 10:11:50AM +0400, Andrey V. Elsukov wrote:
> On 02.04.2010 9:24, Stanislav Sedov wrote:
> >While it certainly might make sense to drop BIND out of the base, I'm not
> >sure dropping bind tools as well from it is the best decision. How hard
> >it will be to continue maintaining bind tools inside the base (so the
> >critical ones like dig and nslookup still will be available), while moving
> >the rest of it (the server itself and supporting tools) to the port?
>
> Hi, All.
>
> I'm agree with Stas. If it is not so hard to maintain "bind-tools" in the
> base,
> It is very useful to still having them in base system.
+1 here. Dig and some of the other tools are extremely useful and
important, so it would be nice if they were in the base system instead
of a separate port.
--
Denny Lin
------------------------------
End of freebsd-stable Digest, Vol 350, Issue 6
**********************************************