分页: 1 / 1

unbound being ported to base as BIND replacement

发表于 : 2012-02-15 13:39
acheng
在MISC邮件列表上看到正在讨论用unbound代替BIND
On Tue, Feb 14, 2012 at 5:35 AM, Björn Ketelaars <bjorn.ketelaars#hydroxide.nl> wrote:
Hello,

After some recent discussions [1, 2] on the topic of unbound in base, and
(more important) really liking the idea of an alternative for BIND in base, I
made a start with fitting the different pieces of the puzzle. What is
finished:

1.) Integration of ldns 1.6.12 and unbound 1.4.15 and writing of relevant
Makefile wrappers. Wrapper script also compiles and installs drill;
2.) Testing (read: does it compile and work) on AMD64.

Stuart Henderson had some good remarks on integrating the above [3]. What do
you guys think of the following:

What to do with the BIND tools (dig/host/nslookup)?

Unbound offers drill. From drill.1: "The name drill is a pun on dig. With
drill you should be able get even more information than with dig.". Proposal
therefore is to replace the BIND tools with drill.

Do we run unbound-anchor automatically? if so, how do we handle possibly not
having working DNS at that time to resolve data.iana.org
(http://data.iana.org) ([url]http://data.iana.org)?[/url]

From unbound-anchor.8 I understand that unbound-anchor can be run from the
command line, or run as part of startup scripts _before_ the actual (unbound)
DNS server is started. So there is no need for DNS. Proposal therefor is to
run unbound-anchor automatically before starting the unbound daemon (rc_pre in
unbound rc-script).



How and when do we automatically generate unbound-control keys? if so, where
should that be done? b&

From unbound-control.8: The script unbound-control-setup generates these
control keys in the default run directory. If you change the access control
permissions on the key files you can decide who can use unbound-control. Run
the script under the same username as you have configured in unbound.conf or
as root, so that the daemon is permitted to read the files, for example with:
sudo -u unbound unbound-control-setup. If you have not configured a username
in unbound.conf, the keys need read permission for the user credentials under
which the daemon is started. The script preserves private keys present in the
directory. After running the script as root, turn on control-enable in
unbound.conf.

The unbound-control-script can be called from rc->make_keys(). The knob
'control-enable' can be set as default.

After tar/gzip the source files and Makefile wrappers weigh ~4.6MB. A bit to
large to send to this list. if anyone feels like looking at the workb&do not
hesitate to mail me.

Again, what do you guys think?

Kind regards,

BjC6rn


[1] http://marc.info/?l=openbsd-misc&m=132205020820910&w=2
[2] http://marc.info/?l=openbsd-tech&m=132573371521516&w=2
[3] http://marc.info/?l=openbsd-misc&m=132217547525487&w=2

回复: unbound being ported to base as BIND replacement

发表于 : 2012-02-15 20:28
f5b
henning的理由

Bind庞大,bug多多,最致命的是将来Bind 10竟然依赖python,会更加复杂,而OpenBSD的base容量有限


所以Bind将会用nsd + unbound代替?

http://marc.info/?l=openbsd-misc

上面可以很方便查看最近的unbound邮件讨论
marc.info上看OpenBSD的mail list也挺方便的,同一主题会帮你汇聚。

邮箱订阅的话,我一般用daily digest,看看大概讨论些什么,很少具体看内容。

回复: unbound being ported to base as BIND replacement

发表于 : 2012-02-16 13:16
acheng
还没了解过BIND10,但我个人不喜欢BIND依赖Python这种设计。乐见这个改变,届时BIND成为port/package,需要的可以自行安装。

我是用邮件订阅。gmail也可以自动按主题进行汇聚,挺方便的。建议对OB感兴趣的朋友订阅misc列表,感觉确实能学到些东西。

回复: unbound being ported to base as BIND replacement

发表于 : 2012-03-08 23:37
none
我也支持,呵呵,我宁愿用bind8和9,也不愿用拖泥带水的bind10