Re: Unbound in base, yes, what about ldns?

On Sun, 23 Mar 2014, Chris Smith wrote: > From: Chris Smith > To: Stuart Henderson > Cc: OpenBSD-Misc > Date: Sun, 23 Mar 2014 22:09:00 > Subject: Re: Unbound in base, yes, what about ldns? ... > How about this line added to rc.conf.local when using the package

Re: Unbound in base, yes, what about ldns?

On Thu, Mar 20, 2014 at 7:39 PM, Stuart Henderson wrote: > You can uninstall the package if you don't need it, or you can keep it > if you do need it (for example, for drill or the ldns-* tools). How about this line added to rc.conf.local when using the package: syslogd_flags="${syslogd_flags} -

Re: Unbound in base, yes, what about ldns?

On Fri, Mar 21, 2014 at 01:41:37PM +, Stuart Henderson wrote: > > Kind-of; things will work properly if the validator is enabled now, and it's > less bad than having /var/unbound/etc writable, but would really prefer to not > have anything at all in the chroot be writable by the unprivileged _

Re: Unbound in base, yes, what about ldns?

On 2014/03/21 09:30, Chris Smith wrote: > On Wed, Mar 19, 2014 at 7:44 PM, Chris Smith wrote: > > See the thread "unbound dnssec revisited" I started on 12/30/2013 for > > some hints. Looks like creating a new directory with the proper > > permissions is the best way to go. > > Now fixed in -curr

Re: Unbound in base, yes, what about ldns?

On Wed, Mar 19, 2014 at 7:44 PM, Chris Smith wrote: > See the thread "unbound dnssec revisited" I started on 12/30/2013 for > some hints. Looks like creating a new directory with the proper > permissions is the best way to go. Now fixed in -current with a /var/unbound/db directory. Thanks Stuart!

Re: Unbound in base, yes, what about ldns?

On 2014-03-19, Chris Smith wrote: > On Wed, Mar 19, 2014 at 6:12 PM, Kenneth Westerback > wrote: >> The unbound in base has it's own cut down version of ldns. No need for >> the package. > > Can I just uninstall the package after the fact or do some files need

Re: Unbound in base, yes, what about ldns?

Thanks. 2014-03-20 1:44 GMT+02:00 Chris Smith : > See the thread "unbound dnssec revisited" I started on 12/30/2013 for > some hints. Looks like creating a new directory with the proper > permissions is the best way to go. > > > On Wed, Mar 19, 2014 at 7:01 PM, Àòàíàñ Âëàäèìèðîâ > wrote: > > Hi

Re: Unbound in base, yes, what about ldns?

See the thread "unbound dnssec revisited" I started on 12/30/2013 for some hints. Looks like creating a new directory with the proper permissions is the best way to go. On Wed, Mar 19, 2014 at 7:01 PM, Атанас Владимиров wrote: > Hi, > Sorry for Off-topic, but when you enable DNSSEC validation an

Re: Unbound in base, yes, what about ldns?

Hi, Sorry for Off-topic, but when you enable DNSSEC validation and fetch a root key with unbound-anchor(8) (needs root) the following error shows up in /var/log/messages: unbound: [0:0] error: could not open autotrust file for writing, /etc/root.key.29136-0: Permission denied May be this is becau

Re: Unbound in base, yes, what about ldns?

On Wed, Mar 19, 2014 at 6:12 PM, Kenneth Westerback wrote: > The unbound in base has it's own cut down version of ldns. No need for > the package. Can I just uninstall the package after the fact or do some files need to be replaced? Thanks, Chris

Re: Unbound in base, yes, what about ldns?

On 19 March 2014 18:09, Chris Smith wrote: > Great to see Unbound in base, thanks. > > But what about ldns? I still have that installed as a package - > removed the unbound package as per the -current instructions, but > shouldn't the ldns package package be removed as well as

Unbound in base, yes, what about ldns?

Great to see Unbound in base, thanks. But what about ldns? I still have that installed as a package - removed the unbound package as per the -current instructions, but shouldn't the ldns package package be removed as well as I believe unbound requires it and therefore it would have to be bui

Re: Unbound in base

> The primary cause of this is unbound is not a drop-in replacement for > bind, they use different utilities, like unbound use drill, and bind use > dig and friends. Maybe I'm overlooking something, but that could be a problem with replacing bind by unbound but not with linking unbound to the buil

Re: Unbound in base

On 11/23/2013 04:29 PM, Martijn Rijkeboer wrote: Hi, Just out of curiosity, what is holding the linking of Unbound to the build back? I'm not complaining since I'm using Unbound from ports without issues. I asked the question before. The primary cause of this is unbound is not a drop-in repl

Unbound in base

Hi, Just out of curiosity, what is holding the linking of Unbound to the build back? I'm not complaining since I'm using Unbound from ports without issues. Kind regards, Martijn Rijkeboer

Re: Unbound in base (review)

2012/3/26 Jakob Schlyter : > Any more feedback on this? We need more testing to proceed! Unbound has been imported to work on in-tree (not yet linked to the build) [1]. It compiles and functions on amd64 and i386. I can only guess who is actually working on further integrating this tool in base. T

Re: Unbound in base (review)

Any more feedback on this? We need more testing to proceed! jakob

Unbound in base (review)

2012/3/14 Jakob Schlyter mailto:ja...@kirei.se)>: > Could you provide an update complete tarfil for review by other developers? I think we should start considering importing this. Latest iteration: http://gateway.hydroxide.nl/OpenBSD/unbound-wip.9.tar.gz Current status includes work on suggesti

Re: Unbound in base

* Bjvrn Ketelaars [2012-02-15 18:04]: > 2012/2/15 Ralf mailto:r...@ackstorm.de)>: > > > I haven't gotten the DNSSec to work, so I ran with module-config: > > iterator. But I'm not too familiar with DNSsec, so I might have done > > something wrong on that part. And I cheated a bit when compiling a

Re[4]: Unbound in base

14 QP5P2QP0P;Q 2012, 14:31 P>Q Oliver Peter : > On Tue, Feb 14, 2012 at 01:23:01PM +0400, Mo Libden wrote: > > 14 QP5P2QP0P;Q 2012, 12:59 P>Q Gregory Edigarov : > > > On Tue, 14 Feb 2012 08:09:16 + > > > Peter van Oord van der Vlies wrote: > > > > > > > Hello, > > > > > > > > Why replacing

Re: Unbound in base

Hello, bjorn.ketela...@hydroxide.nl (Bjvrn Ketelaars), 2012.02.15 (Wed) 10:23 (CET): > > > From unbound-anchor.8 I understand that unbound-anchor can be run from the > > > command line, or run as part of startup scripts _before_ the actual > > > (unbound) > > > DNS server is started. So there is

Re: Unbound in base

> > From unbound-anchor.8 I understand that unbound-anchor can be run from the > > command line, or run as part of startup scripts _before_ the actual > > (unbound) > > DNS server is started. So there is no need for DNS. Proposal therefor is to > > run unbound-anchor automatically before starting

Re: Unbound in base

2012/2/15 Ralf mailto:r...@ackstorm.de)>: > I have briefly tested your tarball on hppa yesterday. It compiles > and works so far. > Nice to hear :-) > I haven't gotten the DNSSec to work, so I ran with module-config: > iterator. But I'm not too familiar with DNSsec, so I might have done > someth

Re: Unbound in base

On Tue, 14 Feb 2012 17:16:15 + (UTC) Stuart Henderson wrote: > On 2012-02-14, Gregory Edigarov wrote: > > unbound-control should be renamed to more convenient 'unboundctl'. > > and break scripts that are meant to work with cross-OS deployments? nah, he is talking bout convinience, not sani

Re: Unbound in base

On 2012-02-14, Gregory Edigarov wrote: > unbound-control should be renamed to more convenient 'unboundctl'. and break scripts that are meant to work with cross-OS deployments?

Re: Unbound in base

On Tue, Feb 14, 2012, Vitali wrote: > On Tue, Feb 14, 2012 at 10:09 AM, Peter van Oord van der Vlies > > Why replacing bind ? > https://www.isc.org/software/bind/advisories/cve-2012-1033 Bad CVE choice... That's a design issue in DNS, not a vulnerability in BIND. And if you want to throw CVEs a

Re: Unbound in base

Henning Brauer wrote [2012-02-14 13:52+0100]: > anything depending on PYTHON MY WOMAN! > (gimme a break) Aeh. Man. > will never make it into base anyway. If it were true! --steffen

Re: Unbound in base

* Peter van Oord van der Vlies [2012-02-14 09:11]: > Why replacing bind ? 1) because it's shit (yes yes vixie, the next release won't be written by drunken grad students and fix all design and implementation issues, we hear that since bind4 at least) 2) it's a dead end anyway - i have neve

Re: Unbound in base

On Tue, Feb 14, 2012 at 01:23:01PM +0400, Mo Libden wrote: > 14 QP5P2QP0P;Q 2012, 12:59 P>Q Gregory Edigarov : > > On Tue, 14 Feb 2012 08:09:16 + > > Peter van Oord van der Vlies wrote: > > > > > Hello, > > > > > > Why replacing bind ? > > > > Because bind is full of security related bugs a

Re: Unbound in base

On Tue, 14 Feb 2012 13:23:01 +0400 Mo Libden wrote: > 14 QP5P2QP0P;Q 2012, 12:59 P>Q Gregory Edigarov > : > > On Tue, 14 Feb 2012 08:09:16 + > > Peter van Oord van der Vlies > > wrote: > > > > > Hello, > > > > > > Why replacing bind ? > > > > Because bind is full of security related bugs

Re: Unbound in base

On 2012 Feb 14 (Tue) at 13:23:01 +0400 (+0400), Mo Libden wrote: :14 QP5P2QP0P;Q 2012, 12:59 P>Q Gregory Edigarov : :> On Tue, 14 Feb 2012 08:09:16 + :> Peter van Oord van der Vlies wrote: :> :> > Hello, :> > :> > Why replacing bind ? :> :> Because bind is full of security related bugs and

Re[2]: Unbound in base

14 QP5P2QP0P;Q 2012, 12:59 P>Q Gregory Edigarov : > On Tue, 14 Feb 2012 08:09:16 + > Peter van Oord van der Vlies wrote: > > > Hello, > > > > Why replacing bind ? > > Because bind is full of security related bugs and a bloatware. Oh come on! They say about the same thing about sendmail f

Re: Unbound in base

Let's not crosspost replies, misc is more suitable for this one. CCs trimmed. On 2012/02/14 08:09, Peter van Oord van der Vlies wrote: > Hello, > > Why replacing bind ? The version we have is in need of an update. Due to some of the design decisions made for BIND 10 that's not really going to be

Re: Unbound in base

2012/2/13 Stuart Henderson : ... >> After tar/gzip the source files and Makefile wrappers weigh ~4.6MB. A bit to >> large to send to this list. if anyone feels like looking at the workb&do not >> hesitate to mail me. > > Please do. It would be nice to put them on a public server. > WIP can be foun

Re: Unbound in base

elaars [mailto:bjorn.ketela...@hydroxide.nl] > Verzonden: Monday, February 13, 2012 10:35 PM > Aan: misc@openbsd.org > ; t...@openbsd.org > Onderwerp: Unbound in base > > Hello, > > After some recent discussions [1, 2] on the topic of unbound in base, > and (more importan

Re: Unbound in base

On Tue, Feb 14, 2012 at 10:09 AM, Peter van Oord van der Vlies wrote: > Hello, > > Why replacing bind ? That's a good question, Peter. Welcome aboard. https://www.isc.org/software/bind/advisories/cve-2012-1033 > > Kind Regards > > Peter -- ### Coonardoo - PQP8P=P8QP:P0 Q QQP=Q / The Well

Re: Unbound in base

Hello, Why replacing bind ? Kind Regards Peter - Oorspronkelijk bericht - Van: Bjvrn Ketelaars [mailto:bjorn.ketela...@hydroxide.nl] Verzonden: Monday, February 13, 2012 10:35 PM Aan: misc@openbsd.org ; t...@openbsd.org Onderwerp: Unbound in base Hello, After some recent discussions

Re: Unbound in base

On Mon, 13 Feb 2012 22:35:15 +0100 BjC6rn Ketelaars wrote: > Hello, > > After some recent discussions [1, 2] on the topic of unbound in base, > and (more important) really liking the idea of an alternative for > BIND in base, I made a start with fitting the different pieces of the

Unbound in base

Hello, After some recent discussions [1, 2] on the topic of unbound in base, and (more important) really liking the idea of an alternative for BIND in base, I made a start with fitting the different pieces of the puzzle. What is finished: 1.) Integration of ldns 1.6.12 and unbound 1.4.15 and