Re: Unbound in base, yes, what about ldns?

> I was waiting to be sure about this before adding an extra log socket in > the jail. > > Unbound opens /dev/log pre-chroot, so under normal conditions this is > not necessary, *however* if syslogd is restarted, the old socket is > no longer valid, so Unbound stops logging. > > So I think yes we

Re: Unbound in base, yes, what about ldns?

moved from misc to tech On 2014/03/23 18:09, Chris Smith wrote: > On Thu, Mar 20, 2014 at 7:39 PM, Stuart Henderson > wrote: > > You can uninstall the package if you don't need it, or you can keep it > > if you do need it (for example, for drill or the ldns-* tools). > > How about this line add

Re: Unbound in base (review)

Any more feedback on this? We need more testing to proceed! jakob

Unbound in base (review)

2012/3/14 Jakob Schlyter mailto:ja...@kirei.se)>: > Could you provide an update complete tarfil for review by other developers? I think we should start considering importing this. Latest iteration: http://gateway.hydroxide.nl/OpenBSD/unbound-wip.9.tar.gz Current status includes work on suggesti

Re: Unbound in base

> The latest iteration includes: > > - Removal of ldns-includes, -library and -manpages; > - Static link of ldns; > - No shared libraries. There was a nasty config-error in Makefile.bsd-wrapper which has been fixed in: http://gateway.hydroxide.nl/OpenBSD/unbound-wip.8.tar.gz This iteration als

Re: Unbound in base

On 2012 Feb 23 (Thu) at 09:37:57 +0100 (+0100), Bjvrn Ketelaars wrote: :> - Could you try to link ldns static and not install neither the ldns :library, include files nor the man-pages? : :The latest iteration includes: : :- Removal of ldns-includes, -library and -manpages; :- Static link of ldns;

Re: Unbound in base

> - Could you try to link ldns static and not install neither the ldns library, include files nor the man-pages? The latest iteration includes: - Removal of ldns-includes, -library and -manpages; - Static link of ldns; - No shared libraries. Tarball: http://gateway.hydroxide.nl/OpenBSD/unbound-

Re: Unbound in base

Hi Bjvrn, First - thanks a lot for doing this; it has been on my todo-list for ages and I really appreciate this getting done. - Have you considered getting rid of all the ldns cruft that we would not use anyway? - Could you try to link ldns static and not install neither the ldns library, inclu

Re: Unbound in base

Latest iteration of trying to get unbound to fit in OpenBSD base can be found here: http://gateway.hydroxide.nl/OpenBSD/unbound-wip.5.tar.gz Quite a few things have changed: - better integration of ldns in unbound by writing a better Makefile.bsd-wrapper (thanks to Ralf -at- ackstorm -dot- de);

Re: Unbound in base

* Bjvrn Ketelaars [2012-02-17 14:00]: > Updated set of files and diffs are here: > > http://gateway.hydroxide.nl/OpenBSD/unbound-wip.2.tar.gz Tested on OpenBSD 5.0/vax in simh simulator. Works fine. There was one issue during "make install": install -c -s -o root -g bin -m 555 drill/.libs/dri

Re: Unbound in base

use the stub syntax in unbound. Penned by Jan Klemkow on 20120217 6:18.33, we have: | I was working on replacing bind with unbound and nsd a half year ago. | I run into this problem. I think in local networks you get such setups | where you have to serve clients with global request like google.de

Re: Unbound in base

> On Fri, Feb 17, 2012 at 12:01:46PM +0100, Henning Brauer wrote: > > * Jan Klemkow [2012-02-17 10:45]: > > > There is an other problem with replacing bind with unbound and nsd. > > > If you have a setup where you need to do authoritative and recursive > > > resolving of domains with the same sock

Re: Unbound in base

Penned by Jan Klemkow on 20120217 3:38.24, we have: | There is an other problem with replacing bind with unbound and nsd. | If you have a setup where you need to do authoritative and recursive | resolving of domains with the same socket and you have to synchronise | with an extern dns server over

Re: Unbound in base

On Fri, Feb 17, 2012 at 01:18:33PM +0100, Jan Klemkow wrote: | I was working on replacing bind with unbound and nsd a half year ago. | I run into this problem. I think in local networks you get such setups | where you have to serve clients with global request like google.de and | local requests lik

Re: Unbound in base

I was working on replacing bind with unbound and nsd a half year ago. I run into this problem. I think in local networks you get such setups where you have to serve clients with global request like google.de and local requests like mail.inhouse.company.com. I just want to hint this problem. In my

Re: Unbound in base

* Jan Klemkow [2012-02-17 10:45]: > There is an other problem with replacing bind with unbound and nsd. > If you have a setup where you need to do authoritative and recursive > resolving of domains with the same socket and you have to synchronise > with an extern dns server over zone transfers. I

Re: Unbound in base

On 2012/02/17 10:38, Jan Klemkow wrote: > I think we need modern bind in ports if we do the replacement. So that > the admins out there could easily use OpenBSD as a DNS-Server with such > extra features. Yes of course. It's also needed for people doing split-horizon with views, and various other

Re: Unbound in base

There is an other problem with replacing bind with unbound and nsd. If you have a setup where you need to do authoritative and recursive resolving of domains with the same socket and you have to synchronise with an extern dns server over zone transfers. This setup is not possible at the moment wit

Re: Unbound in base

>> I agree, however I cannot help with these arches as I do not have >> access to them. Anyone does? > > I tested another arch, alpha with -current from 2012-02-12. A couple > of build scripts needed executable bits to build successfully, like > install-sh and libtool (hppa had the same issue, of c

Re: Unbound in base

* Bjvrn Ketelaars [2012-02-15 06:48]: > >> 2.) Testing (read: does it compile and work) on AMD64. > > > > amd64 is easy, better questions are things like does it build/work on vax > > (gcc2, no shared libs), does it work on "unusual" arch like hppa, etc. > > I agree, however I cannot help with the

Re: Unbound in base

On 2012/02/15 09:54, Gregory Edigarov wrote: > On Tue, 14 Feb 2012 15:48:49 -0500 > Brad Smith wrote: > > > On 14/02/12 3:17 PM, roberth wrote: > > > On Mon, 13 Feb 2012 22:35:15 +0100 > > > Bjvrn Ketelaars wrote: > > > > > >> How and when do we automatically generate unbound-control keys? if >

Re: Unbound in base

On Tue, 14 Feb 2012 15:48:49 -0500 Brad Smith wrote: > On 14/02/12 3:17 PM, roberth wrote: > > On Mon, 13 Feb 2012 22:35:15 +0100 > > Bjvrn Ketelaars wrote: > > > >> How and when do we automatically generate unbound-control keys? if > >> so, where should that be done? > > > > Simply don't bother

Re: Unbound in base

On Tue, 14 Feb 2012 15:49:37 -0500 Brad Smith wrote: > On 14/02/12 3:38 PM, Bjvrn Ketelaars wrote: > > On Tue, Feb 14, 2012 at 9:17 PM, roberth > > wrote: > >> On Mon, 13 Feb 2012 22:35:15 +0100 > >> Bjvrn Ketelaars wrote: > >> > >>> How and when do we automatically generate unbound-control keys

Re: Unbound in base

>> 2.) Testing (read: does it compile and work) on AMD64. > > amd64 is easy, better questions are things like does it build/work on vax > (gcc2, no shared libs), does it work on "unusual" arch like hppa, etc. I agree, however I cannot help with these arches as I do not have access to them. Anyone

Re: Unbound in base

On 14/02/12 3:38 PM, Bjvrn Ketelaars wrote: On Tue, Feb 14, 2012 at 9:17 PM, roberth wrote: On Mon, 13 Feb 2012 22:35:15 +0100 Bjvrn Ketelaars wrote: How and when do we automatically generate unbound-control keys? if so, where should that be done? Simply don't bother? rndc keys aren't setu

Re: Unbound in base

On 14/02/12 3:17 PM, roberth wrote: On Mon, 13 Feb 2012 22:35:15 +0100 Bjvrn Ketelaars wrote: How and when do we automatically generate unbound-control keys? if so, where should that be done? Simply don't bother? rndc keys aren't setup automagically either. The daemon will work just fine wit

Re: Unbound in base

On Tue, Feb 14, 2012 at 9:17 PM, roberth wrote: > On Mon, 13 Feb 2012 22:35:15 +0100 > Bjvrn Ketelaars wrote: > >> How and when do we automatically generate unbound-control keys? if >> so, where should that be done? > > Simply don't bother? > rndc keys aren't setup automagically either. > The dae

Re: Unbound in base

On Mon, 13 Feb 2012 22:35:15 +0100 Bjvrn Ketelaars wrote: > How and when do we automatically generate unbound-control keys? if > so, where should that be done? Simply don't bother? rndc keys aren't setup automagically either. The daemon will work just fine without it, let it be up to the admin w

Re: Unbound in base

* Peter van Oord van der Vlies [2012-02-14 09:11]: > Why replacing bind ? 1) because it's shit (yes yes vixie, the next release won't be written by drunken grad students and fix all design and implementation issues, we hear that since bind4 at least) 2) it's a dead end anyway - i have neve

Re: Unbound in base

On Tue, Feb 14, 2012 at 01:23:01PM +0400, Mo Libden wrote: > 14 QP5P2QP0P;Q 2012, 12:59 P>Q Gregory Edigarov : > > On Tue, 14 Feb 2012 08:09:16 + > > Peter van Oord van der Vlies wrote: > > > > > Hello, > > > > > > Why replacing bind ? > > > > Because bind is full of security related bugs a

Re: Unbound in base

On 2012 Feb 14 (Tue) at 13:23:01 +0400 (+0400), Mo Libden wrote: :14 QP5P2QP0P;Q 2012, 12:59 P>Q Gregory Edigarov : :> On Tue, 14 Feb 2012 08:09:16 + :> Peter van Oord van der Vlies wrote: :> :> > Hello, :> > :> > Why replacing bind ? :> :> Because bind is full of security related bugs and

Re[2]: Unbound in base

14 QP5P2QP0P;Q 2012, 12:59 P>Q Gregory Edigarov : > On Tue, 14 Feb 2012 08:09:16 + > Peter van Oord van der Vlies wrote: > > > Hello, > > > > Why replacing bind ? > > Because bind is full of security related bugs and a bloatware. Oh come on! They say about the same thing about sendmail f

Re: Unbound in base

2012/2/13 Stuart Henderson : ... >> After tar/gzip the source files and Makefile wrappers weigh ~4.6MB. A bit to >> large to send to this list. if anyone feels like looking at the workb&do not >> hesitate to mail me. > > Please do. It would be nice to put them on a public server. > WIP can be foun

Re: Unbound in base

elaars [mailto:bjorn.ketela...@hydroxide.nl] > Verzonden: Monday, February 13, 2012 10:35 PM > Aan: m...@openbsd.org > ; tech@openbsd.org > Onderwerp: Unbound in base > > Hello, > > After some recent discussions [1, 2] on the topic of unbound in base, > and (more importan

Re: Unbound in base

Hello, Why replacing bind ? Kind Regards Peter - Oorspronkelijk bericht - Van: Bjvrn Ketelaars [mailto:bjorn.ketela...@hydroxide.nl] Verzonden: Monday, February 13, 2012 10:35 PM Aan: m...@openbsd.org ; tech@openbsd.org Onderwerp: Unbound in base Hello, After some recent discussions

Re: Unbound in base

On 2012/02/13 22:35, Bjvrn Ketelaars wrote: > After some recent discussions [1, 2] on the topic of unbound in base, and > (more important) really liking the idea of an alternative for BIND in base, I > made a start with fitting the different pieces of the puzzle. What is > finished: &

Unbound in base

Hello, After some recent discussions [1, 2] on the topic of unbound in base, and (more important) really liking the idea of an alternative for BIND in base, I made a start with fitting the different pieces of the puzzle. What is finished: 1.) Integration of ldns 1.6.12 and unbound 1.4.15 and