Bug 217870

Summary: dns/samba-nsupdate supersede/replace port with dns/bind-tools
Product: Ports & Packages Reporter: Michael Osipov <michael.osipov>
Component: Individual Port(s)Assignee: freebsd-ports-bugs (Nobody) <ports-bugs>
Status: Closed Overcome By Events    
Severity: Affects Many People CC: mat, rakuco, timur, w.schwarzenfeld
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   

Description Michael Osipov 2017-03-17 14:51:29 UTC 
1. Bind 9.8.x has reached its EOL back in 2014-09
2. It does not configure and compile with security/krb5 (#181696 and #206454)
3. dns/bind-tools is based off Bind 9.11 (most recent) and includes nsupdate with GSS-TSIG support

There is no need to maintain this port anymore, it can safely be replaced with dns/bind-tools
Comment 1 Timur I. Bakeyev freebsd_committer freebsd_triage 2017-03-27 23:04:19 UTC 
(In reply to Michael Osipov from comment #0)

I would be glad to use bind-tools instead of samba-nsupdate, but, unfortunately, by default they are build without any Kerbero5 support, hence no signing of the requests.

I guess, samba-nsupdate should be updated to use same setup as bind-tools, but enforce system-wide Heimdal kerberos, leaving other options to the port builders.

And we need cooperation from the bind* port maintainer.
Comment 2 Mathieu Arnold freebsd_committer freebsd_triage 2017-03-28 08:40:55 UTC 
You can just create it as a SLAVE port of dns/bind-tools, enabling kerberos as you go.
Comment 3 Michael Osipov 2017-03-28 09:28:35 UTC 
(In reply to Timur I. Bakeyev from comment #1)

I am confused: you can select (make config) your GSS-API flavor. Doesn't this do for you?
Comment 4 Walter Schwarzenfeld 2018-01-12 03:54:31 UTC 
Any advance here?
Comment 5 Timur I. Bakeyev freebsd_committer freebsd_triage 2018-01-12 04:31:40 UTC 
(In reply to Michael Osipov from comment #3)

You have to do that manually. That absolutelly not what I/we/end user want(s).

Maybe there is a python alternative to nsupdate with signing enabled, need to check for that. Otherwise we stick to this "solution".
Comment 6 Michael Osipov 2018-01-13 10:21:14 UTC 
(In reply to Timur I. Bakeyev from comment #5)

I do use GSS-TSIG with Active Directory too but I don't see the issue calling 'make config'. Why not request to have Heimdal base to be on by default?
Comment 7 Timur I. Bakeyev freebsd_committer freebsd_triage 2019-01-31 22:05:14 UTC 
samba-nsupdate was updated to the latest bind version. Should be enough for a while.