Bug 237861

Summary: dns/bind914 Suggestion: enable dnstap in BIND by default
Product: Ports & Packages Reporter: Greg Rivers <gcr>
Component: Individual Port(s)Assignee: Mathieu Arnold <mat>
Status: New ---    
Severity: Affects Only Me CC: rene
Priority: --- Flags: bugzilla: maintainer-feedback? (mat)
Version: Latest   
Hardware: Any   
OS: Any   

Description Greg Rivers 2019-05-12 23:45:52 UTC
I'd like to suggest that dnstap should be enabled by default going forward, starting with bind914. Doing so would be a no-op for people who don't use it, since it has to be specifically enabled in the configuration. dnstap is much lighter weight than traditional query logging, so it benefits large and small systems alike. I suspect there may be quite a few people like me who would appreciate the ability to use dnstap without building our own packages and maintaining our own repos.

This would add a dependency on devel/fstrm and devel/protobuf-c, but both packages are tiny, and protobuf-c is a dependency of a number of other common ports.
Comment 1 Rene Ladan freebsd_committer 2020-04-30 11:03:58 UTC
Is this relevant for dns/bind916 too?
Comment 2 Greg Rivers 2020-04-30 15:19:25 UTC
(In reply to Rene Ladan from comment #1)
Yes, dnstap has been available in BIND since version 9.11. My suggestion is to enable dnstap by default in the port for the "stable" version of BIND starting with 9.14.

9.14 was the stable version when I opened this PR a year ago. 9.16 is the current stable version.