Summary: | dns/bind914 Suggestion: enable dnstap in BIND by default | ||
---|---|---|---|
Product: | Ports & Packages | Reporter: | Greg Rivers <gcr> |
Component: | Individual Port(s) | Assignee: | Mathieu Arnold <mat> |
Status: | Closed FIXED | ||
Severity: | Affects Only Me | CC: | freebsd, rene |
Priority: | --- | Flags: | bugzilla:
maintainer-feedback?
(mat) |
Version: | Latest | ||
Hardware: | Any | ||
OS: | Any |
Description
Greg Rivers
2019-05-12 23:45:52 UTC
Is this relevant for dns/bind916 too? (In reply to Rene Ladan from comment #1) Yes, dnstap has been available in BIND since version 9.11. My suggestion is to enable dnstap by default in the port for the "stable" version of BIND starting with 9.14. 9.14 was the stable version when I opened this PR a year ago. 9.16 is the current stable version. Looking at the current dns/bind916 I think it's perfect now; keep it simple & small unless you really want to have it. Is having this in make.conf not a good enough solution for you? dns_bind916_SET= DNSTAP (if so than I guess this PR can be closed). (In reply to Leo Vandewoestijne from comment #3) Of course I've been building BIND from the port with the dnstap option enabled. But it would be nice if I didn't have to. This request is to change the default options for the port. I explained my rationale for this when I opened this PR. The default options for any port are not intended to minimize features, rather they are set to provide the features and capabilities that satisfy the most people. Doing so allows the most people to use the project pkg repo to install from binary packages instead of having to build custom versions from source. My assertion is the having dnstap compiled by default will benefit the most people. dnstap is lighter weight and provides more information than standard query logging. dnstap must be explicitly enabled in the configuration, so people who don't know or care about it can ignore it. But it can't be enabled in the configuration unless named is compiled for it. I see this the opposite way from what you suggested: people who specifically do not want dnstap can easily BIND from source with the dnstap option disabled. I think they are in the minority. One more data point: ISC provide binary packages for BIND on Linux (<https://kb.isc.org/docs/isc-packages-for-bind-9>). All of ISC's packages are built with dnstap enabled. (In reply to Greg Rivers from comment #4) > Doing so allows the most people to use the project pkg repo to install from binary packages > instead of having to build custom versions from source. > Aha, OK, that's a valid argument - and those who don't could UNSET it. (In reply to Leo Vandewoestijne from comment #5) (In reply to Leo Vandewoestijne from comment #5) Thanks for your consideration. A commit references this bug: Author: mat Date: Wed Aug 26 13:32:29 UTC 2020 New revision: 546283 URL: https://svnweb.freebsd.org/changeset/ports/546283 Log: Enabled DNSTAP by default. The ISC recommends having it by default (it is in the packages they distribute) and the footprint of the dependecies is very small. While there, cleanup plists. PR: 237861 Reported by: Greg Rivers Changes: head/dns/bind-tools/pkg-plist head/dns/bind-tools/pkg-plist-devel head/dns/bind9-devel/Makefile head/dns/bind9-devel/pkg-plist head/dns/bind911/Makefile head/dns/bind916/Makefile head/dns/bind916/pkg-plist |