Maintained by: NLnet Labs

[Unbound-users] Unbound release 1.4.12

lst_hoe02 at kwsoft.de
Mon Jul 18 17:31:22 CEST 2011


Zitat von Gábor Lénárt <lgb at lgb.hu>:

> Hi,
>
> On Mon, Jul 18, 2011 at 10:11:43AM -0400, Paul Wouters wrote:
>> On Mon, 18 Jul 2011, lst_hoe02 at kwsoft.de wrote:
>>
>> >May i ask if it is really needed to exclude ldns from tarball? It
>> >was really handy to not download yet-another-tarball have a look
>> >at the checksums and move it to the right destination, than do
>> >configure/make for the libs and start over with unbound again. How
>> >many people actually need it to be excluded?
>>
>> see many discussions here in the last. The debian and fedora maintainers
>> both asks for it to be decoupled, as the tar ball copy inside unbound is
>> confusing and can sometimes accidentally get linked by unbound if the
>> ldns dev/devel package is not installed. Staticly linked libraries on
>> systems are not good. If you think you have ldns 1.6.10 but unbound had
>> been statically linked to 1.6.9, you might have a security issue.....
>>
>> Also, not every unbound requires a new ldns.
>>
>> And of course, people use ldns and ldns-python without unbound.
>
> I can be wrong here, but as far as I know unbound only used the "built-in"
> ldns only if the specific configure option was used and it was not the
> default (if I am wrong, it can be done to a non-default option, so it would
> be used _only_ if someone is sure that they requested it at the time of
> running ./configure). So I can't see why it can cause problems that unbound
> provides the usage of built-in ldns and only if it is requested by the
> person who compiles it. Debian/fedora maintainers should only not use the
> --with-ldns-builtin switch of ./configure, it's simply that. Or did I miss
> something here? Now, I have to compile ldns too, because the LTS version of
> Ubuntu Server does not have the "recent enough" libldns package. So for me
> (and maybe for many people) this is just a disadvantage. Not everybody uses
> "bleeding edge" distributions, I prefer more stable ones, that's why I am
> using LTS versions of Ubuntu, for example. I think it's a must in a
> sensitive environment, where stability is important (still, I may use
> newer softwares, but I prefer to have as many packages/softwares from a
> "stable" OS repository - like LTS/Ubuntu - as possible, and only compile a
> single software by hand, which is the "heart" of the service the server
> is created for. So I have a solid architecture I can build on).
>
> Anyway, it's not my decision, and for sure I have no intent to start a flame
> about this topic. If it's decided to be this way, it will be, period.
>
> However, I am still having problems to get the "old behaviour". How can I
> compile unbound to link against libldns statically? I couldn't figure out
> without ugly hacks (see my previous mail), it seems even
> "--enable-static-exe" does not work (and also it sounds a bit "dangerous"
> when help of the configure script talks about "for debug purposes"), ldns
> is still linked dynamically, at least output of ldd on unbound binary
> shows libldns too.

Me too!!
The systems i use Unbound don't have libldns from the OS packages at  
all because nothing is using it there. So without  
--with-libldns-builtin my options are:
- Install ldns from source with bad things happen if one day another  
application is using ldns from the OS
- Install ldns from the distribution but this are way too old on many  
systems (1.2.1 on Ubuntu 8.04 LTS)
- Try to hack around and get the old behaviour :-(
- Stick with Unbound provided from the distribution :-(

Regards

Andreas