On Sat, Jul 07, 2001 at 12:09:24AM -0700, likot wrote:
> --- "Miguel A.L. Paraz" <[EMAIL PROTECTED]> wrote:
> > djbdns is too limited for a full-featured DNS server
> > based on the spec
>
> limited in what form? an example would shed a light on here
The only thing that comes into mind is transaction security and other
crypto extensions to DNS. On the other hand, I don't use these right
now but I plan to use the signed zone transfers and resolver queries to
prevent spoofing.
> > sheet. I also don't like djb's approach to things,
> > they are too different
> > from the 'norm.'
>
> diff. from the norm? isn't the word normal differs
> from people to people, it's a matter of getting used
> to ( i.e. i found djbdns easier to use :) but then again
> maybe you find bind easier :) )
Well I admit that BIND is the norm for me because I've been using it
for years and I haven't had the chance to personally study the alternatives.
Teach us then :)
> confident in the rigorious rewrite fro scratch :)
>
> quoted from http://cr.yp.to/djbdns/ad/unbind.html
>
> But BIND 9 isn't right. It crashes even more often
> than BIND 8 does. There are hundreds of bugs listed in
> the 9.1.0rc1 CHANGES file. Many of these are serious
> reliability problems; for example, ``dns_zone_dump()
> overwrote existing zone files rather than writing to a
> temporary file and renaming'' means that a temporary
> power outage can destroy addresses. Some of the bugs,
> just like some of the BIND 8 bugs described on the
> BIND company's ``BIND security'' web page, allow
> anyone on the Internet to disable BIND with a single
> packet. It's just a matter of time before someone sees
> how one of these BIND 9 bugs opens up a security hole
Well in my experience BIND 9.1 has been running smoothly.
> This is not flamebait this is a discussion (not even
> an arguement - arguements leads to nothing but fight)
Indeed, well, it's good you bring these up so that PLUG folks
would get a chance to try out djbdns. I could, but it's nontrivial
with our setup.
> put aside DJB's ego and his flames and put your
> thoughts on his work ( people tend to shy away from
> his work because of his ego )
Actually, I have no problems with his ego or his person. It's just that
I've seen a whole of DJB ware that require you to subscribe to his philosophy
of how Unix tools should work. (e.g. to install qmail you need his package X
and Y instead). This is opposed to say, Postfix, another MTA written from
scratch, but with painless configuration in mind.
If you're a hobbyist or have a small system to maintain, you can afford to
spend a lot of time to tweak your setup. On a production system with
lots of paying customers, ease of use, maintenance, and trainability for new
staff comes into play.
Sometimes, you just have to measure the cost of being hacked * the probability
vs the cost of implementing new ware. That's Management 101 for us free
software users.
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
