Re: No more support for windows - Yay
On Sat, 5 Jun 2021, Reindl Harald wrote: besides that - i didn't hear a serious reasoning for a native named binary on windows these days and given there are tons of ways running a linux binary compared to 20 years ago i call it a waste of time * more complex code implies more errors some errors being security-related, which in the case of BIND servers used by MANY users is a very bad situation. Furthermore, are there even any 'important' Windows primary servers, that serve the open internet or many users (authoritative or resolving) - but rather only serve closed/internal private or commercial interests? If some entity is already wasting money on MS software and licenses and BIND is important to them, then they should also support development and pay for support just like they pay MS. I do believe ISC should be more clear about the intended platforms for BIND. It's not a crime to not support one corporation's specific and different platform. Brett ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: No more support for windows
Am 05.06.21 um 19:15 schrieb Ondřej Surý: Folks, I would appreciate if we can say on the topic. Specifically, I consider this rhetorical discussion on the meaning of the word “portable” neither useful to the subscribers of this list nor productive. besides that - i didn't hear a serious reasoning for a native named binary on windows these days and given there are tons of ways running a linux binary compared to 20 years ago i call it a waste of time * it eats time better invested * it makes code more complex * more complex code implies more errors ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: No more support for windows
Folks, I would appreciate if we can say on the topic. Specifically, I consider this rhetorical discussion on the meaning of the word “portable” neither useful to the subscribers of this list nor productive. Thanks, -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 5. 6. 2021, at 18:38, Paul Kosinski via bind-users > wrote: > > On Fri, 4 Jun 2021 13:58:40 -0700 > Gregory Sloop wrote: > >> This feels a lot like responding to trolls, but I'll instead assume that >> you're asking (or making a point) in good faith. >> >> So, we'll stipulate that - you're actually interested in truth and knowledge. >> >> So, it's easily compiled on Mac, Unix, FreeBSD, Linux, SunOS, RaspPi, etc. >> And it compiles on a huge range of hardware, CPU's etc. >> >> I'd consider that highly portable. > > > I'd consider it moderately portable. > > Among Open Source software, I'd consider the following highly portable: > Firefox, Chromium, LibreOffice, Thunderbird, Claws-Mail, Scribus, Inkscape, > Gimp, Krita, VLC, QT(!) and who knows how many others that run on Unix-like > systems *and* on Windows. > > And among closed source software, Chrome is obviously highly portable (by > Google), and Acrobat Reader and Flash (RIP) are highly portable (by Adobe). > > P.S. I am not a fan of Windows, but it is widespread, and many people even > use it for Internet servers. > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: No more support for windows
On Fri, 4 Jun 2021 13:58:40 -0700 Gregory Sloop wrote: > This feels a lot like responding to trolls, but I'll instead assume that > you're asking (or making a point) in good faith. > > So, we'll stipulate that - you're actually interested in truth and knowledge. > > So, it's easily compiled on Mac, Unix, FreeBSD, Linux, SunOS, RaspPi, etc. > And it compiles on a huge range of hardware, CPU's etc. > > I'd consider that highly portable. I'd consider it moderately portable. Among Open Source software, I'd consider the following highly portable: Firefox, Chromium, LibreOffice, Thunderbird, Claws-Mail, Scribus, Inkscape, Gimp, Krita, VLC, QT(!) and who knows how many others that run on Unix-like systems *and* on Windows. And among closed source software, Chrome is obviously highly portable (by Google), and Acrobat Reader and Flash (RIP) are highly portable (by Adobe). P.S. I am not a fan of Windows, but it is widespread, and many people even use it for Internet servers. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: No more support for windows
> Peter, > > > do you seriously think that this word play is going to help the BIND 9 > support for Windows? So, I am asking you, what’s your serious > proposal what should we do? > You may regard it as a word play but I am being very serious indeed. I have looked high up and low down for a definition of what BIND is and what it does and the most specific and succinct one I could find is the one which I quoted. If it was a true definintion of BIND, I would be very pleased because I would have found exactly what I was looking for. My serious proposal on what you should do now is that you should come up with a proper description/definition of BIND which considers carefully whether it should be described as "highly portable" or whether it it would be more accurately described as closely wedded to the Unix world and likely to become increasingly difficult to use anywhere outside this world as time goes forward. How can people know whether they want to contribute to something if there is no clear and accurate definition of what it the something is or if at best the definition means different things to different people? Is it not in everybody's interest that we all know exactly what we are talking about? (For the record, I personally have no interest in BIND 9 support specifically for Windows.) > > I’ve had asked if people are willing to invest time, effort or money > into keeping the Windows support alive. I would rather accept an > external contributor with a commitment rather than just a fat cheque, > because Windows support isn’t really something we are putting our > heart in. > My point is that if BIND is "highly portable", a contributor's heart would be in making it making it work on a wide variety of platforms, not on making it work a specific platform that they have a particular interest in. > > The ISC is working on improving BIND 9 day and night (in fact, it’s > almost 11pm here), and we are spread thin, and we have to prioritise. > And if I had to answer the question whether I and my team should > spend time improving BIND 9 just for everybody or invest the precious > time into fixing yet another incompatibility between POSIX/SUSv2 and > Windows world, I think the answer would be always: Let’s improve > things for majority of our users. It’s just simple as that. > If this is the way you want to go, why not declare that that BIND is for Unix-like systems and systems that can emulate this environment only and have people who want this get behind it? Why the pretence that it is "highly portable" and that it could be used satisfactorily in a very different environment such as Windows without generating difficulty and conflict? Then I can be on my way as there is nothing further to interest me here. I'm sorry that this probably does not seem helpful to the people who would rather the BIND 9 for Windows situation to continue as it has been but at least it may be clearer to them as to why they are in the situation they are in. Regards, Peter Coghlan > > Ondrej > -- > Ondřej Surý (He/Him) > ond...@isc.org > >> On 4. 6. 2021, at 20:37, Peter Coghlan wrote: >> >> What I find ironic is that here: >> >> https://gitlab.isc.org/isc-projects/bind9/-/blob/main/README.md >> >> the very first line says: >> >> "BIND (Berkeley Internet Name Domain) is a complete, highly portable >> implementation of the Domain Name System (DNS) protocol." >> >> If this were truly the case, BIND would work on Windows (or any other >> platform that doesn't have a "u" in it's name) with minimal effort >> and would not require specific funding to adapt it to any particular >> platform. >> >> Can we please have a realistic definition of what BIND is and what >> it's objectives are? >> >> I for one would be more likely to contribute to the development of >> a non-platform-specific, portable BIND than a single-platform-specific >> one. >> >> On the other hand, if it has already been decided that BIND can only >> realistically be implemented in the *u* arena and will rely on >> facilities only available in this arena, then shouldn't this be stated >> clearly instead of also declaring that it is highly portable? >> >> Regards, >> Peter Coghlan. >> >>> >>> Do you understand how ironic is for you to complain about “subscription is >>> not going to happen” while **every** email on the mailing list has this >>> note in the footer: >>> >>> ISC funds the development of this software with paid support subscriptions. >>> Contact us at https://www.isc.org/contact/ for more information. >>> >>> -- >>> Ondřej Surý — ISC (He/Him) >>> >>> My working hours and your working hours may be different. Please do not >>> feel obligated to reply outside your normal working hours. >>> On 4. 6. 2021, at 19:47, Peter via bind-users wrote: On 04/06/2021 6:05 pm, John Thurston wrote: > >> On 6/4/2021 8:48 AM, Peter via bind-users wrote: >> When people find out2024 is the year bind is no longer
RE: named reload and HTTPS certs
Hi Eric, When I initially looked at this I was using “rndc reload” whenever changing the the cert. Artem Boldariev (Lead Developer for DoH at the ISC) suggested that actually “rndc reconfig” would be the better way to do this since we only need named to re-read the config file, we *do not* need it to needlessly re-read the zone files if they haven’t been changed. You can confirm this by running the following command against your BIND DoH server (obviously replace “your.server.net” with your name server’s FQDN): $ openssl s_client -showcerts -connect your.server.net:443 Now edit named.conf.options to reference a different certificate, and then run “rndc reconfig” Run the openssl command again and you will see that the certificate has indeed changed to the new one you specified in named.conf.options. Best, Richard. From: bind-users On Behalf Of Eric Germann via bind-users Sent: 05 June 2021 3:00 am To: bind-users@lists.isc.org Subject: named reload and HTTPS certs There’s been some great discussion lately on enabling DoH with LetsEncrypt certs. My question is this: If I renew the cert while named is running and do a reload on it, is that enough to pick up the new certs or do I need to stop/start the named process? Basically, does reload only reload the zones or the entire config and subordinate files? Thanks --- Eric Germann ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com LinkedIn: https://www.linkedin.com/in/ericgermann Twitter: @ekgermann Telegram || Signal || Phone +1 {dash} 419 {dash} 513 {dash} 0712 GPG Fingerprint: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1 signature.asc Description: Message signed with OpenPGP.asc ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users