On Tue, Jan 30, 2001 at 08:04 +0100, Stefan Nauber wrote:
administration that makes me wish I had bind running. Serving zones, doing transfers, caching -- all's fine, fast and runs on low resources. What do I miss?
[ ... ]
Maybe it's complicated syntax or resource hogs? Complicated syntax with djbdns? Don't know what you are talking about :-)
When somebody wants to get it wrong, he can -- no matter how much I will effort in wording things. :> The above still was one of the "things I should miss?" items. And as I stated: running djbdns neither do I miss bind's insane syntax nor its resource consumption. While both programs would serve my basic needs, it's just that one of them is more complex and continuously causes problems I don't need in the first place. So I decided to use the light weight and easy one. And on top I got a secure and fast one. I guess that bind users might have reasons for using this software, be it simply being used to use it or real need in special cases. But speaking for the plain vanilla scenario of simply serving zones you own while doing transfers from and to other sites and caching for your LAN / customers I cannot see *any* valid reason why djbdns should miss something. It does all the average admin needs and does so _very_ well. For those readers interested in making up an opinion of their own instead of repeating what others say about "lacks, doesn't suffice" or "it's great, you just don't see" I only can repeat the suggestion of looking over http://cr.yp.to/ and setting up a test scenario. Since this is a security list I expect people to not believe everything others tell them but to check themselves to make sure ... :) Although chances are quite good that people will be horrified what they missed all the time and decide to move to djbdns ASAP, too. :> Triggered by the thread I went to the above site today and found the "ad" section with the "ease of use" document quite amusing. It absolutely covers personal experience. Take this and visit the http://www.isc.org/ site to see the list of security problems in the recent past only. I don't want to work hard to secure my machines and then walk in and open them up to the world by installing a bloated program for an essential service. The "not implemented functionality cannot be done wrong" approach is really convincing. And anything more than enough is just too much with regards to security. When in the need of setting up a DNS server, I'll always take the more secure one, please! And I've yet to see what should push me to using bind. And BTW have I looked at the dist.html file stating what distributors are allowed to do. I fail to see *any* point why any reasonable distribution should be disallowed. The foremost concern DJB states - cited from an ancient local doc - is "It is not acceptable to have DNScache working differently on different machines; any variation is a bug." If that's too hard a constraint (not satisfied with the fs layout? want to have nonfunctional software? want to have software not working as designed and advertised? want to search for and get mad about deviations between distros / platforms?), you seem to have other problems. But I haven't seen SuSE stating "we're not allowed to", it was just a "personal opinion" (I'm sure Kurt will correct me in case I'm wrong). Maybe somebody of the SuSE stuff will have a second look and draw his own conclusions? The "I'm interested in hearing about any CDs that include the package" reads like DJB can very well imagine to have his software in a distro ... virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you.