BIND vs DNS Commander
Brad Knowles
brad.knowles at skynet.be
Mon Apr 16 23:20:31 UTC 2001
At 5:12 PM +0000 4/16/01, Frederic Faure wrote:
> Let me add that you might want to look at djbDNS as an alternative to
> BIND. Its configuration file is much easier. Not sure it if handles
> W2K's SRV records, though.
I don't really want to get into a flamewar here, but Dan's stuff
violates the standard, and can't handle things like a split-horizon
DNS, IPv6, IPSEC, TSIG, or much of anything else.
I agree with the concept of splitting the functions of
"advertised/authoritative/non-recursive/non-caching" from
"unadvertised/non-authoritative/recursive/caching" nameservices and
indeed I've been recommending that you split these functions onto
separate machines for many years (since long before Dan decided to
write qmail, djbdns, or much of anything else), but I don't agree
that the best way to achieve this goal is to have physically separate
code bases from which to work.
Moreover, I do not believe that you can just arbitrarily decide
to ignore certain parts of the standard if you feel that you don't
like them, and this is precisely what Dan has done.
Finally, I do not believe that you should be trusting your
systems to code that Dan defines to be secure simply because he says
so, and whenever someone identifies a flaw in one of his programs he
says things like "works as designed", or otherwise does whatever it
takes to avoid calling that flaw a "bug". Real programmers
acknowledge real bugs, and then work to fix them.
I recommend avoiding much of anything written by Dan until such
time as he decides that he's going to start playing nice according to
the rules, and decides to work within the framework of the system
(and yes, that framework includes rules on how to change the system
itself if you feel that such is necessary).
Oh, I also don't believe in obscuring your e-mail address to try
to reduce spam, because frankly it just doesn't work (spammers really
are smart enough to be able to strip out all upper-case characters in
an address that is otherwise all lower-case).
Moreover, it is the height of bad manners to intentionally
obscure your e-mail address in this kind of pointless manner and then
post to a newsgroup that is gatewayed to a well-known mailing list,
because this just makes it harder for people on the mailing list side
to respond to the author.
--
Brad Knowles, <brad.knowles at skynet.be>
/* efdtt.c Author: Charles M. Hannum <root at ihack.net> */
/* Represented as 1045 digit prime number by Phil Carmody */
/* Prime as DNS cname chain by Roy Arends and Walter Belgers */
/* */
/* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
/* where title-key = "153 2 8 105 225" or other similar 5-byte key */
dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'
More information about the bind-users
mailing list