One Domain; Multiple IPs.
D. J. Bernstein
75628121832146-bind at sublist.cr.yp.to
Tue Jul 17 08:40:39 UTC 2001
Brad Knowles writes:
> Dependance on mechanisms outside of AXFR/IXFR to synchronize masters
> and slaves is just about the worst possible idea I have ever heard of.
> IMO, this is certainly one of the worst mis-features of djbdns.
djbdns supports rsync+ssh. djbdns _also_ supports zone transfers. Brad
has repeatedly been informed that his claims to the contrary are false.
As for the relative merits of zone transfers and rsync+ssh, let's look
at what these protocols mean for the system administrator:
BIND zone transfers rsync over ssh
------------------- --------------
Zones added automatically No Yes
Views handled automatically No Yes
Replication soon Yes: NOTIFY Yes
... which means now No: BIND delays NOTIFY Yes
Success reported locally No Yes
Errors reported locally No Yes
Compressed transfers No Yes
Incremental transfers Yes: IXFR* Yes
... of data added by hand No Yes
... or by common web tools No Yes
Encrypted transfers No Yes
Authenticated transfers Yes: TSIG* Yes
Usable for other services No Yes
* The latest IXFR and TSIG implementations are supposedly free of the
bugs that caused crashes, data corruption, and root exploits in previous
versions of BIND. Or maybe not; see Paul Vixie's quote predicting more
``security related or otherwise critical'' bugs in BIND.
---Dan
More information about the bind-users
mailing list