bind and certbot with dns-challenge
Stephan von Krawczynski
skraw.ml at ithnet.com
Sun Mar 17 11:13:31 UTC 2019
Hello all,
I am using "BIND 9.13.7 (Development Release) <id:6491691>" on arch linux. Up
to few days ago everything was fine using "certbot renew". I had
"allow-update" in nameds' global section, everything worked well. Updating to
the above version threw a config error that "allow-update" has no global scope
and is to be used in every single zone definition.
And this brought me here with one question: why is it that bind/named does not
evolve to a really useable nameserver for the most use-cases _today_, but
instead gets more unusable with every new release?
I mean, sure you can use it perfectly, only not good if hosting hundreds or
thousands domains - only this small change I just described lets your config
file grow massively -, only not good if you want to implement something like
blacklists, not good for an adblocker and so on.
But all that would be dead easy to do, iff really wanted.
So why is it, that there is no global way of defining default zone
definitions which are only overriden by the actual zone definition?
Why is there no way to define a hosts-type-of-file with an URL-to-IP list?
Do you really want people to define 50.000 zones to perform adblocking?
Configs have to be reloaded every now and then, is there really no idea how to
shorten things a bit?
Don't get me wrong, bind is great (ok, collapsing during runtime since last 2
updates, but ...).
Nevertheless there are some things that can be enhanced quite a bit.
--
Regards,
Stephan von Krawczynski
More information about the bind-users
mailing list