bind and certbot with dns-challenge
Stephan von Krawczynski
skraw.ml at ithnet.com
Sun Mar 17 14:35:41 UTC 2019
On Sun, 17 Mar 2019 12:40:35 +0100
Reindl Harald <h.reindl at thelounge.net> wrote:
> Am 17.03.19 um 12:13 schrieb Stephan von Krawczynski:
> > So why is it, that there is no global way of defining default zone
> > definitions which are only overriden by the actual zone definition?
>
> maybe because it brings a ton of troubles and whoever deals with more
> than 5 zones has automatic config management in place anyways?
If you don't want to follow the positive way (how about a nice additional
feature), then please accept the negative way: someone broke the config
semantics by implementing a zone based-only "allow update". This option worked
globally before (too), so we can assume it is in fact broken now.
Can someone please point me to the discussion about this incompatible change?
> > Why is there no way to define a hosts-type-of-file with an URL-to-IP list?
> > Do you really want people to define 50.000 zones to perform adblocking?
>
> no, just use the right tool for the task, this don't fit into the domain
> concept of named and hence you have dnsmasq and rbldnsd to step into
> that niche
In todays' internet this is no niche any more. And the right tool means mostly
"yet-another-host" because you then need at least a cascade of two, one for
dnsmasq and one for bind/named. A lot of overhead for quite a simple task...
> > Configs have to be reloaded every now and then, is there really no idea
> > how to shorten things a bit?
>
> ??
Shorter config = shorter load time. The semantic change of "allow update" alone
leaves every setup with 1000 domains in a situation where 999 config statments
more have to be read, interpreted and configured - just to end up in the same
runtime setup. It is really very obvious that this is only done by
ideologists, not technical oriented people.
--
Regards,
Stephan von Krawczynski
More information about the bind-users
mailing list