bind vs djbdns

Jim Reid jim at rfc1035.com
Wed Aug 30 23:42:52 UTC 2000


>>>>> "Dan" == D J Bernstein <75628121832146-bind at sublist.cr.yp.to> writes:

    Dan> It's interesting that the BIND company recently stopped
    Dan> providing TXT records for the RSS list because it was having
    Dan> trouble with the large zone file. The same amount of data is
    Dan> trivial to handle with rbldns.

I have no idea what you're talking about. Neither do you
apparently. Nominum - I presume that's who you mean by "the BIND
company" - does not operate the RSS list or have anything to do with
it. That's managed by an entirely different company, Mail Abuse
Prevention System LLC I believe. AFAIK no Nominum employees or
shareholders work for MAPS and vice versa. Oh and the standard zone
transfer mechanism works just fine with the .com zone which is around
2Gb in size. So if there have been problems with the RSS list, there
must be some other explanation, not the zone size. I suppose it's too
much to expect a retraction of your errors and an apology?

    Dan> But my question was a different one. Why exactly did you say
    Dan> ``roughly 90% of the world's name servers run BIND''? 

Because that's pretty much the reality today. Allowing a margin of
error for my fuzzy memory and the recently updated survey results. And
assuming you accept the in-addr.arpa survey as a representative
sampling of the world's name servers. Which you don't of course.

    Dan> Did you look up an old in-addr.arpa survey? Which one? Why didn't you
    Dan> look at the current one?

The figure of "around 90%" stuck in my mind from one of the earlier
in-addr.arpa surveys. I can't recall which one. I didn't look at the
current one because I couldn't be bothered to fire up a web browser
and go looking for it. Bill Manning kindly posted the URL and told us
his last results suggested ~80% of the name servers sampled were
BIND. I have already accepted that correction. And anyway, there's no
substantial difference between "~80%" and "roughly 90%": they both
signify an overwhelming majority. Continuing an angels on pinhead
discussion about this is a pointless waste of everyone's time. Just
accept those results, shut up and move on. Or if they really bug you,
find someone with no axe to grind who can do a better survey.

    Dan> Did you simply make up a number that you thought would sound good?

No.
    >> Why didn't you explicitly tell us whether djbdns supports
    >> DNSSEC, TSIG, IXFR and RRs for IPv6 or not?

    Dan> IPv6 records: I'm not sure whether you mean the obsolete AAAA
    Dan> records or the experimental A6 records. Anyway, as you
    Dan> already know, tinydns supports all record types.

I'll take that as a no. [You were supposed to give yes or no answers
to those questions, remember?] In this context "support" means more
than just having the ability to add the record types to a zone. I
presumed you'd realise that since you knew that I knew it was possible
to add arbitrary record types to your zone file format. Is your code
able to follow a chain of the new (standards track, not experimental)
A6 and DNAME records to resolve IPv6 addresses? That's what I mean by
support the IPv6 record types.

    Dan> DNSSEC: I already pointed you to
    Dan> http://cr.yp.to/djbdns/forgery.html.

So that's a no too.

    Dan> My top priority for djbdns is to implement an anti-forgery
    Dan> system that actually works.

DNSSEC works and is an IETF standard, not that you care about that.

    Dan> TSIG and IXFR: For replication, ssh and rsync do a much
    Dan> better job.

So that's a no too. You don't implement these DNS standards either.

    Dan> I don't think I've had even one request for TSIG
    Dan> or IXFR from my users.

That probably speaks volumes about your users and their attitudes to
openly interoperable standards. I wonder why? :-)




More information about the bind-users mailing list