NDC vs. kill -HUP

Michael Kohne mhkohne at discordia.org
Fri Aug 18 13:57:25 UTC 2000 

At 01:44 AM 8/18/00 +0100, Jim Reid wrote:
>>>>>> "Mark" == Cinense, Mark <macinen at sandia.gov> writes:
>
>    Mark> Can anyone tell me the pros' and cons' of ndc versus using
>    Mark> kill -HUP.  thanks....
>
>Using signals to "control" the name server is crude and old-fashioned.
>The interface provided by ndc is far more flexible: like allowing
>incremental zone reloads or re-reading the config file without loading
>every zone on the server. Another benefit of ndc is that it can allow
>the name server to be controlled by a different UID from the one that
>runs named. All that takes is suitable access permissions on the
>control socket used by the server and ndc. Another problem with the
>signals interface is that some signals have different effects on
>different versions of BIND.
>
>FWIW, BIND9 has rndc which is able to control a remote name server.
>
>Using signals to get the name server to do things is as obsolete and
>as as BIND4.

I'm sorry, I just had to respond to Jim on this one. 
Yes, signals are a little broad, and I guess you could say they are
'crude', but in reality, it's just not very fine grained. If you run 
nameservers that only have one or two zones (as I do) what is the 
benefit of more fine grained control? I edit my named configs perhaps
once quarterly - why should I bother with something like ndc, which 
adds complexity (and therefore risk) to my systems, and gives me 
almost nothing in return?

I guess what really triggered this message is that you called
signals 'old-fashined'. I'm sorry, but I want my systems to run,
not be fashionable. And I don't like being called old-fashioned 
just because I don't grab every new and (for me) inappropriate 
tool that comes along. 

If Mark has more than a few zones or changes them daily, then 
ndc is probably valuable. Otherwise, why bother? It's just one more
thing that might develop into a security hole. 

Sorry if I'm offended anyone, but for some reason this really 
ticked me off. 


Michael Kohne
mhkohne at discordia.org
"Evolution is God's version of Domino Rally"

More information about the bind-users mailing list