BIND vs DNS Commander

Brad Knowles brad.knowles at skynet.be
Mon Apr 16 23:20:31 UTC 2001 

At 5:12 PM +0000 4/16/01, Frederic Faure wrote:

>  Let me add that you might want to look at djbDNS as an alternative to
>  BIND. Its configuration file is much easier. Not sure it if handles
>  W2K's SRV records, though.

	I don't really want to get into a flamewar here, but Dan's stuff 
violates the standard, and can't handle things like a split-horizon 
DNS, IPv6, IPSEC, TSIG, or much of anything else.


	I agree with the concept of splitting the functions of 
"advertised/authoritative/non-recursive/non-caching" from 
"unadvertised/non-authoritative/recursive/caching" nameservices and 
indeed I've been recommending that you split these functions onto 
separate machines for many years (since long before Dan decided to 
write qmail, djbdns, or much of anything else), but I don't agree 
that the best way to achieve this goal is to have physically separate 
code bases from which to work.

	Moreover, I do not believe that you can just arbitrarily decide 
to ignore certain parts of the standard if you feel that you don't 
like them, and this is precisely what Dan has done.

	Finally, I do not believe that you should be trusting your 
systems to code that Dan defines to be secure simply because he says 
so, and whenever someone identifies a flaw in one of his programs he 
says things like "works as designed", or otherwise does whatever it 
takes to avoid calling that flaw a "bug".  Real programmers 
acknowledge real bugs, and then work to fix them.


	I recommend avoiding much of anything written by Dan until such 
time as he decides that he's going to start playing nice according to 
the rules, and decides to work within the framework of the system 
(and yes, that framework includes rules on how to change the system 
itself if you feel that such is necessary).



	Oh, I also don't believe in obscuring your e-mail address to try 
to reduce spam, because frankly it just doesn't work (spammers really 
are smart enough to be able to strip out all upper-case characters in 
an address that is otherwise all lower-case).

	Moreover, it is the height of bad manners to intentionally 
obscure your e-mail address in this kind of pointless manner and then 
post to a newsgroup that is gatewayed to a well-known mailing list, 
because this just makes it harder for people on the mailing list side 
to respond to the author.

-- 
Brad Knowles, <brad.knowles at skynet.be>

/*        efdtt.c  Author:  Charles M. Hannum <root at ihack.net>          */
/*       Represented as 1045 digit prime number by Phil Carmody         */
/*     Prime as DNS cname chain by Roy Arends and Walter Belgers        */
/*                                                                      */
/*     Usage is:  cat title-key scrambled.vob | efdtt >clear.vob        */
/*   where title-key = "153 2 8 105 225" or other similar 5-byte key    */

dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'

More information about the bind-users mailing list