bind 8.2.4: limiting used memory?

Michael Kjorling michael at kjorling.com
Thu Aug 9 11:36:30 UTC 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Aug 9 2001 02:18 -0000, D. J. Bernstein wrote:

> Michael Kjorling writes:
> > I am sure there are some occassions when djbdns, dnscache etc. are
> > doing better than BIND.
>
> Those occasions being ``new domains'' and ``upgraded domains.'' The
> alpha dnscache release was in December 1999; the 1.00 release was in
> March 2000; djbdns now handles millions of second-level domains.

I am not sure I can quite follow you here. ``New domains'' is a term
that I am OK with (newly registered SLDs), but what do you mean with
``upgraded domains''?


> The main reason that BIND is so common is that it was, for many years,
> the only server available. BIND 4 is much more common than BIND 9!

And how does BIND 8 place itself in that statistics? And compared to
djbdns?

The reason BIND 4 is more common than BIND 9 (and would you please
show some numbers to support that claim? Off your web site,
preferably) might have something to do with the fact that BIND 9 is
still undergoing heavy development and does not have all the features
that people might actually _need_? It has what I need, so I am using
it. If others need some feature or the proven stability that are still
only available in the BIND 8.x tree, they are free to run BIND 8 as
far as I am concerned. I don't care what DNS server people are using
as long as it is standards compliant and works.


> > 95% (was it Brad Knowles who cited that number?)
>
> Yes, it was Brad Knowles who invented that number. For more of his
> favorite fabrications, see http://cr.yp.to/surveys/sendmail.html.

Don't put words in my mouth. I said `cited', not `invented'. Besides,
the exact number does not matter - you have said yourself that a
significantly higher portion of the name servers are running BIND than
those that could _possibly_ be running djbdns.

Instead of jumping at Brad perhaps you could have chosed to answer my
real question instead?


> > I followed the installation instructions for qmail 1.03
>
> Obviously not. The situation you described wouldn't have happened if you
> had run config or config-fast, as the instructions told you to do.

Well, _sorry_, but I did read the instructions. I did follow them. I
did run `config'. It only happens to be that the DNS name of my
computer does not match the domain I typically use for e-mail.


> I realize that the qmail installation instructions take several minutes
> to read. The djbdns (and forthcoming qmail 2) installation instructions
> are much shorter.

That is, much harder to actually understand.

I might be wrong on this, but I think you included a 14-step
installation procedure for qmail (or actually, migration from sendmail
to qmail). One of those steps was to run config. I followed those
instructions, period. And ended up with a system which kept rejecting
my mail.


> > I don't remember qmail doing that, but I remember being annoyed at the
> > extremely limited Received: header information it provided
>
> More evidence that you didn't follow the installation instructions. The
> function of tcp-env in inetd.conf is to supply all that information to
> qmail-smtpd.

So qmail isn't smart enough to figure out from where a connection
originates itself? Phew. Most other programs can actually do that.

First of all I did follow the installation instructions. Second, if
you write your programs so that they are completely dependant on other
programs to do their job properly (be it djbdns, qmail or anything
else), perhaps you should rethink your strategy?


> One of the reasons that djbdns's installation is so streamlined is that
> the new tools it relies upon---supervise, tcpserver, etc.---are much
> better suited for automation than boot scripts, inetd.conf, etc.

Really? I have a /etc/rc.d/init.d/sendmail script which takes care of
starting sendmail with the appropriate permissions and options (set in
/etc/sysconfig/sendmail, but I could just as well source up some other
file). Then there is the /etc/mail directory which contains all of
Sendmail's configuration files. In /etc/rc.d/rc*.d, I have the
appropriate symlinks to ../init.d/sendmail - to either start or stop
it, depending on what runlevel I am going into. Once started, it runs
completely independently of anything, including inetd. And so does
BIND; using inetd for such a job (spawning a new copy of named for
every incoming request) would be _awfully_ ineffective. On large sites
it would probably cause your DNS quieries to time out before BIND has
had a chance to load all the zones.


> > And of course I can get in touch with Nominum - the people who are
> > actually _writing_ and _maintaining_ BIND, and purchase a support
> > contract that fits my needs for the moment.
>
> Right. Nominum can devote its resources to this continuing source of
> income, instead of making BIND easier to use. Meanwhile, I'll focus on
> making sure that my users don't need support contracts.
>
> ---Dan

Well excuse me here, mister. If you would have read what I wrote, I
said that I *can* get in touch with Nominum and purchase a supoprt
contract. Where in the WORLD did I say anything else??? As I also said
(which you failed to quote), I have quite a few people around me who
are very knowledgeable on the subject of BIND. Plus, except for the
one (1) time I made a typo in one of my zone files (misspelling a
RRname by saying `wwww' instead of `www') DNS has been working
flawlessly for me since I registered my machine in Network Solution's
databases (which was not BIND-dependant).

If you take a couple of minutes to skim through the documentation and
example files, you will find that setting up a zone with BIND is
extremely easy. In its simplest form:

	zone "zonename" {
		type master;
		file "filename";
	};

For a slave:

	zone "zonename" {
		type slave;
		masters { one_ip; possible_second_ip; ...; };
		file "filename";
	};

Most of the time you can copy an old zone file (commonly called
named.*) and use it more or less verbatim for the new zone. The tricky
part comes when you want to add more names - you have to be able to
spell.

Cleverly configured, it isn't any harder that that.

Besides that, I have absolutely no problems with Nominum making money
to support the continuing development of BIND. After all, they are a
company. If you started a company and hired a couple of good
developers to work on qmail, djbdns and all the programs they rely
upon, do you think you could do with zero income to that company? I
don't.

And I don't even have a degree in common sense. But I do have some of
it anyway.


Michael Kjörling

- -- 
Michael Kjörling - michael at kjorling.com - PGP: 8A70E33E
Manager Wolf.COM -- Programmer -- Network Administrator
"We must be the change we wish to see" (Mahatma Gandhi)

^..^     Support the wolves in Norway -- go to     ^..^
 \/   http://home.no.net/ulvelist/protest_int.htm   \/

***** Please only send me emails which concern me *****


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7cnXFKqN7/Ypw4z4RAvztAJ0e2zPk3sIjLFQISjd53qHed4HK2QCgotPb
HMZeiEmbvTgMF9VEVS3B6bU=
=YKKw
-----END PGP SIGNATURE-----




More information about the bind-users mailing list