Dan's "Ease of Use" Table, Redux (was Re: bind 8.2.4: limiting used memory?)
D. J. Bernstein
75628121832146-bind at sublist.cr.yp.to
Sat Aug 11 02:14:25 UTC 2001
Kevin Darcy writes:
> djbdns has a helper script ("add-mx") specifically to perform this
> function, and BIND does not
Exactly! This is one of many things making the package easier to use.
> Anyone wanting decent logging from djbdns needs to
> download/compile/install/configure the "multilog" package instead of
> syslog.
There is no multilog package; multilog is included in daemontools. All
the necessary multilog configuration is handled automatically by the
dnscache-conf and tinydns-conf steps shown in my table. (The default
logs are much more comprehensive than BIND's default logs, by the way.)
As for the initial installation of daemontools, ucspi-tcp, and djbdns:
Download the three tarballs, and then copy and paste the eight lines
shown in http://cr.yp.to/djbdns/frombind.html. That's it.
> in the case of ssh at least, that a certain amount of planning,
> configuration, key-generation/-exchange, etc. needs to be performed
> before the utility is actually usable according to the examples shown.
Certainly. But this is something that multiple-machine administrators
have already done, because it's useful for many other applications. In
contrast, setting up BIND's ad-hoc security mechanisms is a bunch of
extra work.
> Dan claimed in his table that chroot'ing BIND requires populating the
> jail with lots of OS files and/or device nodes.
What I actually said was ``Copy various programs, system-dependent
libraries, and system-dependent devices,'' which is a reasonable summary
of the situation for BIND 8.
I later changed that to ``Copy various system-dependent files, which are
not thoroughly described in the BIND manual,'' which is a reasonable
summary of the situation for both BIND 8 and BIND 9.
> "Look for errors in your system's logs" step that Dan lists for BIND
> for multiple "ease of use" items should be matched in many cases by
> "watch the make output for errors"
Don't be ridiculous. The make output is already on the screen. The BIND
syslog output, in typical installations, is not. BIND administrators
have to go to extra effort to see it, exactly as shown in my table.
---Dan
More information about the bind-users
mailing list