Users Want *Seamless* Solutions, Not Patchwork (was Re: Users want solutions, not buzzwords)

D. J. Bernstein 75628121832146-bind at sublist.cr.yp.to
Wed Jul 25 14:20:50 UTC 2001


Kevin Darcy writes:
> Well, to tell the truth I haven't attempted to run BIND 9 chroot'ed

Obviously. Nor did you read the manual. But you were perfectly happy to
make a fool of yourself. Don't you think people deserve to see correct
information?

> You specify "forwarders { }" *once* at the apex (e.g. moon.mil)

That doesn't solve the problem. It isn't even close. You are continuing
to make a fool of yourself.

> Or look at how ridiculously convoluted it is to set up AXFR-based
> replication on the same box as dnscache or tinydns, where that program
> is configured to deal with TCP retransmissions (I'm still not sure
> whether this is even *possible*, given your AXFR server's apparent
> reliance on having unfettered access to TCP port 53).

The simple procedure in http://cr.yp.to/djbdns/frombind.html takes care
of everything. The convolutions, configurations, and impossibilities are
figments of your imagination. You are again making a fool of yourself.

> How difficult is it to make the opposite choice with djbdns, i.e. run
> an auth-server and a cache on the same box?

The procedures shown in http://cr.yp.to/djbdns/blurb/easeofuse.html work
exactly as shown. The number of machines is irrelevant. 

If you're asking why the programs and IP addresses are separate: This
prevents incoming data from interfering with outgoing data. Perhaps you
were unaware that the ``DNS and BIND'' book tells you to do this, in the
``Securing Your Name Server'' section.

> > > only 2 main executables
> > So what? Is that supposed to help the system administrator?
> It most certainly *does* help when you're trying to integrate a DNS
> package into a standardized server load image.

What kind of copying mechanism would require manual work for every file?
Ridiculous.

Next you'll be telling us that the smooth cooperation between inetd and
bootpd is ``patchwork,'' and that your UNIX distributor has caused
endless problems for you by not combining those two programs.

---Dan


More information about the bind-users mailing list