"Hidden" Primary DNS

Robert Kropiewnicki robert.kropiewnicki at structuredweb.com
Thu Aug 29 19:05:12 UTC 2002




> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
> Behalf Of Jim Reid
> Sent: Thursday, August 29, 2002 2:21 PM
> To: takeme2yourNOMORESPAMPLEASE at rocketmail.com
> Cc: comp-protocols-dns-bind at isc.org
> Subject: Re: "Hidden" Primary DNS
>
>
>     >>> i refered to a 'suite' of programs, did i not? this is one of
>     >>> the prinicple benefits of the djb approach: if you don't need
>     >>> zone transfers, dont use axfrdns; if you don't do
>     >>> caching/recursion, don't use dnscache.
>
> Calling this a benefit is debatable. [One mans' mean it another poison
> I suppose.] A bunch of programs like this adds complexity, which is a
> security problem itself. A naive adminsitrator needs to figure out
> what all these myriad of programs are for, how they're inter-related,
> which ones they need and don't need. And then figure out how to get
> them to work. Let's not forget the maintenance hassle of keeping track
> of which of these programs need to be upgraded or re-installed. And
> all that's before we get to all the other weird stuff that needs to
> be installed and configured on your computer so you can run djbdns.
>
> BTW, the newsgroup is gatewayed into a mailing list. So it's
> anti-social to provide a bogus email address. It doesn't even prevent
> spam: the main reason some people follow this irritating practice.
>
>

Jim,

I'm not quite sure at what you're getting at here.  Shouldn't an admin
know what the programs running on his server are doing regardless of
whether it's one large comprehensive apps or a number of small,
inter-related apps?

You are correct.  It is harder to keep track of many different
applications than it is to keep track of one.  But, depending on your
needs, the payoff might be worth it.  After all, is there anything more
annoying than having to upgrade an app on a production system due to a
bug or exploit in a portion of the app that you don't even need or for
that matter want?  I know for sure that it drives me crazy every time I
have to patch a Win2K server due to an exploit related to Outlook
Express or Windows Media Player.  The modularity that you appear to
dislike is at the very heart of why I love Unix and Linux....install
only what you need, use the right tool for the right job.

Regards,

Robert Kropiewnicki




More information about the bind-users mailing list