Odd problems trying to make use of libbind as a replacement resolver...

Brad Knowles brad at stop.mail-abuse.org
Mon Oct 17 14:45:29 UTC 2005


At 11:25 PM +1000 2005-10-17, A Humble Bind User wrote:

>>  	The original resolver libraries came from BIND-4, yes.  But each
>>  vendor has started with that and went their own separate ways.
>
>  Well, when you say vendor, you're really speaking to the main userspace "C"
>  library of which glibc is one large example.

	You've got Linux on the brain.  There are zillions of other OSes 
out there, all of which would have to likewise be catered for.

	The BIND developers would be the SPOF (single point of failure) 
for the entire Internet, if not the entire world.  We're already 
close enough to that situation today.  We don't need to get any 
closer to it.

>  I appreciate it's in that lower end where the differences will be 
>most keen...
>  but even in a POSIX/post-2000 UNIX world, the various network 
>socket call APIs
>  must surely be starting to converge?

	You're talking about some of the lowest-level code that can exist 
on a networked platform.  Just how much commonality do you honestly 
believe all these zillions of different OSes actually have?

>  No!  I would have thought that since they provide a name server which can be
>  compiled and run on just about every OS on the planet,

	The nameserver can be built on a wide variety of platforms, yes.


	But the resolver code is much lower in the stack, and much closer 
to all the bizarreness that each and every vendor is guaranteed to 
have within the lowest levels of their kernel code.

	Why do you think that some vendors put that code in libc, 
probably the lowest level and most critical library within the entire 
system?

>  You and Stefan are misunderstanding me a bit here.  I'm not asking for a
>  "libbind" that lets me transparently override an installed system's
>  resolver...  I'm asking for one which can be built and compiled against which
>  allows me to AVOID using the built-in system resolver altogether.

	We're not misunderstanding you.  Well, at least I'm not.

	I know exactly what you're asking for, and I'm telling you that 
you have no concept of what would be involved in making that happen.

>  I'm sure there's alot of ugliness in there... there's alot of complexity in
>  named too... and yet, that can be built and run on just about every OS in
>  common use.  It seems odd that we're all stuck on "BIND4" level code, for
>  something that pretty much *EVERYONE* uses thousands of times a day.

	Server != resolver

	One is relatively high level, and sits right up there with most 
other standard daemons.  The other is nearly as low level as you can 
get within the network stack.

-- 
Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.



More information about the bind-users mailing list