Odd problems trying to make use of libbind as a replacement resolver...
Brad Knowles
brad at stop.mail-abuse.org
Mon Oct 17 14:45:29 UTC 2005
At 11:25 PM +1000 2005-10-17, A Humble Bind User wrote:
>> The original resolver libraries came from BIND-4, yes. But each
>> vendor has started with that and went their own separate ways.
>
> Well, when you say vendor, you're really speaking to the main userspace "C"
> library of which glibc is one large example.
You've got Linux on the brain. There are zillions of other OSes
out there, all of which would have to likewise be catered for.
The BIND developers would be the SPOF (single point of failure)
for the entire Internet, if not the entire world. We're already
close enough to that situation today. We don't need to get any
closer to it.
> I appreciate it's in that lower end where the differences will be
>most keen...
> but even in a POSIX/post-2000 UNIX world, the various network
>socket call APIs
> must surely be starting to converge?
You're talking about some of the lowest-level code that can exist
on a networked platform. Just how much commonality do you honestly
believe all these zillions of different OSes actually have?
> No! I would have thought that since they provide a name server which can be
> compiled and run on just about every OS on the planet,
The nameserver can be built on a wide variety of platforms, yes.
But the resolver code is much lower in the stack, and much closer
to all the bizarreness that each and every vendor is guaranteed to
have within the lowest levels of their kernel code.
Why do you think that some vendors put that code in libc,
probably the lowest level and most critical library within the entire
system?
> You and Stefan are misunderstanding me a bit here. I'm not asking for a
> "libbind" that lets me transparently override an installed system's
> resolver... I'm asking for one which can be built and compiled against which
> allows me to AVOID using the built-in system resolver altogether.
We're not misunderstanding you. Well, at least I'm not.
I know exactly what you're asking for, and I'm telling you that
you have no concept of what would be involved in making that happen.
> I'm sure there's alot of ugliness in there... there's alot of complexity in
> named too... and yet, that can be built and run on just about every OS in
> common use. It seems odd that we're all stuck on "BIND4" level code, for
> something that pretty much *EVERYONE* uses thousands of times a day.
Server != resolver
One is relatively high level, and sits right up there with most
other standard daemons. The other is nearly as low level as you can
get within the network stack.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the bind-users
mailing list