New server build

Adam Tkac atkac at
Fri Oct 5 09:37:47 UTC 2007

On Thu, Oct 04, 2007 at 09:14:33PM +0200, Tony Earnshaw wrote:
> Chris Buxton skrev, on 04-10-2007 18:05:
> [...]
> >> In addition to what Jeremy suggests, I suggest using Adam Tkac's (of
> >> this list) Bind 9.4-P1 rpms ( in
> >> place of CentOS's.
> > 
> > As Stephen Smoogen pointed out to me recently, you should be aware  
> > that doing this puts the responsibility entirely on you to maintain  
> > your BIND version. If you use the stock CentOS (actually Red Hat)  
> > version of BIND, "yum update" will keep you up-to-date with the  
> > latest bug fixes as implemented by Red Hat.
> > 
> > Note that I'm not advocating either path, just pointing out the issue.
> Red Hat backports are all well and good, but the ultimate idiocy in RHEL 
> "backporting" was the maintenance in RHEL3 and RHEL4 of OpenLDAP 
> versions known to be suicidally buggy and guaranteed to ruin whatever OL 
> installation one had. Taken up repeatedly to the extent of utter boredom 
> on the OL list.
> On some things (e.g. httpd) RH is really good at upgrading and 
> maintaining a 99.9% OS. On others it is just plain mulish.
> Between RHL4 and RHL5 Red Hat's OL update policy has changed completely. 
> It now tries to keep up with OL versions, but the *quality* of what it 
> delivers is still utterly abysmal. UTTERLY. To the extent that those who 
> know OL well enough discard all offerings from RH and espouse those from 
> a Mandriva Red Hat packager who, on his own, can outdo anything that the 
> Red Hat packagers can. No one, but *no one*, on the OL list advocates 
> Red Hat OL packages.

We have different bugfix policies for RHEL and Fedora. RHEL policy enforce "no regression" approach, especially on servers (and BIND is one of the critical packages) so I'm not able to check changelog, find what exactly patches do and if they're correct. It's simply impossible. We fix security issues + bugs reported to our bugzilla and that is all. On Fedora is situation quite different. Overall I'm able to do with package what I want (and I want be up2date with ISC). If you want Red Hat system on your server you will chose. If you want guarantee that your system will have same ABI for 7 years, your update won't broke something and all security issues are fixed you should chose RHEL. If you want be up2date with upstreams you should chose Fedora.

> Adam Tkac is a sodding good, independent, Red Hat Bind packager. He 
> keeps up with what ISC considers good, not what some imbecile Red Hat 
> backporter considers what ISC should be doing.

Thanks! But I believe ISC often damn me :)

> I agree that keeping one's system up to date throws responsibility onto 
> whatever sysadmin who's responsible for his/her site. But then, that's 
> what a good sysadmin is supposed to do. I choose Red Hat in place of 
> other vendors because I deem Red Hat more dependable and easier to run 
> than theirs. But I'm no sycophant, rather an eclectic.
> Best,
> --Tonni
> -- 
> Tony Earnshaw
> Email: tonni at hetnet dot nl


More information about the bind-users mailing list