Installing bind is not very clear for me

Mike Hoskins (michoski) michoski at
Sat Sep 5 01:41:56 UTC 2015

On 9/4/15, 9:29 PM, "bind-users-bounces at on behalf of Noel
Butler" <bind-users-bounces at on behalf of
noel.butler at> wrote:

>On 05/09/2015 04:49, Reindl Harald wrote:
>> mostly people who are throwing as much as possible appliances and
>> firewalls in front of their machines doing that because missing
>> knowledge
>and falling for some salesman's BS, the moment they sniff you have no
>idea, they rub their hands together thinking how big their Christmas
>bonus will be, many moons ago an apprentice nearly fell for cisco's hype
>of their pix junk, I showed him how to use , hrmm ipchains I think was
>back then, did just as good job as any multi thousands dollars box of
>vendor crap would.

Actually, PIX had issues...  I can attest to that, having administered
several Cisco-based networks including PIX years before I was "a Cisco
person".  Having worked at some large NSPs I can also attest to similar
issues with just about every vendor who does or has existed over the past
couple decades.

That said, PIX was at least stateful (unlike ipchains, as you know that
was the big selling point of iptables), had HA before heartbeat was
popular (I was using clustered PIX at scale in late 90's, didn't really
trust heartbeat in production until 2006/7), was easy to tie into existing
AAA infra (also didn't really like the state of PAM back then)...  as it
is now, the best approach really decided on your use cases.

Your call out that you should really know what you're doing before buying
anything or even getting paid to administer networks is spot on regardless
of what vendors are involved.  :-)

More information about the bind-users mailing list