allow-update in global options (was Re: bind and certbot with dns-challenge)
Alan Clegg
aclegg at isc.org
Mon Mar 18 11:56:34 UTC 2019
On 3/18/19 6:53 AM, G.W. Haywood via bind-users wrote:
> I've been reading this exchange with growing frustration, and I hope a
> forthright response will be excused - especially since I now have to
> dash out to the hospital so I don't have more time to work on this.
>
> On Mon, 18 Mar 2019, or possibly earlier, Alan Clegg wrote:
>
>> The change was an unintended consequence ...
>
> Please try not to let things like that escape into the wild, and
> please, please, NEVER turn them into deliberate actions purely for
> your own convenience. If this means that you have to pull a release,
> then so what? You've put me first. That's fine by me.
You misunderstand what I was saying.
It was believed that "allow-update" was already disallowed - the code
being changed was just to add a message to better explain what was
happening. The fact that this (seemingly non-related) change caused it
to come to the top was the "unintended consequence".
>> How many zones are you authoritative for? Would it be a major
>> difficulty to (once) change the existing zones and then modify your
>> provisioning to add the "allow-update" option in the zone stanza?
>
> Please don't even *think* questions like that. Maybe you could code
> it yourself, and send the script out with the next release, and take
> the flack when it breaks, and next time, well, not do it.
Thanks for telling me what not to think or ask.
If I don't ask questions, I don't get answers. I am attempting to help.
I am attempting to figure out the lay of the land so that we can have
good internal conversations at ISC.
There are so many different ways that people can write their
configuration files (because ISC over the years has tried to accommodate
as many user requirements as possible) that the thought of writing a
"one-code-fits-all" to cover all of the possible ways this may need to
be changed is rather daunting.
>> ... roasted because they don't read the release notes.
>
> Seems to me that you don't care anything like enough about this.
You tell me what to think, then you tell me that I don't care.
That's crap. As anyone that ever took my classes in the past will tell
you, I really DO care about the user experience and about our customers
and users. Quite a few changes in BIND were brought forward from the
classes that I taught due to my interest in making things better.
If I didn't care, why I am putting myself out to the slings and arrows?
If I didn't care, I would not have, on a Sunday, asked internal
engineers exactly what the thought process was that had lead us to where
we were.
It surprised me that this was occurring and I decided to take it to the
list in a very open and honest way.
Take the personal attacks elsewhere if you don't mind.
>> If we (ISC) base our changes on what we've gotten in response to the
>> surveys, we will make changes based on the fact that nearly all of the
>> somewhere around 20 people that use BIND are using Solaris.
>>
>> Not enough people actually respond to our surveys to base any real
>> changes on the results.
>
> Apologies for speaking frankly, but that's a lie.
I would like an apology for this because I am not a liar.
But I won't hold my breath.
While I said that we have thick skins due to having done this for a
while, I never expected to be called a liar. I do not believe that we
have met, and for that I am sorry because you might have a different
view of me, but this... wow.
I'm ignoring the rest for now.
Alan Clegg
ISC
More information about the bind-users
mailing list