On Thu, 03 Jan 2008 15:07:56 -0800, gavino wrote:
> bind looks painful
> any dns server in lisp easy to use? powerful?
I don't know about "in lisp", but I prefer djbdns+tinydns, myself. What
does "powerful" mean in this context? The important thing about a DNS
server is that it works, reliably and securely.
--
Andrew
P� Fri, 04 Jan 2008 00:07:56 +0100, skrev gavino <·········@gmail.com>:
> bind looks painful
> any dns server in lisp easy to use? powerful?
Franz provides a public domain one for Windows.
http://opensource.franz.com/nfs/
--------------
John Thingstad
"John Thingstad" <·······@online.no> writes:
> P� Fri, 04 Jan 2008 00:07:56 +0100, skrev gavino <·········@gmail.com>:
>
>> bind looks painful
>> any dns server in lisp easy to use? powerful?
>
> Franz provides a public domain one for Windows.
> http://opensource.franz.com/nfs/
That is NFS, not DNS.
Petter
--
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?
On 2008-01-04, Petter Gustad <·············@gustad.com> wrote:
> "John Thingstad" <·······@online.no> writes:
>
>>
>> Franz provides a public domain one for Windows.
>> http://opensource.franz.com/nfs/
>
> That is NFS, not DNS.
>
> Petter
gavino would not know the difference.
marc
--
······@sdf.lonestar.org
SDF Public Access UNIX System - http://sdf.lonestar.org
On Jan 4, 5:36 pm, marc spitzer <······@sverige.freeshell.org> wrote:
> On 2008-01-04, Petter Gustad <·············@gustad.com> wrote:
>
> > "John Thingstad" <·······@online.no> writes:
>
> >> Franz provides a public domain one for Windows.
> >>http://opensource.franz.com/nfs/
>
> > That is NFS, not DNS.
>
> > Petter
>
> gavino would not know the difference.
>
> marc
>
> --
> ······@sdf.lonestar.org
> SDF Public Access UNIX System -http://sdf.lonestar.org
I most certainly would. I am a linux professional.
Petter Gustad wrote:
> "John Thingstad" <·······@online.no> writes:
>
>> P� Fri, 04 Jan 2008 00:07:56 +0100, skrev gavino <·········@gmail.com>:
>>
>>> bind looks painful
>>> any dns server in lisp easy to use? powerful?
>> Franz provides a public domain one for Windows.
>> http://opensource.franz.com/nfs/
>
> That is NFS, not DNS.
>
> Petter
I don't know of a DNS server in Lisp.
I'm curious why you'd want one. There are various DNS
servers available in other languages. Perhaps you were
looking for one in Lisp so that you could browse the
source (or modify the source) in a language that you like?
In article <···················@trndny08>,
Daniel Weinreb <···@alum.mit.edu> wrote:
> Petter Gustad wrote:
> > "John Thingstad" <·······@online.no> writes:
> >
> >> P� Fri, 04 Jan 2008 00:07:56 +0100, skrev gavino <·········@gmail.com>:
> >>
> >>> bind looks painful
> >>> any dns server in lisp easy to use? powerful?
> >> Franz provides a public domain one for Windows.
> >> http://opensource.franz.com/nfs/
> >
> > That is NFS, not DNS.
> >
> > Petter
>
> I don't know of a DNS server in Lisp.
There was one on the Lisp Machine, of course. But it would be pretty
out of date by now, though.
--
Barry Margolin, ······@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
> >> Franz provides a public domain one for Windows.
> >>http://opensource.franz.com/nfs/
>
> > That is NFS, not DNS.
>
> I don't know of a DNS server in Lisp.
Actually Franz does have one somewhere... or at least did. (and I'm
talking DNS not NFS) My friend has it and runs it. Although, it
required a bug fix of some kind. I googled for it but can't seem to
find it anymore. Although I didn't try that hard, because I don't
really want it.
If you're a lisp hacker and want to understand how DNS works, I guess
looking at lisp code is a little easier than C. (although then why
not just look at the protocol) Also who's gonna waste time writing an
exploit for it? you'll be safe from the next Bind worm. (the first
reason, and some added geek points are I think the reason my friend
does it)
actually, because I'm waiting for something else to run....
http://web.archive.org/web/20011031115524/opensource.franz.com/ans/index.html
I found it, it's called ANS.
"This project is still a work in progress. However, we use it at Franz
Inc. for our secondary internal nameserver."
That was from 2001 or so, though, I wonder if they still use it? It
fell off their page of open source projects a while back, so I'm
guessing no.
On Jan 10, 8:27 pm, K Livingston <······················@gmail.com>
wrote:
> > >> Franz provides a public domain one for Windows.
> > >>http://opensource.franz.com/nfs/
>
> > > That is NFS, not DNS.
>
> > I don't know of a DNS server in Lisp.
>
> Actually Franz does have one somewhere... or at least did. (and I'm
> talking DNS not NFS) My friend has it and runs it. Although, it
> required a bug fix of some kind. I googled for it but can't seem to
> find it anymore. Although I didn't try that hard, because I don't
> really want it.
>
> If you're a lisp hacker and want to understand how DNS works, I guess
> looking at lisp code is a little easier than C. (although then why
> not just look at the protocol) Also who's gonna waste time writing an
> exploit for it? you'll be safe from the next Bind worm. (the first
> reason, and some added geek points are I think the reason my friend
> does it)
K Livingston <······················@gmail.com> writes:
> actually, because I'm waiting for something else to run....
>
> http://web.archive.org/web/20011031115524/opensource.franz.com/ans/index.html
>
> I found it, it's called ANS.
To be clear, this is an archived page, and not a current page at
opensource.franz.com.
> "This project is still a work in progress. However, we use it at Franz
> Inc. for our secondary internal nameserver."
>
> That was from 2001 or so, though, I wonder if they still use it? It
> fell off their page of open source projects a while back, so I'm
> guessing no.
Correct. Our system administrator, who wrote it, says that we had
started using some DNS stuff on our network (e.g.,dynamic updates)
that he didn't yet have support for, and he didn't have the time or
energy to keep up with it, so he went back to using BIND. And since
he wasn't maintaining ans, he took it off of the webpage. I asked him
if he would be willing to reinstate it and take changes for it, if
there's interest, and he said yes. I presume you can send such
statements of interest to ·······@franz.com.
> On Jan 10, 8:27 pm, K Livingston <······················@gmail.com>
> wrote:
>> > >> Franz provides a public domain one for Windows.
>> > >>http://opensource.franz.com/nfs/
>>
>> > > That is NFS, not DNS.
>>
>> > I don't know of a DNS server in Lisp.
>>
>> Actually Franz does have one somewhere... or at least did. (and I'm
>> talking DNS not NFS) My friend has it and runs it. Although, it
>> required a bug fix of some kind.
I asked the author about this, and he wasn't aware of any. Most of
the items on the BUGS list in the project (which is still the same
list as he has) are really not bugs, per se, but possible enhancements
and desired features. If your friend has a description of the bug and
the fix, he is interested in knowing about it.
--
Duane Rettig ·····@franz.com Franz Inc. http://www.franz.com/
555 12th St., Suite 1450 http://www.555citycenter.com/
Oakland, Ca. 94607 Phone: (510) 452-2000; Fax: (510) 452-0182
On Jan 11, 11:25 am, Duane Rettig <·····@franz.com> wrote:
> K Livingston <······················@gmail.com> writes:
> >http://web.archive.org/web/20011031115524/opensource.franz.com/ans/in...
>
> To be clear, this is an archived page, and not a current page at
> opensource.franz.com.
sorry, I should have made that more clear. I just remembered it
existed, but google wasn't helping me confirm that. So I went on a
goose-hunt to make sure I wasn't part of some glitch in the matrix,
(not that this whole thread wasn't that in the first place) and found
it on archive.org.
> he wasn't maintaining ans, he took it off of the webpage. I asked him
> if he would be willing to reinstate it and take changes for it, if
> there's interest,
my interest was only curiosity.
> I asked the author about this, and he wasn't aware of any. Most of
> the items on the BUGS list in the project (which is still the same
> list as he has) are really not bugs, per se, but possible enhancements
> and desired features. If your friend has a description of the bug and
> the fix, he is interested in knowing about it.
I'll pass it along, I don't think they read c.l.l. regularly. I don't
know what the change was, might have just been a simple ACL6.1 ->
ACL7+ thing for all I know. As far as I know it's still being run,
though.
P� Fri, 11 Jan 2008 03:27:05 +0100, skrev K Livingston
<······················@gmail.com>:
>> >> Franz provides a public domain one for Windows.
>> >>http://opensource.franz.com/nfs/
>>
>> > That is NFS, not DNS.
>>
>> I don't know of a DNS server in Lisp.
>
>
> Actually Franz does have one somewhere... or at least did. (and I'm
> talking DNS not NFS) My friend has it and runs it. Although, it
> required a bug fix of some kind. I googled for it but can't seem to
> find it anymore. Although I didn't try that hard, because I don't
> really want it.
>
> If you're a lisp hacker and want to understand how DNS works, I guess
> looking at lisp code is a little easier than C. (although then why
> not just look at the protocol) Also who's gonna waste time writing an
> exploit for it? you'll be safe from the next Bind worm. (the first
> reason, and some added geek points are I think the reason my friend
> does it)
Thank you. I was sure I searchecd for DNS. I know franz developed a nfs
server...
--------------
John Thingstad
On Jan 3, 11:07 pm, gavino <·········@gmail.com> wrote:
> bind looks painful
It's not particularly painful. Zone file syntax etc has its
obscurities, but That's part of the DNS stanrdard (in effect if not in
theory, but I think in theory too) so you have to deal with that
anyway.
Tim Bradshaw <··········@tfeb.org> writes:
> On Jan 3, 11:07 pm, gavino <·········@gmail.com> wrote:
>> bind looks painful
>
> It's not particularly painful. Zone file syntax etc has its
> obscurities, but That's part of the DNS stanrdard (in effect if not in
> theory, but I think in theory too) so you have to deal with that
> anyway.
You're forgetting that you are replying to gavino, whose sole
talent seems to be to go off on one-line excursions into random
territory, before getting lost.
On Jan 9, 9:34 am, Raymond Wiker <····@RawMBP.local> wrote:
> Tim Bradshaw <··········@tfeb.org> writes:
> > On Jan 3, 11:07 pm, gavino <·········@gmail.com> wrote:
> >> bind looks painful
>
> > It's not particularly painful. Zone file syntax etc has its
> > obscurities, but That's part of the DNS stanrdard (in effect if not in
> > theory, but I think in theory too) so you have to deal with that
> > anyway.
>
> You're forgetting that you are replying to gavino, whose sole
> talent seems to be to go off on one-line excursions into random
> territory, before getting lost.
I simply ask about software tools. I guess that is bad? Lisp is
supposed to be a very powerful tool so it seems natural that there
would be lisp programs to cover things that may be more fun to use
than thier c counterparts.....sue me for my audacity of hope!
On Wed, 09 Jan 2008 09:04:34 -0800, Tim Bradshaw wrote:
> On Jan 3, 11:07 pm, gavino <·········@gmail.com> wrote:
>> bind looks painful
>
> It's not particularly painful. Zone file syntax etc has its
> obscurities, but That's part of the DNS stanrdard (in effect if not in
> theory, but I think in theory too) so you have to deal with that anyway.
I'm a fan of djb's dnscache+tinydns, and an anti-fan of the BIND zone
file syntax. I don't miss zone files at all, and don't feel the lack of
the zone file transfer part of the spec. You really don't *have* to deal
with it, in order to have a working DNS server.
If I were to build a lisp dns server, I'd model it after dnscache
+tinydns, rather than any version of BIND.
Cheers,
--
Andrew
On Jan 10, 12:18 am, Andrew Reilly <···············@areilly.bpc-
users.org> wrote:
> I'm a fan of djb's dnscache+tinydns, and an anti-fan of the BIND zone
> file syntax. I don't miss zone files at all, and don't feel the lack of
> the zone file transfer part of the spec. You really don't *have* to deal
> with it, in order to have a working DNS server.
Yeah, that's the spirit. Who gives a damn about standards anyway? So
boring, just implement the interesting bits. Look how successful this
trick has been for Linux, after all.
Personally, I've never looked at djbdns because, well djb.
Tim Bradshaw <··········@tfeb.org> writes:
> On Jan 10, 12:18 am, Andrew Reilly <···············@areilly.bpc-
> users.org> wrote:
>
>> I'm a fan of djb's dnscache+tinydns, and an anti-fan of the BIND zone
>> file syntax. I don't miss zone files at all, and don't feel the lack of
>> the zone file transfer part of the spec. You really don't *have* to deal
>> with it, in order to have a working DNS server.
>
> Yeah, that's the spirit. Who gives a damn about standards anyway? So
> boring, just implement the interesting bits. Look how successful this
> trick has been for Linux, after all.
>
> Personally, I've never looked at djbdns because, well djb.
If you want the *redundancy* that DNS had designed into, well,
AXFR/IXFR *do* matter.
My coworkers operate various zones (notably including being
authoritative for the .org zone), and find it *staggeringly* valuable
to be able to do zone transfers. They find it a tad useful when
they're expected to keep that zones lit up 100% of the time.
There would be value to having more decent DNS server implementations
out there; suffice it to say there are certain vulnerabilities
inherent in monocultures...
--
output = ("cbbrowne" ·@" "linuxdatabases.info")
http://www3.sympatico.ca/cbbrowne/multiplexor.html
Save your burned out bulbs for me, I'm building my own dark room.
On Thu, 10 Jan 2008 20:46:57 +0000, Christopher Browne wrote:
> Tim Bradshaw <··········@tfeb.org> writes:
>> On Jan 10, 12:18 am, Andrew Reilly <···············@areilly.bpc-
>> users.org> wrote:
>>
>>> I'm a fan of djb's dnscache+tinydns, and an anti-fan of the BIND zone
>>> file syntax. I don't miss zone files at all, and don't feel the lack
>>> of the zone file transfer part of the spec. You really don't *have*
>>> to deal with it, in order to have a working DNS server.
>>
>> Yeah, that's the spirit. Who gives a damn about standards anyway? So
>> boring, just implement the interesting bits. Look how successful this
>> trick has been for Linux, after all.
>>
>> Personally, I've never looked at djbdns because, well djb.
Whatever. Clearly your milage may vary. It works for me, it appears to
work for quite a lot (1.8 million according to DJB) of other sites. I'm
far from a DNS expert, just a (very) small-scale user. It complies with
the aspects of the standards that are visible to my client machines, and
the other aspects are clearly only an issue for the organization involved.
> If you want the *redundancy* that DNS had designed into, well, AXFR/IXFR
> *do* matter.
Only if you want redundancy against another BIND server. If you want
redundancy against another tinydns server, then use the recipe associated
with that. AXFR etc is not behaviour that DNS clients see. If you care,
there are co-programs that provide whatever interface features you want:
that's how djbdns is constructed: division of responsibilities.
> My coworkers operate various zones (notably including being
> authoritative for the .org zone), and find it *staggeringly* valuable to
> be able to do zone transfers. They find it a tad useful when they're
> expected to keep that zones lit up 100% of the time.
You clearly aren't the only ones in that situation. I expect that the
large companies who use djbdns feel the same way.
> There would be value to having more decent DNS server implementations
> out there; suffice it to say there are certain vulnerabilities inherent
> in monocultures...
Exactly. I'm trying to foster diversity here, by suggesting that
potential lisp-DNS implementators have a look at djbdns, which is nicely
modular, fast, robust and easy to configure, instead of looking at the de-
facto alternative, which (IMO) isn't.
Cheers,
--
Andrew
On Jan 10, 11:29 pm, Andrew Reilly <···············@areilly.bpc-
users.org> wrote:
> Only if you want redundancy against another BIND server.
Let's be quite precise here: only if you want to work with another
*standards-conforming* DNS server. If you do not care about
conforming to the standard then you can do what you like, of course,
but you should not claim to be conforming.
Standards matter, and ignoring them or implementing only the parts
convenient to you, while claiming to conform[*], is toxic and
unfortunately common behaviour. When Microsoft does this, everyone
jumps all over them. When Linux does it, for instance in its
farcically non-conformant NFS implementation[**], somehow it is the
conformant implementatios which are to blame.
--tim
[*] I don't know whether djbdns claims to conform.
[**] At least historically, but I think currently too.
On Fri, 11 Jan 2008 02:41:11 -0800, Tim Bradshaw wrote:
> On Jan 10, 11:29 pm, Andrew Reilly <···············@areilly.bpc-
> users.org> wrote:
>
>> Only if you want redundancy against another BIND server.
>
> Let's be quite precise here: only if you want to work with another
> *standards-conforming* DNS server. If you do not care about conforming
> to the standard then you can do what you like, of course, but you should
> not claim to be conforming.
Just to be clear: djbdns *does* (or rather, can) do standards-conforming
AXFR. There are *also* much better ways to zone transfer redundancy with
other djbdns servers. In this respect it is no different from, say,
Windows active directory, which can do AXFR, but strongly recommends the
use of AD's own domain database replication mechanism where possible.
This is because AXFR is a poor mechanism for zone transfer, and therefore
a poor standard. As you say, it is necessary to support even poor
standards, but one does not have to advocate their use.
--
Andrew
On Jan 11, 2:41 am, Tim Bradshaw <··········@tfeb.org> wrote:
> On Jan 10, 11:29 pm, Andrew Reilly <···············@areilly.bpc-
>
> users.org> wrote:
> > Only if you want redundancy against another BIND server.
>
> Let's be quite precise here: only if you want to work with another
> *standards-conforming* DNS server. If you do not care about
> conforming to the standard then you can do what you like, of course,
> but you should not claim to be conforming.
>
> Standards matter, and ignoring them or implementing only the parts
> convenient to you, while claiming to conform[*], is toxic and
> unfortunately common behaviour. When Microsoft does this, everyone
> jumps all over them. When Linux does it, for instance in its
> farcically non-conformant NFS implementation[**], somehow it is the
> conformant implementatios which are to blame.
>
> --tim
>
> [*] I don't know whether djbdns claims to conform.
> [**] At least historically, but I think currently too.
apparently openAFS is ncier anyhow....
On Jan 10, 3:29 pm, Andrew Reilly <···············@areilly.bpc-
users.org> wrote:
> On Thu, 10 Jan 2008 20:46:57 +0000, Christopher Browne wrote:
> > Tim Bradshaw <··········@tfeb.org> writes:
> >> On Jan 10, 12:18 am, Andrew Reilly <···············@areilly.bpc-
> >> users.org> wrote:
>
> >>> I'm a fan of djb's dnscache+tinydns, and an anti-fan of the BIND zone
> >>> file syntax. I don't miss zone files at all, and don't feel the lack
> >>> of the zone file transfer part of the spec. You really don't *have*
> >>> to deal with it, in order to have a working DNS server.
>
> >> Yeah, that's the spirit. Who gives a damn about standards anyway? So
> >> boring, just implement the interesting bits. Look how successful this
> >> trick has been for Linux, after all.
>
> >> Personally, I've never looked at djbdns because, well djb.
>
> Whatever. Clearly your milage may vary. It works for me, it appears to
> work for quite a lot (1.8 million according to DJB) of other sites. I'm
> far from a DNS expert, just a (very) small-scale user. It complies with
> the aspects of the standards that are visible to my client machines, and
> the other aspects are clearly only an issue for the organization involved.
>
> > If you want the *redundancy* that DNS had designed into, well, AXFR/IXFR
> > *do* matter.
>
> Only if you want redundancy against another BIND server. If you want
> redundancy against another tinydns server, then use the recipe associated
> with that. AXFR etc is not behaviour that DNS clients see. If you care,
> there are co-programs that provide whatever interface features you want:
> that's how djbdns is constructed: division of responsibilities.
>
> > My coworkers operate various zones (notably including being
> > authoritative for the .org zone), and find it *staggeringly* valuable to
> > be able to do zone transfers. They find it a tad useful when they're
> > expected to keep that zones lit up 100% of the time.
>
> You clearly aren't the only ones in that situation. I expect that the
> large companies who use djbdns feel the same way.
>
> > There would be value to having more decent DNS server implementations
> > out there; suffice it to say there are certain vulnerabilities inherent
> > in monocultures...
>
> Exactly. I'm trying to foster diversity here, by suggesting that
> potential lisp-DNS implementators have a look at djbdns, which is nicely
> modular, fast, robust and easy to configure, instead of looking at the de-
> facto alternative, which (IMO) isn't.
>
> Cheers,
>
> --
> Andrew
lets not forget easy to use....I have people at work considering an
appliance since no one can configure bind (until i learn next week
since I can't get daemontoosl to compile on linux as a prereQ for
djbdns...)
On Jan 14, 8:24 am, gavino <·········@gmail.com> wrote:
> lets not forget easy to use....I have people at work considering an
> appliance since no one can configure bind (until i learn next week
> since I can't get daemontoosl to compile on linux as a prereQ for
> djbdns...)
I think if people are finding BIND hard to configure then you probably
have quite serious problems.
Andrew Reilly <···············@areilly.bpc-users.org> writes:
> On Thu, 10 Jan 2008 20:46:57 +0000, Christopher Browne wrote:
>
>> Tim Bradshaw <··········@tfeb.org> writes:
>>> On Jan 10, 12:18 am, Andrew Reilly <···············@areilly.bpc-
>>> users.org> wrote:
>>>
>>>> I'm a fan of djb's dnscache+tinydns, and an anti-fan of the BIND zone
>>>> file syntax. I don't miss zone files at all, and don't feel the lack
>>>> of the zone file transfer part of the spec. You really don't *have*
>>>> to deal with it, in order to have a working DNS server.
>>>
>>> Yeah, that's the spirit. Who gives a damn about standards anyway? So
>>> boring, just implement the interesting bits. Look how successful this
>>> trick has been for Linux, after all.
>>>
>>> Personally, I've never looked at djbdns because, well djb.
>
> Whatever. Clearly your milage may vary. It works for me, it
> appears to work for quite a lot (1.8 million according to DJB) of
> other sites. I'm far from a DNS expert, just a (very) small-scale
> user. It complies with the aspects of the standards that are
> visible to my client machines, and the other aspects are clearly
> only an issue for the organization involved.
>
>> If you want the *redundancy* that DNS had designed into, well,
>> AXFR/IXFR *do* matter.
>
> Only if you want redundancy against another BIND server. If you
> want redundancy against another tinydns server, then use the recipe
> associated with that. AXFR etc is not behaviour that DNS clients
> see. If you care, there are co-programs that provide whatever
> interface features you want: that's how djbdns is constructed:
> division of responsibilities.
s/another BIND server/another standards-compliant server/.
That DJB does not wish to consider certain RFCs to be standards isn't
my problem, nor should it properly be considered to be a way of
defining what is or isn't properly considered DNS.
>> My coworkers operate various zones (notably including being
>> authoritative for the .org zone), and find it *staggeringly* valuable to
>> be able to do zone transfers. They find it a tad useful when they're
>> expected to keep that zones lit up 100% of the time.
>
> You clearly aren't the only ones in that situation. I expect that the
> large companies who use djbdns feel the same way.
They don't see one iota as many zone changes as we do, so they haven't
got anything like the same issues.
>> There would be value to having more decent DNS server implementations
>> out there; suffice it to say there are certain vulnerabilities inherent
>> in monocultures...
>
> Exactly. I'm trying to foster diversity here, by suggesting that
> potential lisp-DNS implementators have a look at djbdns, which is nicely
> modular, fast, robust and easy to configure, instead of looking at the de-
> facto alternative, which (IMO) isn't.
The now-diversity of SMTP implementations provides some indication
that this is not forcibly a two-position matter.
It seems to me that you're presenting this as a False Dilemma
<http://en.wikipedia.org/wiki/False_dilemma>, that is, as being a
matter where there are only two possible positions, one being:
* BIND, being monolithic, and supporting AXFR/IXFR
* djbdns, being modular, not supporting AXFR/IXFR
I don't see anything precluding there being a *THIRD* position, namely
of there being a modular DNS server that supports AXFR/IXFR.
--
output = reverse("gro.mca" ·@" "enworbbc")
http://linuxfinances.info/info/wp.html
It's always darkest just before it gets pitch black.
Christopher Browne <········@ca.afilias.info> writes:
> * BIND, being monolithic, and supporting AXFR/IXFR
> * djbdns, being modular, not supporting AXFR/IXFR
>
> I don't see anything precluding there being a *THIRD* position, namely
> of there being a modular DNS server that supports AXFR/IXFR.
For what it's worth, djbdns supports AXFR just fine with the axfrdns
program.
Also, BIND's zone files do not conform to the specification.
Zach
On Jan 10, 12:46 pm, Christopher Browne <········@ca.afilias.info>
wrote:
> Tim Bradshaw <··········@tfeb.org> writes:
> > On Jan 10, 12:18 am, Andrew Reilly <···············@areilly.bpc-
> > users.org> wrote:
>
> >> I'm a fan of djb's dnscache+tinydns, and an anti-fan of the BIND zone
> >> file syntax. I don't miss zone files at all, and don't feel the lack of
> >> the zone file transfer part of the spec. You really don't *have* to deal
> >> with it, in order to have a working DNS server.
>
> > Yeah, that's the spirit. Who gives a damn about standards anyway? So
> > boring, just implement the interesting bits. Look how successful this
> > trick has been for Linux, after all.
>
> > Personally, I've never looked at djbdns because, well djb.
>
> If you want the *redundancy* that DNS had designed into, well,
> AXFR/IXFR *do* matter.
>
> My coworkers operate various zones (notably including being
> authoritative for the .org zone), and find it *staggeringly* valuable
> to be able to do zone transfers. They find it a tad useful when
> they're expected to keep that zones lit up 100% of the time.
>
> There would be value to having more decent DNS server implementations
> out there; suffice it to say there are certain vulnerabilities
> inherent in monocultures...
> --
> output = ("cbbrowne" ·@" "linuxdatabases.info")http://www3.sympatico.ca/cbbrowne/multiplexor.html
> Save your burned out bulbs for me, I'm building my own dark room.
whats a monoculture?
gavino <·········@gmail.com> writes:
> On Jan 10, 12:46 pm, Christopher Browne <········@ca.afilias.info>
> wrote:
>> There would be value to having more decent DNS server implementations
>> out there; suffice it to say there are certain vulnerabilities
>> inherent in monocultures...
> whats a monoculture?
What's a dictionnary?
--
__Pascal Bourguignon__
·························@anevia.com
http://www.anevia.com
gavino <·········@gmail.com> writes:
> On Jan 10, 12:46 pm, Christopher Browne <········@ca.afilias.info>
> wrote:
>> There would be value to having more decent DNS server implementations
>> out there; suffice it to say there are certain vulnerabilities
>> inherent in monocultures...
>
> whats a monoculture?
Only running Linux... is a monoculture.
Only running Windows... is a monoculture.
If a farmer grows only one crop, that is the typical example of a
monoculture. If the crop goes well, he does well. If that
monoculture turns out to be vulnerable to some problem, things may go
badly for him.
If 100 farmers are all growing identical seed, in identical ways, then
a single kind of attacking fungus/must/insect may successfully destroy
ALL their crops.
If, on the other hand, they have a diverse set of crops (even if that
be multiple sorts of wheat that are largely similar), the diversity
means that they are not all simultaneously vulnerable to the same
things.
Monocultures tend to be highly vulnerable. The innumerable security
problems on Windows express this very nicely.
By having multiple DNS implementations in place, on multiple
platforms, even if there turns out to be some horrible problem that
makes one OS vulnerable (remember the Ping of Death problem?), it is
at least hopeful that it will not affect all installations
identically, and thereby mitigate risks.
--
output = ("cbbrowne" ·@" "linuxdatabases.info")
http://cbbrowne.com/info/emacs.html
"With sufficient thrust, pigs fly just fine. However, this is not
necessarily a good idea. It is hard to be sure where they are going to
land, and it could be dangerous sitting under them as they fly
overhead." -- RFC 1925
On Jan 15, 10:18 am, Christopher Browne <········@ca.afilias.info>
wrote:
> gavino <·········@gmail.com> writes:
> > On Jan 10, 12:46 pm, Christopher Browne <········@ca.afilias.info>
> > wrote:
> >> There would be value to having more decent DNS server implementations
> >> out there; suffice it to say there are certain vulnerabilities
> >> inherent in monocultures...
>
> > whats a monoculture?
>
> Only running Linux... is a monoculture.
>
> Only running Windows... is a monoculture.
>
> If a farmer grows only one crop, that is the typical example of a
> monoculture. If the crop goes well, he does well. If that
> monoculture turns out to be vulnerable to some problem, things may go
> badly for him.
>
> If 100 farmers are all growing identical seed, in identical ways, then
> a single kind of attacking fungus/must/insect may successfully destroy
> ALL their crops.
>
> If, on the other hand, they have a diverse set of crops (even if that
> be multiple sorts of wheat that are largely similar), the diversity
> means that they are not all simultaneously vulnerable to the same
> things.
>
> Monocultures tend to be highly vulnerable. The innumerable security
> problems on Windows express this very nicely.
>
> By having multiple DNS implementations in place, on multiple
> platforms, even if there turns out to be some horrible problem that
> makes one OS vulnerable (remember the Ping of Death problem?), it is
> at least hopeful that it will not affect all installations
> identically, and thereby mitigate risks.
> --
> output = ("cbbrowne" ·@" "linuxdatabases.info")http://cbbrowne.com/info/emacs.html
> "With sufficient thrust, pigs fly just fine. However, this is not
> necessarily a good idea. It is hard to be sure where they are going to
> land, and it could be dangerous sitting under them as they fly
> overhead." -- RFC 1925
ok yes diversity is geat
On Jan 10, 2:17 am, Tim Bradshaw <··········@tfeb.org> wrote:
> On Jan 10, 12:18 am, Andrew Reilly <···············@areilly.bpc-
>
> users.org> wrote:
> > I'm a fan of djb's dnscache+tinydns, and an anti-fan of the BIND zone
> > file syntax. I don't miss zone files at all, and don't feel the lack of
> > the zone file transfer part of the spec. You really don't *have* to deal
> > with it, in order to have a working DNS server.
>
> Yeah, that's the spirit. Who gives a damn about standards anyway? So
> boring, just implement the interesting bits. Look how successful this
> trick has been for Linux, after all.
>
> Personally, I've never looked at djbdns because, well djb.
whats wrong with dan?
On Jan 9, 4:18 pm, Andrew Reilly <···············@areilly.bpc-
users.org> wrote:
> On Wed, 09 Jan 2008 09:04:34 -0800, Tim Bradshaw wrote:
> > On Jan 3, 11:07 pm, gavino <·········@gmail.com> wrote:
> >> bind looks painful
>
> > It's not particularly painful. Zone file syntax etc has its
> > obscurities, but That's part of the DNS stanrdard (in effect if not in
> > theory, but I think in theory too) so you have to deal with that anyway.
>
> I'm a fan of djb's dnscache+tinydns, and an anti-fan of the BIND zone
> file syntax. I don't miss zone files at all, and don't feel the lack of
> the zone file transfer part of the spec. You really don't *have* to deal
> with it, in order to have a working DNS server.
>
> If I were to build a lisp dns server, I'd model it after dnscache
> +tinydns, rather than any version of BIND.
>
> Cheers,
>
> --
> Andrew
I can get djbdns daemontools to compile on my linux box due to a TLS
error......I waiting for dan to repply now.....it seems a nice
implementation......
On Jan 9, 9:04 am, Tim Bradshaw <··········@tfeb.org> wrote:
> On Jan 3, 11:07 pm, gavino <·········@gmail.com> wrote:
>
> > bind looks painful
>
> It's not particularly painful. Zone file syntax etc has its
> obscurities, but That's part of the DNS stanrdard (in effect if not in
> theory, but I think in theory too) so you have to deal with that
> anyway.
I knew the standard had to be a problem, since simple name number
pairs seem so simple for computers to handle....