Re: Securing bind..
Craig Sanders wrote:
> On Sun, Dec 30, 2001 at 07:31:30PM -0600, Michael D. Schleif wrote:
> > ``By combining all these tools, you can finally approach the
> > functionality of a trivial rsync script. Wow.''
> > Enough said . . .
> by throwing away all your existing zonefiles, DNS configuration, DNS
> tools and a bunch of features which djbdns doesn't support, you get to
> use rsync to transfer zonefiles around.
And, perhaps, your point?
Broken as many of them are, they still work quite well with djbdns,
thank you. I have nothing against bind, having setup various dns
servers over the years; rather, I'll opt for simplicity wherever I can
find it, if that simplicity is both functional and secure. To each his
own . . .
> an additional part of the price
> you pay is djb's moronic non-free software license
> and his rabid
> reinvent-the-wheel-as-a-square-because-it-wasn't-invented-here attitude.
As you know, the software does *not* espouse his nor anybody else's
views. So what?
If conformance to standards is interesting to you, then check this out.
If you are pleased with chasing the complexities inherent in overly
complex tools, then, please, keep them uptodate . . .
> big deal.
And, why would anybody want an overly complicated system to do something
that is really, really quite simple?
If you do, enjoy it; but, please, keep it uptodate and, somehow, get it
to conform to the standards that are agreed upon so that simpletons like
me can do something else with their lives, rather than be concerned over
the simplest function of networks -- name resolution ;>
> bind can do rsync zone transfers merely by writing a wrapper script for
> named-xfer. i've done it. it works.
That, too, is my point -- glad you found it . . .
Dare to fix things before they break . . .
Our capacity for understanding is inversely proportional to how much we
think we know. The more I know, the more I know I don't know . . .