Re: DNS servers
On Thu, 21 Nov 2002 17:53, Toni Mueller wrote:
> > I DO NOT WANT TO CONVERT MY ZONE FILES. I WANT TO USE THEM AS-IS.
> There is only one Unix way to use them (fortunately), and that's BIND.
There is also nsd. I've spent about 10 minutes playing with nsd and it looks
very promising, I've put in some bind zone files and they work. It was
written with the sole aim of making a secure authoritative name server that
uses bind zone files.
I expect I'll be running all my primary servers on nsd in the next few weeks,
and maybe all my secondaries too.
> No, all other Unix DNS software I am aware of can't do it as well.
> There could be a reason in _that_. How do you think about the
> multitude of SQL- and LDAP-backed DNS- (or anything-) servers out
> there? That's all crap because they don't work with BIND zone files
> and sendmail.cf?
LDAP or SQL backed DNS isn't an option unless performance is not required. A
LDAP or SQL query takes far longer than I want my DNS lookups to take.
However writing a script that does an SQL or LDAP query to produce name server
config files is easy enough.
For big zones using the BIND format of zone file allows using rsync instead of
zone transfers to transfer zones.
> Then you know the value of a lab, and if you're worth your money, you
> have one, too. No need to break production systems. Take your time to
> check it out beforehand...
Of course that plan doesn't work so well if you are hired by a company that
doesn't see the value of a lab and provides no decent resources for testing.
There was one time I was setting up some fully loaded E4500 machines as LDAP
servers and I had to use my Thinkpad for some tests because there was nothing
else that I could use. A Thinkpad running Linux is not much good for testing
the client and server sides of an operation that will be deployed on an
E4500, but it was the best I had.
> Me too. So you've tested all things thoroughly in your lab, then
> roll the change out. What's the problem?
The problem for me is that I have only twice worked for compies which had a
lab (AFAIK - some of the companies were big enough that they must have had a
lab somewhere, but I wasn't given access to it). Of the two times I worked
for companies that had a lab, only once was I allowed to use it, and on that
occasion I had no machines other than my Thinkpad for simulating client
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page