Re: DNS servers

To: Toni Mueller <toni@debian.org>
Cc: debian-isp@lists.debian.org
Subject: Re: DNS servers
From: Craig Sanders <cas@taz.net.au>
Date: Fri, 22 Nov 2002 10:23:32 +1100
Message-id: <[🔎] 20021121232332.GJ13484@taz.net.au>
In-reply-to: <[🔎] 20021121171315.12562.qmail@oak.oeko.net>
References: <[🔎] 20021120194326.5208.qmail@cr.yp.to> <[🔎] 20021121005421.GC4051@taz.net.au> <[🔎] 20021121171315.12562.qmail@oak.oeko.net>

On Thu, Nov 21, 2002 at 06:13:15PM +0100, Toni Mueller wrote:
> On Thu, Nov 21, 2002 at 11:54:21AM +1100, Craig Sanders wrote:
> > On Wed, Nov 20, 2002 at 07:43:26PM -0000, D. J. Bernstein wrote:
> > > Craig Sanders writes:
> > > > nobody with more than a handful of domains is going to throw everything
> > > > away and convert to a new nameserver program
> > > Five of the top ten domain-hosting companies on the Internet---including
> > > Namezero, the largest---have switched to djbdns (tinydns) to publish
> > > their domains.
> > good for them.  i'm not going to blindly follow.
> 
> sorry, but this is getting stupid. You're going to blindly stay where
> you are.

if you call evaluating djbdns on several machines over several months
"blindly", then i suppose you must be right.

> > i've read these.  they document a procedure that i don't want to
> > perform.
> 
> Must be a real challenge...

no, it's not at all difficult.  i just think it's the wrong thing to do.
i've given my reasons for that often enough that i'm not going to waste
my time repeating them here.

> > 1. i already have them, and i have scripts and procedures in place to
> > manage them.  i want a better name server, but not at the price of
> > throwing away my existing stuff.
> 
> You can keep these as a backup.

a non-functional backup, i.e. cruft.

useful only until enough has changed in the tinydns zonefiles that it's
a pain to revert back.  which means i have, at most, a few days to
determine whether djbdns is performing well enough on production
servers.

> > 2. i already know the quirks of bind zonefiles.  i see no reason to
> > learn a new set of quirks when there aren't any benefits in doing so.
> 
> There are no quirks.

of course there are quirks.

> > 3. bind zonefiles are human readable.  tinydns-data zonefiles are not.
> 
> Wrong. Takes 15 minutes to learn.

they are not difficult to learn.  they are just ugly and difficult to
read.

> > 5. there's no converter from djbdns back to bind zonefiles(*) so
> > switching to djbdns doesn't leave me the option to back out if
> > anything goes wrong unless i discover the problem before i start
> > updating zones.  i'm paranoid about software changes, i don't like
> > making ANY radical change that provides no way to back out.
> 
> Wrong again. You convert your BIND zone files to tinydns-data format
> by doing a zone transfer from a live BIND server.  You can convert
> your modified zone data back the same way - having a BIND server doing
> AXFRs from a tinydns/axfrdns combo (which you'd set up anyway).

can't you read?  i already said that a zone transfer isn't good enough
because it loses all human-readable formatting and comments, and it
changes the order of entries.

what you get out of a zone transfer is NOT the same as the original.

> > (*) the output of named-xfer isn't good enough.  it loses all
> > human-readable formatting and comments, and changes the order of
> > entries.
> 
> These should be kept elsewhere anyway, 

no, they should not.  comments belong in the file that they are
commenting upon.  if they're somewhere else, they are documentation, not
comments.

> and you can also place comments in a tinydns-data file. 

this "just do it djb's way" mantra is really tiresome.  i don't want to
do it his way, i want to do it my way - my way has worked for me for
years.  i've tried djb's way and i don't like it.

> If you followed the advice to place the data for each domain in their
> individual files, you've got little to worry about... eg I manage my
> data working from a set of files like "domain1.com", "domain2.com"...
> and so on.  Really black magic rocket science, that is.

nice to know that even djb can spot the bleeding obvious on occasion -
one zonefile per domain, a good idea.

> > 6. i can't see why it's so difficult to provide native support for
> > bind zonefiles.  your software already converts xfer-ed zones on the
> > fly, why can't it read named.conf (or just a list of zonefiles) and
> > import the listed bind zonefiles from local disk into the .cdb
> > database?
> 
> What about using your genius and wisdom to develop a patch that
> retrofits this ability to djbdns and post it to
> www.lifewithdjbdns.org, instead of whining all day that Dan won't
> waste his time on such waste?

1. as i've said before, i have never demanded that DJB implements this.
he asked me a direct question wanting to know why i felt that backwards
compatibility with bind zonefiles was an essential feature in any bind
replacement.  i gave him a detailed answer.  the answer that you are
responding to in this message.

i.e. he wanted to know, i told him.  end of story.

some morons, however, have decided to interpret that exchange as me
"whining all day" demanding that he implement exactly what i want.

2. i've got no interest in working on any project with or submitting any
patches to DJB.  there is no point.  he doesn't listen to anything which
doesn't agree 100% with his prejudices, at most he uses alternate
viewpoints as a platform to preach about why things that have worked
well for you for years are broken and wrong and that everything would be
perfect if only you'd see the light and follow his One True Way.

> > in your opinion.  i prefer editing a config file.  i don't want the
> > mere existence of a file in a directory to be magic.  i want the
> > ability to leave old rules commented out in a config file - this
> > makes it easy to trial something because i can quickly revert if it
> > doesn't work.  i want
> 
> You can remove the offending magic file immediately if you don't like
> it. 'rm' is your friend...

and thus switch off that option, without leaving any trace of what the
option was or why/when it was turned off.

you really don't get it, do you?  or are you just being glib to be
annoying?

> > to be able to manage changes with RCS.  i also want the ability to
> 
> Perhaps you might want to switch to CVS, or is this also an
> incompatible evil way of doing things? (No, I don't hear "Subversion"
> in the background for the sake of this discussion).

RCS works well enough for this task (managing config files).

nothing wrong with CVS or subversion or similar tools.

craig

-- 
craig sanders <cas@taz.net.au>

Fabricati Diem, PVNC.
 -- motto of the Ankh-Morpork City Watch

Reply to:

References:
- Re: DNS servers
  - From: "D. J. Bernstein" <djb@cr.yp.to>
- Re: DNS servers
  - From: Craig Sanders <cas@taz.net.au>
- Re: DNS servers
  - From: Toni Mueller <toni@debian.org>

Prev by Date: Re: DNS servers
Next by Date: Re: DNS servers
Previous by thread: Re: DNS servers
Next by thread: Trendmicro InterScan VirusWall on Woody
Index(es):
- Date
- Thread