Hi, On Wed, Nov 20, 2002 at 06:08:13PM +0100, Russell Coker wrote: > On Wed, 20 Nov 2002 16:51, Adriano Nagelschmidt Rodrigues wrote: > > I think the idea here is to have a file format that can be easily updated > > by scripts. For example, a script can monitor a cluster of web servers and > > change '+' to '-' in the record of a server that is down. > > Is that any easier or more difficult than doing an equivalent operation for > the standard format? > > Having an entire zone file generated by M4 with a Makefile is not so > difficult... getting m4 to work correctly is much more difficult than this. If you don't know m4, then it's really hard - imho. Also, this is only the smaller part of the benefit, and you can easily find the offending record using something as basic as 'grep'. The real benefit is that you can regenerate the "zone file" that the name server use and don't need to HUP BIND which then will take it's time to find out what's happened. > Yes, habit multiplied by hundreds (or thousands) of domains becomes difficult > to break! Take your time to try it out and adapt if you find it suitable. There's no force behind you. > > This can be easily automated for thousands of zones. > True. But "cp" is easier... Not much - you're doing it across a network, and afterwards need to reload the server on the other side. Did you ever get hanging zone transfers and inconsistent answers as a result? Or did you ever see your named break because there was one syntax error left in one of your zone files? > DJB is good at devising new ways of solving problems. But it would be handy > if he restricted his new ways to the things that actually need it rather than > replacing things unnecessarily. So what's the gauge for that? When is something in need of being replaced? > Also having a replacement as an option with the alternative of using the > traditional method is good. Hmmm. What about the difference of configuring the following programs (none of them takes each other's config (or data!) files for sure): Squid vs. Apache vs. wwwoffle inn vs. diablo vs. CNews Apache vs. Roxen vs. Zope Postfix vs. Smail vs. Zmailer MySQL vs. PostgreSQL vs. Interbase vs. Adabas The point is that there is no such thing as a "traditional" way, only that some fields took longer to develop a selection of alternatives. Demanding compatibility between the various applications on their backend's side is wrong. How do you want to innovate if you are forced to carry along a load of habits that don't fit with your needs? Do we need to be the KDE configuration compatible with twm's? > Qmail does everything different and DJB doesn't accept patches to rectify > this. I went from Sendmail to Qmail to Postfix. Sendmail to Qmail only gave > me Maildir as a new feature, later on when all software supported Maildir I > was glad to quit using Qmail. Ugh. What settings have you? Sendmail to qmail gave me more security, more performance, more reliability, fewer config errors, MUCH better load control, much better relay control, and also Maildirs. > That's nice for him. I'll stick to software that meets the DFSG and which has > the features I need. I'd prefer his software to meet the DFSG as well, and would like to see software in Debian that meet my operational needs, too. But that's currently not always the case. > What security problems does syslogd have? It's performance generally isn't a > problem if you use the "-" option on some of the busy log files. For me, syslog foremost has a performance and reliability problem. Using '-' in front of log files just makes it more obscure and less suitable to read the important files while debugging. multilog (DJB's logger in daemontools) has no such problems and also includes some of the functionality retrofitted to "standard" Unices with logrotate. His key arguments always center around reliability and security, and he has done a very good job of it. As for the desires in functionality, there's a load of patches that are self-commenting in this respect... > Been there, done that, ran screaming back to inetd. ;) Yuck. Who was the co-maintainer of SE-Linux? Best, --Toni++
Attachment:
pgpICIKD9Epoi.pgp
Description: PGP signature