Re: DNS servers

To: debian-isp@lists.debian.org
Subject: Re: DNS servers
From: "D. J. Bernstein" <djb@cr.yp.to>
Date: 21 Nov 2002 05:12:20 -0000
Message-id: <[🔎] 20021121051220.35683.qmail@cr.yp.to>
References: <[🔎] 20021120194326.5208.qmail@cr.yp.to> <[🔎] 20021121005421.GC4051@taz.net.au>

Craig Sanders writes:
  [ http://cr.yp.to/djbdns/blurb/easeofuse.html ]
> almost every bind solution ends with "Look for errors in your system's
> logs." but not one of the djbdns solutions does the same

What you fail to realize is that djbdns puts the errors on your screen,
in response to the command you just typed, right before the next prompt.
That's why the extra step of looking at logs is unnecessary for djbdns.

  [ zone files ]
> i have scripts and procedures in place to manage them.

Ah. Did it ever occur to you to mention this site-specific issue before
you made broad comments about the usability of djbdns? Did it ever occur
to you to ask for scripts that do the same thing with djbdns? What do
your scripts actually do?

> i can't see why it's so difficult to provide native support for
> bind zonefiles.

Because those files are in an unstable, horribly complicated format.
Crude parsing is easy, but reliable parsing is extremely difficult.

> 3. bind zonefiles are human readable.  tinydns-data zonefiles are not.

Let's try a simple example. I find

   =bear.heaven.af.mil:1.2.3.6
   @heaven.af.mil:1.2.3.4

much easier to read than

   bear.heaven.af.mil.   86400 IN A 1.2.3.6
   6.3.2.1.in-addr.arpa. 86400 IN PTR bear.heaven.af.mil
   heaven.af.mil.        86400 IN MX mx.heaven.af.mil
   mx.heaven.af.mil.     86400 IN A 1.2.3.4

and much less error-prone. Don't you?

> > Let's try a concrete example. With djbdns, to authorize clients with
> > IP address 10.*, you touch /service/dnscache/root/ip/10. With BIND,
> > you edit named.conf and add something to the allow-query line.
> yes.  a good example of something that you believe is easier but isn't.

You ask how to add notes: vi ip/10. You ask how to comment out entries:
mkdir ipbak; mv ip/10 ipbak. And so on.

But the more important point, again, is that the clean file format in
djbdns allows easy development of tools providing other user interfaces.
For example, a trivial script can combine the ip directory entries into
a file that looks like

   10       # local network
   #192.168 # not using this any more

for you to edit, after which it revises the directory accordingly. It
can support address ranges, or some fancy GUI, or automatic interaction
with other tools.

You assert that the djbdns configuration isn't ``any easier'' for
programs to parse than the BIND configuration. That's ludicrous.

---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science, University of Illinois at Chicago

Reply to:

Follow-Ups:
- Re: DNS servers
  - From: Craig Sanders <cas@taz.net.au>
- Re: DNS servers
  - From: Nate Campi <nate@campin.net>
- Re: DNS servers
  - From: "D. J. Bernstein" <djb@cr.yp.to>

References:
- Re: DNS servers
  - From: "D. J. Bernstein" <djb@cr.yp.to>
- Re: DNS servers
  - From: Craig Sanders <cas@taz.net.au>

Prev by Date: Re: DNS servers
Next by Date: Re: DNS servers
Previous by thread: Re: DNS servers
Next by thread: Re: DNS servers
Index(es):
- Date
- Thread