Re: DNS servers

To: toni@debian.org, Craig Sanders <cas@taz.net.au>
Cc: debian-isp@lists.debian.org
Subject: Re: DNS servers
From: Russell Coker <russell@coker.com.au>
Date: Thu, 21 Nov 2002 18:55:52 +0100
Message-id: <[🔎] 200211211855.52940.russell@coker.com.au>
Reply-to: Russell Coker <russell@coker.com.au>
In-reply-to: <[🔎] 20021121165337.12156.qmail@oak.oeko.net>
References: <[🔎] 200211191534.42116.russell@coker.com.au> <[🔎] 20021121024214.GH4051@taz.net.au> <[🔎] 20021121165337.12156.qmail@oak.oeko.net>

On Thu, 21 Nov 2002 17:53, Toni Mueller wrote:
> > I DO NOT WANT TO CONVERT MY ZONE FILES.  I WANT TO USE THEM AS-IS.
>
> There is only one Unix way to use them (fortunately), and that's BIND.

There is also nsd.  I've spent about 10 minutes playing with nsd and it looks 
very promising, I've put in some bind zone files and they work.  It was 
written with the sole aim of making a secure authoritative name server that 
uses bind zone files.

I expect I'll be running all my primary servers on nsd in the next few weeks, 
and maybe all my secondaries too.

> No, all other Unix DNS software I am aware of can't do it as well.
> There could be a reason in _that_. How do you think about the
> multitude of SQL- and LDAP-backed DNS- (or anything-) servers out
> there? That's all crap because they don't work with BIND zone files
> and sendmail.cf?

LDAP or SQL backed DNS isn't an option unless performance is not required.  A 
LDAP or SQL query takes far longer than I want my DNS lookups to take.

However writing a script that does an SQL or LDAP query to produce name server 
config files is easy enough.

For big zones using the BIND format of zone file allows using rsync instead of 
zone transfers to transfer zones.

> Then you know the value of a lab, and if you're worth your money, you
> have one, too. No need to break production systems. Take your time to
> check it out beforehand...

Of course that plan doesn't work so well if you are hired by a company that 
doesn't see the value of a lab and provides no decent resources for testing.

There was one time I was setting up some fully loaded E4500 machines as LDAP 
servers and I had to use my Thinkpad for some tests because there was nothing 
else that I could use.  A Thinkpad running Linux is not much good for testing 
the client and server sides of an operation that will be deployed on an 
E4500, but it was the best I had.

> Me too. So you've tested all things thoroughly in your lab, then
> roll the change out. What's the problem?

The problem for me is that I have only twice worked for compies which had a 
lab (AFAIK - some of the companies were big enough that they must have had a 
lab somewhere, but I wasn't given access to it).  Of the two times I worked 
for companies that had a lab, only once was I allowed to use it, and on that 
occasion I had no machines other than my Thinkpad for simulating client 
access.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

Follow-Ups:
- Re: DNS servers
  - From: Craig Sanders <cas@taz.net.au>
- Re: DNS servers
  - From: Toni Mueller <toni@debian.org>

References:
- DNS servers
  - From: Russell Coker <russell@coker.com.au>
- Re: DNS servers
  - From: Craig Sanders <cas@taz.net.au>
- Re: DNS servers
  - From: Toni Mueller <toni@debian.org>

Prev by Date: Re: DNS servers
Next by Date: Re: DNS servers
Previous by thread: Re: DNS servers
Next by thread: Re: DNS servers
Index(es):
- Date
- Thread