[SATLUG] djbdns slave to bind

Travis H. solinym at gmail.com
Sat Oct 21 02:01:16 CDT 2006 

On 9/27/06, Justizin <justizin at siggraph.org> wrote:
> > Most people run more software packages than OSes, so for most
> > people I would think consistency within the OS is more important.
> > Basically DJB is being lazy and non-standard.
>
> I disagree with this entirely.

With the fact that most people run more software packages than OSes,
or that DJB is being lazy and non-standard?

When I say non-standard, I'm not referring to BIND.  I'm referring to
how you start and stop the utililties (no init.d?  /sbin/service
doesn't work?), where they run from (/service?  What if root is
read-only?), how it logs failures, how it integrates into the startup
script sequence (it doesn't, and often one resorts to running it after
everything else, which leads to service failures since DNS isn't up
yet), and so on.

> who often moderate DJB's bitching

Of which there is plenty...

> Anyway, the stuff is not lazily written.  It has a personal $1000
> security guarantee which hasn't been paid out in many years.

It's $500 by the way.  In fact, both DJB and Wietse Venema have found
problems in each other's software, and DJB has refused to pay up.
Whether or not the problems constitute a "security problem" is fairly
subjective, he has clarified the criteria a bit, but let's just say
that while he has no problem talking about the bugs in other stuff, he
doesn't appear to have any pages on the merits of bugs in _his_ stuff,
or at least they aren't placed prominently enough for me to find.

That having been said, I hate BIND.  The zone files are ridiculously
picky syntax, and the "seperate caches and servers" makes perfect
sense to me, although I may not want to have 4 servers up all the time
just to keep DNS working.  Yes, you can use IP aliases.

tinydns does have its limitations though, like not being able to CNAME
to an A record, instead having to expand everything to IP addresses.
So it's hard to create shorthands, like you can in BIND or, say,
/etc/aliases (postmaster goes to root, root goes to travis).  You
can't reassign things in a group.... still, I like the on-disk format
of his databases.

> > I use some ports thingies which fix up his code to be consistent with
> > the OS... they can distribute those, because it contains no DJB code.
>
> FWIW, the whole reason you can't redistribute DJB's code in binary
> format goes against the lazy statement.  DJB is saying:
>
>   "Here is the source code to POSIX-ish software which should perform
> as expected.  I want you to download the source code from me, so that
> you know it isn't arbitrarily patched."

i don't follow... DJB wants there to be one interface to his programs,
so that he only has to write one piece of documentation.  And there's
a ton of patches floating around, that he refuses to incorporate into
the source (perhaps with good reason, I don't know), and so people
can't patch it and redistribute it as, you know, packages that you
could get through yum or apt or whatever floats your boat.  The best
you can do is a bit more complicated, distribute a package that
downloads his code, patches it, builds it, etc.

I fail to see how his rationale refutes the lazy adjective.  He's
forcing everyone to compile from source, to save effort on his part.
-- 
"It's not like I'm encrypting... it's just that my communications
developed a massive entropy deficiency." -><-
<URL:http://www.subspacefield.org/~travis/>
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066  151D 0A6B 4098 0C55 1484

More information about the SATLUG mailing list