On Fri, Mar 09, 2001 at 12:09:20AM -0500, Peter Cavender wrote:
> > > > Briefly: No. The way DNS works does not lend itself to such things.
> > >
> > > Briefly, Yes. You just need to install a local DNS cache, such as
> > > dnscache, part of the djbdns package (http://cr.yp.to/djbdns.html). By
> > > installing a local cache/resolver, you can 1) get improved performance
> >
> > But named already does this. If you run a local nameserver, you already
> > get this by default. Even if you use someone else's name server, you
> > still get this, by default.
>
> Oh really? Running named gives better performance than running
> named? Can I apply this recursively?
Are you really THAT obtuse? My point was that named IS a
cache/resolver. Your statement "you can get improved performance" was
ambiguous at best... I'm sure you could get improved performance
using that rather than calling your friends and asking THEM what the
address is, but you never specified to what exactly it was that you
were comparing. Your sentence seems to suggest that you are comparing
having a caching server to not having a caching server. But it
certainly is anything but clear. My point was that named is a caching
resolver.
Since I haven't even been to their web page -- never mind
downloaded the software -- I can't say that you wouldn't get better
performance from DJB, but I doubt that it will be significant enough
for any of my users to notice a difference. Generally speaking,
loading a web page takes far longer than does getting the IP address
from our local caching DNS server, which happens to be running named.
> And how do you get this detailed resolution log info if you are using a
> 3rd party name server?
I never said you could. Solution: don't use a 3rd party's name server.
>>> 2) examine the log files to see the series of recursive queries
>>> necessary to resolve your lookup. DJB also has several tools that
>>> let you see the sequence of events in a resolution.
>>
>> But does it tell you which server DID answer (i.e. provide the
>> ultimate answer), or which servers MIGHT answer?
>
> The former.
And as I've already verified, I can find out the same by running named
in debug mode. So if I need to do this for some reason, I don't need
to download and learn a bunch of new tools, which as I've already
mentioned, I don't really have time for, since I already have one that
works. If named crashed on me all the time, or if it got my box
hax0r3d on a regular basis, I'd be listening to you, and I'd be right
over there downloading it. But that doesn't happen. Sure, you might
get hacked if you're careless, as some of us know from experience...
so don't be careless.
> > But, now that you mention it (and to answer Paul's question more
> > directly), I think you should be able to get this same information from
> > your local named by running it with debugging on... So no, you don't need
> > to install DJB
>
> No, you don't need to to use some of the tools, which I am sure you
> discovered. What did you think of the results? Impressive, huh?
Yes, I do find that named is quite impressive.
> > As for whether or not named is better or worse than your beloved DJB, I
> > have no idea, and I don't really care.
>
> That says it all.
Just exactly what do you think the "all" is that this says? That I'm
an inadequate human being, because I'm happy with the tool that I'm
already using which works just fine, and because I don't want to
embrace your pet replacement because I'm too busy to bother with it?
Well, if that's the case, then I guess I am an inadequate human
being. I can live with that.
> > At the present moment, I simply
> > don't have time to investigate, given that named is doing it's job,
>
> If it was you wouldn't be posting...
Actually I was posting to answer a question posted by someone else,
and to ask you a specific question about whether or not your
suggestion actually solves the problem of the original poster which by
the way, was not me). Since I happen to work with the OP and was
present at the discussion that prompted his post, I also know that he
was asking the question more out of curiosity than genuine need. My
name server is working perfectly fine, thank you.
I didn't realize it was a requirement of this list that something be
broken before you can post a question to it... I appologize for my
transgression thereof.
> > and I
> > have a giant plate full of other crap that I NEED to do...
> >
> > So please don't reply saying that DJB is better, because I don't care.
>
> Then indicate that it is a BIND question and not a DNS question, because
> then I wouldn't waste my time even attempting to help out.
I did not ask you not to provide a solution; I did not ask you not to
offer a suggestion of a DJB tool that might solve the OP's problem. I
asked you not to preach the surmon of DJB. You've already repeated
your position enough times that I don't think anyone on this list
could possibly not know what it is. I was hoping to avoid having that
discussion yet again...
> For a Linux mailing list I am floored at how many people sound like
> Microsoft apologists: "I don't care if it is buggy and insecure and
> inadequite and arcane, it's what everybody else is using".
I can't help but think these sound like the dying cries of a fanatical
OS/2 user... "Why won't anyone use my software? It's so much BETTER!"
Even if it's true, if no one is interested (and that does seem to be
the consensus among those who participated in the original thread,
discounting you and Kurth), does it matter?
There is value in using what everyone else uses; if you know how to
use what everyone uses, your skills are in more demand, and you can
command a higher salary. If I went to a job interview for a position
comparable to my own, and said, "uh, no, I don't know BIND, but I have
this really neat DJB thingy..." I'd be laughed right out of the
office.
For the record, I DO care that named has bugs and insecurities (and I
would find it extremely hard to swallow if you told me DJB never had a
bug). But I know BIND very well, and I've had to spend very little
time cleaning up after those problems; much less than I would need to
spend were I to learn a new implementation of DNS. In most cases, it
takes me all of 30 seconds to fix a security hole in BIND; just
upgrade the package. It would take me probably a few days to learn a
replacement. Time that I neither WANT nor NEED to spend that way.
It's a question of cost vs. reward. My non-priviledged configuration
of named is "secure enough" that it isn't worth my time to learn a
completely new tool. We make trade-offs in everything we do. This is
one that I've chosen to make, as have a lot of other people. The
benefit just doesn't seem to justify the cost. We've heard your
arguments. We get it. They're just not compelling enough... We
obviously feel that named does the job well enough and reliably enough
and securely enough that our already inadequate free time is better
spent some other way than downloading your favorite tool. Get over
it.
> In order to gain acceptance in this new Linux community, you have to
> pledge allegance to the folowing antiquated software packages: sendmale,
> BIND, wu-ftp, but oh-my-god you will get flamed if you use telnet. Hrmph.
If your response isn't a road map to ignite a flame war, I have no idea
how one would go about it... I've said all I'm going to say on this
thread.
--
All your base are belong to us!
Somebody set up us the bomb!
---------------------------------------------------
Derek Martin | Unix/Linux geek
[EMAIL PROTECTED] | GnuPG Key ID: 0x81CFE75D
Retrieve my public key at http://pgp.mit.edu
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
