Re: Debian/Ubuntu: Why was the service renamed from bind9 to named?
Just for the record here are the release dates for each maintenance series. 9.0.0 2000-09-16 (one off - marked not for production) 9.1.0 2001-01-18 - 9.1.3 2001-07-03 (6 months) 9.2.0 2001-11-25 - 9.2.9 2007-09-25 (5 years 10 months) 9.3.0 2004-09-22 - 9.3.6 2008-11-19 (4 years 2 months) 9.4.0 2007-02-23 - 9.4.3 2008-11-19 - 9.4-ESV-R5 2011-08-01 (4 years 6 months) 9.5.0 2008-05-29 - 9.5.2 2009-09-23 (1 year 3 months) 9.6.0 2008-12-23 - 9.6.3 2011-02-04 - 9.6-ESV-R11 2014-01-31 (5 years 2 months) 9.7.0 2010-02-16 - 9.7.7 2012-10-09 (2 years 8 months) 9.8.0 2011-03-01 - 9.8.8 2014-09-29 (3 years 6 months) 9.9.0 2012-02-29 - 9.9.13 2018-07-11 (6 years 4 months, ESV) 9.10.0 2014-04-30 - 9.10.8 2018-07-11 (4 years 3 months) 9.11.0 2016-10-04 - 9.11.21 2020-07-15 (Current Stable, ESV) 9.12.0 2018-01-23 - 9.12.4 2019-03-01 (1 year 2 months) 9.13.0 2018-05-25 - 9.13.7 2019-02-27 (development) 9.14.0 2019-03-22 - 9.14.12 2020-05-19 (1 year 2 months) 9.15.0 2020-03-06 - 9.15.8 2020-01-22 (development) 9.16.0 2020-03-06 - 9.16.5 2020-07-15 (Current Stable, (should be future ESV)) 9.17.0 2020-03-18 - 9.17.3 2020-07-15 (current development) ESV = Extended Support Version > On 21 Jul 2020, at 09:05, Mark Andrews wrote: > > > >> On 21 Jul 2020, at 03:45, Ted Mittelstaedt wrote: >> >> >> >> On 7/17/2020 11:35 AM, John W. Blue wrote: >>> Speaking about things to be annoyed over .. >>> >>> I am still ticked that FreeBSD dropped BIND from the distribution for >>> something called unwinding or whatever it is. >>> >> >> I'm not happy that happened either but the simple fact is that if BIND would >> quit dropping support so fast for it's older versions that never would have >> happened. The fundamental problem was that BIND dropped support for it's >> older versions before the distros dropped support for their distros. This >> is happening with a lot of other software packages. > > There where lots of things happening at the time. There was misinformation > propagated to *BSD that BIND 9 going away much faster that any plans we had. > BIND 10 (now defunct) hadn’t even reached feature parity with BIND 9 which > was still being developed because the DNS protocol is still be developed. > > As for support life times. BIND 9.17 will load most BIND 8.0 configurations. > Thats 20+ years of backwards compatibility. > > Distributions also need to look at their own practices. They ask us to > supply long term support but do not actually integrate the maintenance > releases but instead cherry-pick just the security fixes. Maintenance is not > just security fixes. That means that we keep seeing bug reports that need to > be diagnosed about bugs we have fixed years ago. That really isn’t a good > use of peoples time. Not ours, not the distributions maintainers nor the > users time. Is there little wonder that we stop producing bug fixes releases > for old version when the distributions don’t use them? > >> When FreeBSD was used mostly for servers it wasn't a problem. But more >> and more people are using it for desktop use where they want to basically >> install it and forget about it, never run patches, never give >> a fig about security. Simpler programs like Unbound have less code >> and so less things to go wrong, need less patches, and are easier to >> support for a longer period of time so they get supported for a longer >> period of time. Also, Unbound's main purpose in life is as a caching >> dns program. Nobody who runs a server on FreeBSD uses Unbound. >> >> Ted >> >>> John >>> >>> -Original Message- >>> From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Ted >>> Mittelstaedt >>> Sent: Friday, July 17, 2020 12:57 PM >>> To: bind-users@lists.isc.org >>> Subject: Re: AW: Debian/Ubuntu: Why was the service renamed from bind9 to >>> named? >>> Your personal experience is not the gobal truth. It is your opinion but other experienced pepole see it different than you. >>> >>> Hmm I'm a bit late to this discussion but I will chime in with the others. >>> The service always was called "named" pronounced "name Dee" >>> it was called that in the Nutshell book which is easily the authoritative >>> book on the subject, it was called this before you were born and it was >>> kind of the height of hubris for it to ever be named >>> bind9 in a software distro. >>> >>> In fact, the ONLY reason that the name "bind9" was ever even coined at all >>> was because the changes from bind8 both in the syntax of the config file >>> and how the program operated they wanted to boot admins in the behind to >>> get them to change their config files. It should have been put to bed as a >>> name a long time ago, or named "bind version 9" like every other software >>> program does with their versions. >>> >>> So as an experienced person who has been doing this you-nuxs thing since >>> 1982 - I DON'T see it different - and in fact, I see it as
Re: Debian/Ubuntu: Why was the service renamed from bind9 to named?
> On 21 Jul 2020, at 03:45, Ted Mittelstaedt wrote: > > > > On 7/17/2020 11:35 AM, John W. Blue wrote: >> Speaking about things to be annoyed over .. >> >> I am still ticked that FreeBSD dropped BIND from the distribution for >> something called unwinding or whatever it is. >> > > I'm not happy that happened either but the simple fact is that if BIND would > quit dropping support so fast for it's older versions that never would have > happened. The fundamental problem was that BIND dropped support for it's > older versions before the distros dropped support for their distros. This is > happening with a lot of other software packages. There where lots of things happening at the time. There was misinformation propagated to *BSD that BIND 9 going away much faster that any plans we had. BIND 10 (now defunct) hadn’t even reached feature parity with BIND 9 which was still being developed because the DNS protocol is still be developed. As for support life times. BIND 9.17 will load most BIND 8.0 configurations. Thats 20+ years of backwards compatibility. Distributions also need to look at their own practices. They ask us to supply long term support but do not actually integrate the maintenance releases but instead cherry-pick just the security fixes. Maintenance is not just security fixes. That means that we keep seeing bug reports that need to be diagnosed about bugs we have fixed years ago. That really isn’t a good use of peoples time. Not ours, not the distributions maintainers nor the users time. Is there little wonder that we stop producing bug fixes releases for old version when the distributions don’t use them? > When FreeBSD was used mostly for servers it wasn't a problem. But more > and more people are using it for desktop use where they want to basically > install it and forget about it, never run patches, never give > a fig about security. Simpler programs like Unbound have less code > and so less things to go wrong, need less patches, and are easier to > support for a longer period of time so they get supported for a longer > period of time. Also, Unbound's main purpose in life is as a caching > dns program. Nobody who runs a server on FreeBSD uses Unbound. > > Ted > >> John >> >> -Original Message- >> From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Ted >> Mittelstaedt >> Sent: Friday, July 17, 2020 12:57 PM >> To: bind-users@lists.isc.org >> Subject: Re: AW: Debian/Ubuntu: Why was the service renamed from bind9 to >> named? >> >>> >>> Your personal experience is not the gobal truth. It is your opinion but >>> other experienced pepole see it different than you. >>> >> >> Hmm I'm a bit late to this discussion but I will chime in with the others. >> The service always was called "named" pronounced "name Dee" >> it was called that in the Nutshell book which is easily the authoritative >> book on the subject, it was called this before you were born and it was kind >> of the height of hubris for it to ever be named >> bind9 in a software distro. >> >> In fact, the ONLY reason that the name "bind9" was ever even coined at all >> was because the changes from bind8 both in the syntax of the config file and >> how the program operated they wanted to boot admins in the behind to get >> them to change their config files. It should have been put to bed as a name >> a long time ago, or named "bind version 9" like every other software program >> does with their versions. >> >> So as an experienced person who has been doing this you-nuxs thing since >> 1982 - I DON'T see it different - and in fact, I see it as a RETURN to what >> it originally was! >> >> Ted >> ___ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >> unsubscribe from this list >> >> ISC funds the development of this software with paid support subscriptions. >> Contact us at https://www.isc.org/contact/ for more information. >> >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users >> ___ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >> unsubscribe from this list >> >> ISC funds the development of this software with paid support subscriptions. >> Contact us at https://www.isc.org/contact/ for more information. >> >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour
Re: AW: Debian/Ubuntu: Why was the service renamed from bind9 to named?
Sorry about that, the email might've been a bit too emotionally loaded. The issues pile up.. and that's eventually the result. I'm not using FreeBSD anywhere anymore but found some resources online suggesting that the package name is bind916. The closest I could find to unwinded is Unbound which apparently is what replaced BIND in FreeBSD and OpenBSD. Is this the case? Generally speaking all I'd ask for is consistency. Currently that does not appear to be present anywhere. Everyone gives things their own (new) names even if they're supposed to describe the same thing. It's extremely confusing. On 7/20/20 9:05 PM, Ted Mittelstaedt wrote: On 7/20/2020 11:23 AM, Michael De Roover wrote: If that is true, I hereby lost all faith in humanity.. well whatever faith I had left. This has been going on for like half a decade now. Nobody ever went broke catering to the human desire for ease ___ -- Met vriendelijke groet / Best regards, Michael De Roover ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: AW: Debian/Ubuntu: Why was the service renamed from bind9 to named?
On 7/20/2020 11:23 AM, Michael De Roover wrote: If that is true, I hereby lost all faith in humanity.. well whatever faith I had left. This has been going on for like half a decade now. Nobody ever went broke catering to the human desire for ease ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: AW: Debian/Ubuntu: Why was the service renamed from bind9 to named?
If that is true, I hereby lost all faith in humanity.. well whatever faith I had left. This has been going on for like half a decade now. A few weeks ago I saw here on the list someone suggesting that BIND is a reference to bondage in BDSM, so perhaps it has to do with that... Lest we forget that BIND is an abbreviation for Berkeley Internet Name Domain. Software made at Berkeley, to serve domain names on the internet. The name is pretty descriptive about its intended purpose I would say. Perfectly fine! Just because an abbreviation coincidentally becomes the same as a word in another context doesn't mean that it suddenly /became/ that word. Western languages simply don't have enough characters and words to make everything unique and special. And the best part is.. banning certain words from general usage (for rather odd reasons) only exacerbates that problem. But with that said, if BSD thinks that BIND stands for bondage, I suggest that BSD drops the D because it's clearly a reference to criminally masculine dicks. Everything else is bullshit. (My apologies if bad words are disallowed here, but I had to get this off my chest) Back to the thread's original topic, I happened to be configuring BIND on Alpine yesterday. I was pleased to see that the package in Alpine is simply called "bind". The service file in /etc/init.d is called "named". While those decisions are entirely up to the distribution vendors, I also think that version numbers don't really belong in the name of a piece of software. However even upstream the repository is called "bind9"... The branch name has already changed, so perhaps the same could be done for the repository name? On 7/17/20 8:35 PM, John W. Blue wrote: Speaking about things to be annoyed over .. I am still ticked that FreeBSD dropped BIND from the distribution for something called unwinding or whatever it is. John -- Met vriendelijke groet / Best regards, Michael De Roover ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: AW: Debian/Ubuntu: Why was the service renamed from bind9 to named?
On 7/17/2020 11:35 AM, John W. Blue wrote: Speaking about things to be annoyed over .. I am still ticked that FreeBSD dropped BIND from the distribution for something called unwinding or whatever it is. I'm not happy that happened either but the simple fact is that if BIND would quit dropping support so fast for it's older versions that never would have happened. The fundamental problem was that BIND dropped support for it's older versions before the distros dropped support for their distros. This is happening with a lot of other software packages. When FreeBSD was used mostly for servers it wasn't a problem. But more and more people are using it for desktop use where they want to basically install it and forget about it, never run patches, never give a fig about security. Simpler programs like Unbound have less code and so less things to go wrong, need less patches, and are easier to support for a longer period of time so they get supported for a longer period of time. Also, Unbound's main purpose in life is as a caching dns program. Nobody who runs a server on FreeBSD uses Unbound. Ted John -Original Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Ted Mittelstaedt Sent: Friday, July 17, 2020 12:57 PM To: bind-users@lists.isc.org Subject: Re: AW: Debian/Ubuntu: Why was the service renamed from bind9 to named? Your personal experience is not the gobal truth. It is your opinion but other experienced pepole see it different than you. Hmm I'm a bit late to this discussion but I will chime in with the others. The service always was called "named" pronounced "name Dee" it was called that in the Nutshell book which is easily the authoritative book on the subject, it was called this before you were born and it was kind of the height of hubris for it to ever be named bind9 in a software distro. In fact, the ONLY reason that the name "bind9" was ever even coined at all was because the changes from bind8 both in the syntax of the config file and how the program operated they wanted to boot admins in the behind to get them to change their config files. It should have been put to bed as a name a long time ago, or named "bind version 9" like every other software program does with their versions. So as an experienced person who has been doing this you-nuxs thing since 1982 - I DON'T see it different - and in fact, I see it as a RETURN to what it originally was! Ted ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Debian/Ubuntu: Why was the service renamed from bind9 to named?
> And for what it's worth, not all systems moved away from "named" to > "bind9". I've been running FreeBSD for decades, and I can't remember > ever calling the service "bind9". No one ever calls named anything other than named. In a sane world. -- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken GreyBeard and suspenders optional ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Debian/Ubuntu: Why was the service renamed from bind9 to named?
On Sun, Jul 19, 2020 at 7:06 AM @lbutlr wrote: > On 17 Jul 2020, at 11:56, Ted Mittelstaedt wrote: > > In fact, the ONLY reason that the name "bind9" was ever even coined > > at all was because the changes from bind8 both in the syntax of the > > config file and how the program operated they wanted to boot admins > > in the behind to get them to change their config files. > > This. Exactly this. Well, one minor bit of clarification is important. While highlighting the significant change in software might have been the motivation for why some installers chose to go with the name bind9 in place of named in some contexts, it was also a major design goal of BIND9 that it could run as a drop-in replacement for BIND8 on most configurations. It achieved this goal. The basic syntax was unchanged and configuration behavior was largely the same but for a little bit around the edges. And for what it's worth, not all systems moved away from "named" to "bind9". I've been running FreeBSD for decades, and I can't remember ever calling the service "bind9". ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS error, from a newbee to the real experts..
Hi Josh, Thanks for your answer, it made me go trough all the config again, just to make sure that it wasnt pointing to the authoritative server anywhere but in the configuration of the recursive server I saw that "“recursion requested but not available" when i send the query against the authoritative. Kind a expected that, since it aint allowed to do recursion. as requested i made the dig on the the authoritative server i get the correct answer, so i expect it has loaded the zonefiles correctly. ns2:/home/weeltin# dig @127.0.0.01 example.home ; <<>> DiG 9.14.12 <<>> @127.0.0.01 example.home ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45487 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: b9129ece5d9fbc3e6f01a2215f15a461388d4af048be37fa (good) ;; QUESTION SECTION: ;example.home. IN A ;; AUTHORITY SECTION: example.home. 604800 IN SOA ns2.example.home. hostmaster.example.home. 2 604800 86400 2419200 604800 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Jul 20 14:04:17 UTC 2020 ;; MSG SIZE rcvd: 120 just to be sure, i rand the dig command again on my client [weeltin@c1 ~]$ dig c1.example.home ; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> c1.example.home ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1787 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 862cc48a975a32a324cd14e65f15ba5e3f2c972d1f753586 (good) ;; QUESTION SECTION: ;c1.example.home. IN A ;; AUTHORITY SECTION: . 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2020072000 1800 900 604800 86400 ;; Query time: 1043 msec ;; SERVER: 192.168.14.10#53(192.168.14.10) ;; WHEN: Mon Jul 20 11:38:06 EDT 2020 ;; MSG SIZE rcvd: 147 Log output from NS1 (recursive) Jul 20 15:38:05 ns1 daemon.info named[4022]: validating example.home/SOA: got insecure response; parent indicates it should be secure Jul 20 15:38:05 ns1 daemon.info named[4022]: no valid RRSIG resolving 'c1.example.home/DS/IN': 192.168.14.20#53 Jul 20 15:38:06 ns1 daemon.info named[4022]: insecurity proof failed resolving 'c1.example.home/A/IN': 192.168.14.20#53 and there is no log entries on the authoritative server /Weeltin On Sun, Jul 19, 2020 at 6:05 AM Josh Kuo wrote: > When querying your internal domain, I see the query actually ends with > “recursion requested but not available”, it looks like you are querying > directly against your auth server, so I would check the setting to ensure > the zone file is actually loaded correctly. > > What Mark answered is assuming you are querying the recursive which then > returned SERVFAIL due to DNSSEC validation, but I do not see that in the > information you provided. > > Can you run dig on the auth server itself, dig @ 127.0.0.1 for > example.home, and see what it returns? > > > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
