[linux-elitists] DJB ruckus du jour

Rick Moen rick@linuxmafia.com
Wed Nov 13 15:05:26 PST 2002

[Sorry about breaking threading.  I had already deleted prior posts.]

Marc wrote:

> An entertaining read, as always, thank you for putting things back
> into place and exposing those people for who they were.

When Bernstein showed up and started posting to that thread, himself, he
posted a link to a real stunner Web page that I've never noticed before:

OK, you probably know that Bernstein, with perhaps some justification, 
just doesn't like the BIND-originated mechanisms for doing zone
transfers, and therefore IXFR/TSIG and outgoing AXFR remain impossible
with djbdns, to my knowledge even with third-party add-ons.  (Inbound
AXFR is possible using axfrdns, after some work.)

Bernstein makes an argument that the BIND-originated mechnanisms are 
badly designed, a poor idea, needlessly dependent on BIND file syntax,
and in some cases (IXFR/TSIG incremental transfers) unreliable.  He
points out that (if you control both ends) you can accomplish the same
thing -- better, he says -- using rsync/ssh or scp, among other
alternatives.  Up to that point, his stance is basically "Hey, I don't
like those other things; here's what my stuff does instead.  Take it or
leave it."  Which is at least defensible.  (Your comments much earlier
about push-distribution using rsync/ssh or scp being a security headache
are duly acknonwledged.)

_But_, on the page I'm talking about, Bernstein decides that's not
enough, and attempts to seriously allege that offsite backup DNS is
pointless anyway!  I'm not kidding; he really does say that.

Cheers,                     Errors have been made.  Others will be blamed.
Rick Moen

More information about the linux-elitists mailing list