[linux-elitists] DJB ruckus du jour

Rick Moen rick@linuxmafia.com
Wed Nov 13 18:26:09 PST 2002


Quoting Michael Bacarella (mbac@netgraft.com):

> Before you crucify me as a DJB-cultist (or just ignore me) I figure
> a preemptive response is in order.
> 
> I don't run any of DJB's software, and I don't particularly approve
> of the way he organizes any of it (I'm really not interested in downloading
> all of his UNIX-reinvented). However, I do believe that his
> ideas aren't as patently insane as you do (although admittedly, he
> can be a bit excessive).

Herewith, in what I hope is pleasant surprise, a preemptive gesture on
my own part:  I agree with you.

> I think BINDv9 is likely to be a security liability soon enough, but
> because of architectural reasons. The DNS spec is cram-packed with
> useless functionality that BIND has to support, and has to support
> with a single process image design, and a complex configuration file.

Hey, I agree.  I think there are too many eggs in that basket, and too
much code for a monolithic design.  Further, I think having all 13 root
nameservers run BIND is friggin' nuts -- and that it would be so, even 
if it weren't BIND8 that they're running.

I likewise think that the time for keeping all data in an in-memory
cache passed a decade ago.  Vixie knows this from personal experience,
since adding the DNSSEC data to BIND9's cache has tended to explode the
RAM requirements to the point where even ISC's enormous primary DNS host
has a difficult time juggling all that data.  I heard him admit this
during a lecture, a year or so back.

Also, we always suspected that the throughput of BIND (any version)
sucked, but recently have been seeing confirmation from competiting
products.  Notably, MyDNS has proven to have an order of magnitude
better transction-handling capacity, despite being back-ended into a
MySQL database.

> It would be neat to see him compare qmail to Postfix, et al, but perhaps
> he simply believes they're all inferior to qmail and that since Sendmail
> is by far the largest target, he may as well concentrate on attacking that?

But there's also the fact that he's willfully comparing it against one
of two monolithic-binary designs (Sendmail, Exim) rather than against
the two other common modular ones (Postfix, Courier).  Apples, oranges
-- and both he and essentially all of his groupies know it.

Certainly, it could be coincidence.  But, as Runyon said, that's not the
way to bet.

-- 
Cheers,                                Before enlightenment, caffeine.
Rick Moen                              After enlightenment, caffeine.
rick@linuxmafia.com



More information about the linux-elitists mailing list