Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×

452 comments

When the GNAA.. (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9333673)

..saw the breadth of their domain, they wept, for there were no more worlds to conquer.

Re:When the GNAA.. (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9333826)

But the GNAA conquered commandante Taco's gay ass just last night.

DSJDJSAKLDJLSAJDLASJLD (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9333681)

FKLJSALDJSLKADJLASJDLSAJLDJASOIRWAUESJHFjflkasjkas jdklsajdlkajslkdjaskldjslak;jdfwqioueralskjdskljdk lsajdlsaJSLJASLKJDLSKAJDLSAJlakjdlksajdklsajdioqwu eoiusajdklasjdlskajeoiwqjdislajdowiajdosidu[iaofdw ajur[i;oshfcdur;oafojia;sdjsalkjd:OIJAOIQWHI

probably (5, Insightful)

greechneb (574646) | more than 10 years ago | (#9333683)

probably since most distros (BSD & Linux) include BIND as their default DNS server. People are lazy.

Re:probably (4, Insightful)

kinema (630983) | more than 10 years ago | (#9333728)

People are lazy.
If laziness dictated what DNS server people ran I find it hard to believe that they would choose BIND. BIND is hardly the simplest DNS server out their to learn, setup and maintain.

Re:probably (4, Insightful)

missing000 (602285) | more than 10 years ago | (#9333840)

It may not be "simple", but it is /powerful/.

Do you live in a DOS shell? It's "simple" - so is driving a golf cart or programming in BASIC.

Simple is not equal to good. Very few people would actually chose simple over capable any day.

Re:probably (5, Insightful)

kfg (145172) | more than 10 years ago | (#9333852)

It depends on what you mean by lazy.

Ever see someone toss a coat on the floor rather than hang it up, and then go back later to hang it up anyway?

Most lazy people create an extraordinary amount of needless labor for themselves and then berate people who have a lot of free time because of their efficiency "lazy."

It's very peculiar.

KFG

Re:probably (1, Funny)

Anonymous Coward | more than 10 years ago | (#9333893)

pfft, why should you ever go back to hang up you're coat when you've thrown it in a perfectly good spot.

The normal course of action is to pick up the coat on the way out, if it's a stairway you don't have to even bend, just kick it to the stairs take a few steps down, reach out with you're arm and voila, all with the least lost of bodily fluids.

Re:probably (2, Insightful)

kfg (145172) | more than 10 years ago | (#9333986)

pfft, why should you ever go back to hang up you're coat when you've thrown it in a perfectly good spot.

I haven't a clue, but people do.

KFG

Re:probably (1)

Morth (322218) | more than 10 years ago | (#9333871)

But it's not really that hard to get a basic setup either. The default configuration file is typically setup for caching, so all you have to do is add your own zones. Isn't exactly super hard to copy the zone file and edit the A entries (plus a few more).

Re:probably (4, Interesting)

huge (52607) | more than 10 years ago | (#9333729)

No matter which DNS server is the default in any distro. All of the DNS admins I know will compile or reinstall the server anyway.

It maybe true that some of the home users running a "server" in the closet may be using the default server of distro, but I think there aren't that many to make a difference.

Re:probably (2)

bryanp (160522) | more than 10 years ago | (#9333744)

probably since most distros (BSD & Linux) include BIND as their default DNS server. People are lazy.

Probably since most retail desktop OS's (Mac & Windows) include IE as their default browser. People are lazy.

(sorry, I couldn't resist)

Re:probably (1, Funny)

kfg (145172) | more than 10 years ago | (#9333752)

ARRRGHHHH!! MY EYES!!

Fooled you. I'm not wearing any underwear.

KFG

sendmail shows this to be true (2, Insightful)

millahtime (710421) | more than 10 years ago | (#9333796)

The fact that sendmail is also frustrating, is default install on Linux and BSD, and is the most popular for mail shows that this theory is pretty much true.

I also know I am amungst the lazy ranks.

One Ring (2, Funny)

soloport (312487) | more than 10 years ago | (#9333822)

"To rule them all.
And in the darkness BIND them."

Like, Duh... So obvious.

Re:probably (1)

Dr Bile (563997) | more than 10 years ago | (#9333828)

Indeed, people generally use what is provided for them. And BIND generally does the job, which is enough for most folks. Most people, myself included, couldn't care less for any more functionality than responding reliably to a request for an A record, MX record, whatever. I use TinyDNS for an authoritative nameserver. It is lightweight, reliable, and apparently secure. Yeah, it hasn't been updated in a while, but I have no need for it to be. I'm pretty sure BIND has had more releases for security updates and bugfixes than for new features. When folks look up my hostname, they get an IP address (well, assuming my 2yo hasn't found the power button).

Re:probably reliability (0)

Anonymous Coward | more than 10 years ago | (#9333908)

DNS/Bind is standard and reliable full featured DNS and is supported as part of the base OS. And it has a better security record than many other proprietary systems.

Why would anyone use anything else?

Duh (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#9333685)

Duh

arrr! (1, Insightful)

Baka_kun (647710) | more than 10 years ago | (#9333691)

the old mighty conservative geeks wins again!

Re:arrr! (1)

WesG (589258) | more than 10 years ago | (#9333713)

And lets not forget those silly sendmail geeks :P

De Facto (5, Insightful)

the_mad_poster (640772) | more than 10 years ago | (#9333699)

Becuase no matter what ridiculous flaws it has in it, it's the de facto standard by which all other (frequently superior) systems are measured. People figure "gee.... I wanna learn DNS servers", they think BIND. They think "gee.... I wanna learn SMTP servers". They think sendmail.

It's the same flawed system that supports Windows, but executed to a much greater extent. People are familiar with it, so despite the fact that BIND and sendmail are absolute abominations, they get used.

The geeks bitch about people using Windows even though "such far superior" systems exist as alternatives, but we keep using the horrendous abortion that is BIND even though there are superior alternatives that are free. I guess we can't stand the taste of our own medicine, hm?

Re:De Facto (5, Interesting)

Tet (2721) | more than 10 years ago | (#9333761)

People are familiar with it, so despite the fact that BIND and sendmail are absolute abominations, they get used.

Sigh. Y'know, I really should get used to sendmail FUD on Slashdot, but here I am feeding the trolls anyway. I use sendmail because it's better than the alternatives, and it's far from an abomination. I'm not going to claim the syntax looks good at first glance, but then most perl programs look like line noise too, yet the Slashdot crowd doesn't seem to have a problem with that. When other MTAs can match Sendmail's flexibility, then maybe I'll consider switching. But not before.

Re:De Facto (3, Insightful)

Psiren (6145) | more than 10 years ago | (#9333815)

When other MTAs can match Sendmail's flexibility, then maybe I'll consider switching. But not before.

I haven't used sendmail in years, having switched over to exim a long while ago. Out of interest, what does sendmail offer you that exim doesn't?

Re:De Facto (5, Informative)

Total_Wimp (564548) | more than 10 years ago | (#9333823)

When other MTAs can match Sendmail's flexibility, then maybe I'll consider switching.

I think you hit the nail on the head. These big, some would say bloated, systems end up getting used because they're flexible. Others are constantly writing 3rd party stuff that specifically use these systems.

Case in point: Microsoft ADS is very DNS dependant and the only DNS they support besides Microsoft DNS is BIND. BIND may, or may not be the best DNS out there, but because it's the standard people are building their systems to, it is almost certainly the most compatible and, by extension, the most flexible.

TW

Re:De Facto (5, Interesting)

SWroclawski (95770) | more than 10 years ago | (#9333825)

Please tell me something Sendmail does that Postfix doesn't.

I'd argue Postfix is more modular, more simple to configure, more respectful of system resources, more secure and more flexible than Sendmail.

qmail: never a security lapse. (2, Informative)

Russ Nelson (33911) | more than 10 years ago | (#9333855)

The question is whether the flexibility is worth the security cost imposed by the extra complexity required to get the flexibility. I say no, and run qmail. It's the only MTA that has never had a security lapse. (actually, Courier might not have had one either, but who runs Courier?)
-russ

Re:qmail: never a security lapse. (1)

richie2000 (159732) | more than 10 years ago | (#9333881)

who runs Courier?

*raises hand*

:-)

Re:qmail: never a security lapse. (2, Informative)

spacey (741) | more than 10 years ago | (#9333967)

I second that raised hand.

Went qmail->courier. A bunch of things the suite as a whole does makes it even easier to setup than postfix. I.e. I can set up virtual users and a virtual domain and have the mail server and lda and imap and pop3 server etc. etc. etc. all work from the same auth database with the same schema, whether the database is ldap, mysql or postgres with very little tweaking.

-Peter

Re:De Facto (2, Interesting)

robslimo (587196) | more than 10 years ago | (#9333776)

...no matter what ridiculous flaws it has...

Did you see the version results for BIND? There are some really ancient ones out there. 1.971% are version 4.9.3 to 4.9.11

I haven't checked any vulnerability databases on it, but that seems pretty old... too old to have patches available?

Re:De Facto (1)

compass46 (259596) | more than 10 years ago | (#9333992)

OpenBSD up until 3.5 has used BIND4 by default. It was their own self maintained fork of the program.

Re:De Facto (1)

MrMickS (568778) | more than 10 years ago | (#9333785)

The basic statement that BIND is used because it is a defacto standard is a good one. The rant that follows doesn't help the argument.

Could you please define what you mean by superior?

Re:De Facto (2, Insightful)

winchester (265873) | more than 10 years ago | (#9333807)

False arguments. At least the possibility for people to run other software in full compliance with the published standards (RFC's), thus providing full interoperability exists.

With windows, you do not get that choice... either you use what Microsoft provides you or you don't use it at all. There is no choice. On Unix, there is.

Re:De Facto (4, Insightful)

stephenbooth (172227) | more than 10 years ago | (#9333816)

There's also the fact that, due to it's current dominance, if I buy a book about DNS it probably assumes BIND. Therefore in a lot of people's heads BIND = DNS. Heck, for that very reason if I had to set up a DNS server (I'm not a networking expert) I'd select BIND as then I know that there's going to be examples in a book I can adapt to suit what I want to do. If it's not my core area then I don't want to have to spend hours learning how to configure a system, I just want to copy something out of a book and for it to work. Looking at the MyDNS site that has a second strike against it, it requires MySQL. Not only do I have to learn to setup and configure the product I actually want but I also have to learn another unrelated product! At least BIND uses text files, I know how to edit those.

Stephen

Re:De Facto (5, Insightful)

Apreche (239272) | more than 10 years ago | (#9333847)

True that. But in addition, because it is the de facto standard, its what they teach college students in IT classes. I'm a CS major, and I know quite a few IT majors around here. If you asked most of them to set up a DNS server they could. If you asked how they would say "the bind command". Because they are all windowsy, they don't realize bind is a piece of software that is replaceable. They were taught how to do things a certain way, and they don't know to do it differently.

Not all IT majors are that dumb, some of them deserve some credit.

The other problem is that old pain in the butt standard programs like bind and sendmail are feature complete. Because they are old and used by tons of people they have all the features in them, workin properly. It may be a horrid pain in the ass to make them work, but it can be done. And while there are many nice new alternative programs that serve the same functionality in an easy clean fast way. You'll be hard pressed to find one that can do everything. I can't tell you how often Who will use a piece of software that they know is terrible, will admit to it being terrible, even complain about it being terrible, because it is the only one with a single feature that is necessary. Made up Example: One website someone visits often only works in IE. They love Firefox, but its too much of a pain to visit that one site.

There's some guy out there using bind who wants to use something else, but can't because he needs one tiny feature that nothing else has. This is a major weakness of Open Source because since software is under constant development and bug fixing and security hole patching is priority, few programs ever become feature complete.

Re:De Facto (1)

AKnightCowboy (608632) | more than 10 years ago | (#9333874)

People figure "gee.... I wanna learn DNS servers", they think BIND. They think "gee.... I wanna learn SMTP servers". They think sendmail.

Naw, Bind 9.x is quite good and I love it. It probably helps that EVERYONE uses it so it's easy to standardize on it's zone file format. As for Sendmail, that's the biggest pile of shit mail system I've ever used and I have never looked back since switching my systems to Postfix. Bind on the other hand is acceptable.

MyDNS (5, Informative)

Havokmon (89874) | more than 10 years ago | (#9333702)

I've played with it.. it's defintely a nice DNS server.

But what I really want is something like EasyDNS provides: Aliases. I want to be able to 'clone' whole domains, because they're all going to the same place anyways based on the hostname.

Maybe EasyDNS just wipes out all the duplicate hostnames, and writes new records for them between the web interface and the backend when a host is changed or added..

Re:MyDNS (4, Informative)

boaworm (180781) | more than 10 years ago | (#9333734)

You should try PowerDNS. It's entire records are located in MySQL database tables, enables very easy update/modify/add/delete scripts. Performance is great :-)

Re:MyDNS (1)

Havokmon (89874) | more than 10 years ago | (#9333854)

You should try PowerDNS. It's entire records are located in MySQL database tables, enables very easy update/modify/add/delete scripts. Performance is great :-)

Yep played with that too.. but I'm kinda scripted out - I was hoping someone else already did all the work for once :P

Re:MyDNS (1, Informative)

Anonymous Coward | more than 10 years ago | (#9333947)

try PowerAdmin, its a php frontend to pdns.

Re:MyDNS (1, Informative)

Anonymous Coward | more than 10 years ago | (#9333735)

Do you mean to automatically have a.domain2.com, b.domain2.com, ... once you have a.domain1.com, b.domain1.com?
If yes, you can definitely do this with bind: simply use an abbreviation-only file (no reference to the domain) and use this file for both domains.

bind difficult to use? (0)

Anonymous Coward | more than 10 years ago | (#9333704)

Well, I don't find BIND difficult to use or set up. Sure, it's better to understand the DNS protocol, but I find the configuration files & syntax to be very clear (at least in my configs ;)

That's like... (3, Informative)

Simon Carr (1788) | more than 10 years ago | (#9333711)

"air is most popular substance to breathe". :)

That being said, PowerDNS is pretty awesome as a master, very nice for front end interface building.

Re:That's like... (-1, Offtopic)

Coward, Anonymous (55185) | more than 10 years ago | (#9333806)

air is most popular substance to breathe

Only by certain species. With oceans covering the majority of the Earth, I suspect that water may be the most popular substance to breathe. But that's only on Earth, the aliens that beam their thoughts into my head breathe pure methane gas.

Gotta trust your DNS server (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9333714)

I've been sending it my credit card number and other sensitive info each time I'm off by one pixel when I paste something in Firefox with the middle button.

come on and hang out with the bleach boys, baby... (1)

crow_t_robot (528562) | more than 10 years ago | (#9333716)

don't you want to drink some bleach tonight?
i had ten friends in the beginnin'
but now it seems our numbers are thinnin'

Breaking news (-1, Offtopic)

johnw (3725) | more than 10 years ago | (#9333721)

And in other news...

Pope found to be catholic.

Re:Breaking news (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9333912)

Does the Pope shit in the woods?

Not necessarily the best for all... (4, Informative)

Piranhaa (672441) | more than 10 years ago | (#9333724)

Personally, I use one called djbdns. It's extremely small and basically bug free! The author actually will pay $50,000 to whoever finds the first exploit in it or something. If you don't need all the extra power that bind offers, this is a much better way to go. Less memory and space required, meaning cheaper systems may run it better. Even the config file can't be simpler!! cat /etc/tinydns/root/data .pnet:10.0.3.33:a:259200 .10.in-addr.arpa::ns.pnet: #Define hosts & aliases =pollux.pnet:10.0.3.1 =altair.pnet:10.0.3.2

Re:Not necessarily the best for all... (1, Informative)

Anonymous Coward | more than 10 years ago | (#9333751)

Yeah, that is Tinydns mentioned in the survey.

Re:Not necessarily the best for all... (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9333758)

The author actually will pay $50,000 to whoever finds the first exploit in it or something.

Actually the reward is $500 and there have been problems with it but DJB (the author) weasles out of paying. Google for "djbdns fraud" or something.

Re:Not necessarily the best for all... (2, Interesting)

Russ Nelson (33911) | more than 10 years ago | (#9333809)

Uhhhhhhh, sorry, Anonymous Coward, but you don't get away with that accusation without more details than that. There have been no security lapses in tinydns or dnscache. Weasles is actually spelled Weasels. Googling for djbdns fraud gets me nothing. Honest up, dude!
-russ

Offtopic (1)

ipjohnson (580042) | more than 10 years ago | (#9333917)

are you still maintaining the qmail web site?

Re:Not necessarily the best for all... (2, Informative)

Anonymous Coward | more than 10 years ago | (#9333773)

You mean, $500 [cr.yp.to] .

Re:Not necessarily the best for all... (2, Informative)

Russ Nelson (33911) | more than 10 years ago | (#9333835)

Actually, your zone file looks like this:
.pnet:10.0.3.33:a:259200
.10.in-addr.arpa::a.ns.p net:
#Define hosts & aliases
=pollux.pnet:10.0.3.1
=altair.pnet:10.0. 3.2

Re:Not necessarily the best for all... (1)

Piranhaa (672441) | more than 10 years ago | (#9333848)

Thank you :) I don't remember what I was on when I pasted that hehe

Re:Not necessarily the best for all... (2, Informative)

Christianfreak (100697) | more than 10 years ago | (#9333974)

I use djbdns as well. Very simple, very easy to use. I actually run about 100 domains off of it.

I can't say that I really like the separate cache/dns server but I've gotten used to it. I just wish my cache would immediatly pick up changes in my DNS. And I wish it was better documented.

For the same reason most people use windows (1)

kickus_assus (598518) | more than 10 years ago | (#9333725)

They don't know any better and are afraid to change!

It is the default, and not hard to understand (2, Informative)

hattig (47930) | more than 10 years ago | (#9333730)

Unlike sendmail which can scare people away just with the configuration file, the BIND zone file layout and other stuff isn't hard to learn.

So people use what came with the box, what their book on "DNS & BIND" uses, and so on.

Also, everybody else uses it!

Re:It is the default, and not hard to understand (1, Insightful)

Russ Nelson (33911) | more than 10 years ago | (#9333743)

Actually, the BIND zone file layout is error prone. How many times have you forgotten to update a serial number? How many times have you forgotten to put a dot at the end of a name?

Also, BIND allows you to mix caching and authoritative services. Not only is this insecure in nature, it's insecure in BIND's implementation. Much safer to have them on different IP addresses.
-russ

Re:It is the default, and not hard to understand (3, Interesting)

Nohea (142708) | more than 10 years ago | (#9333778)

I really like BIND 9 - easy to use, the most features, plus a full rewrite since BIND 8.

DNS servers are low on resource usage anyway, so switching to a leaner daemon would always be a niche product (like Apache alternatives).

The only motivation for switching is the exploit issue. With the rewrite, its less of a case, and everyone should be keeping up to date w/security patches anyway.

crypto ... (1)

straybullets (646076) | more than 10 years ago | (#9333732)

http://cr.yp.to/djbdns/run-server-bind.html i dont know ...
maybe i'm just too old for this now ...
:)

Dynamic DNS (1)

ldspartan (14035) | more than 10 years ago | (#9333738)

Let's not forget Dynamic DNS, i.e., DNS updates from DHCP. I 3 DJB's software, tinydns included, but you can't (readily) attach it to ISC DHCPD and have your DNS records change with your DHCP leases. This isn't a limitation of Dan's software, but rather vendor lock-in on the part of the ISC (and MS, who provides the other major DDNS implementation).

For some people, in some situations, this is a necessity. I just can't wait for someone to write a DJB-inspired DHCP server.

Re:Dynamic DNS (2, Informative)

Russ Nelson (33911) | more than 10 years ago | (#9333775)

Why not?? He's replaced the other major ISC-associated software. Plus you know there must be security holes in dhcpd.
-russ

Re:Dynamic DNS (1)

ldspartan (14035) | more than 10 years ago | (#9333897)

Heh, _my_ C skills certainly aren't up to DJB quality codig, but I bet yours are. You should go for it once that domainkeys implementation is done. :)

--
Phil

Re:Dynamic DNS (0)

ldspartan (14035) | more than 10 years ago | (#9333949)

'codig' ... nor are my typing skills, apparently.

Re:Dynamic DNS (1)

s3ti (514792) | more than 10 years ago | (#9333821)

You should take a look at this [thismetalsky.org] .

BIND is dying :-) (-1)

akincisor (603833) | more than 10 years ago | (#9333739)

Today Netcraft confirmed that BIND is dying...

(Note: Mod funny)

Re:BIND is dying :-) (-1)

Anonymous Coward | more than 10 years ago | (#9333799)

I thought GWB was dying....

Re:BIND is dying :-) (-1, Offtopic)

Patrik_AKA_RedX (624423) | more than 10 years ago | (#9333963)

You wish. GWB will be re-elected. He'll drop elections altogether and will be the new Emperor of the US for life. Then he'll become immortal.
Picture that!

(sorry I'm a bit annoyed by that damn election death tree spam here (local election crap, not the US elections) and destroying someones brain does make me feel a bit better.)

Branding (-1, Offtopic)

Douglas Simmons (628988) | more than 10 years ago | (#9333740)

It's all in the name. Think about it - BIND. The assonance of the word just sounds badass for a group of people starved for badassness to the point that they have to describe their coolness using numbers instead of letters.

I am assuming though that BIND is pronounced "byned" not bind with a soft i, because otherwise my theory is bunk. Bind like wind... just doesn't sound that connected to bondage. This has nothing to do with programming excellence, it's all about sexual connotation, however subtle. That's why sendmail is dropping fast to weirdly named but superior servers -- Postfix, qmail? Postfix?? If you can say, Yo baby i'm doing to bust a double horizontal BIND on yo' ass!, it just sounds so right and the program will never die.

Ok (-1, Redundant)

No2NT (258831) | more than 10 years ago | (#9333762)

I just happen to think of another article I read on /. earlier...

M$ Corporate Meeting:
"Well, BIND wins again."

BG:
"What? Do you think I'm stupid?"

Far from accurate (0, Troll)

FistFuck (48079) | more than 10 years ago | (#9333765)

Please explain how you managed to fingerprint DNS servers. I don't think many DNS servers have version identification fetures. BIND does but it's not exactly a standard. ...or maybe even a good idea.

This surey ranks up there with "Most dentists recommend brand X" marketing for me. The accuracy of the sample set is extremely questionable.

In the article (1)

Anonymous Coward | more than 10 years ago | (#9333842)

He explains exactly how he fingerprints DNS servers and also gives the percentage of servers that he was not able to fingerprint(mostly due to timeouts).

Re:Far from accurate (2, Informative)

crimoid (27373) | more than 10 years ago | (#9333850)

He used fpdns which is a well-known and accurate tool. http://www.rfc.se/fpdns/ [www.rfc.se]

Re:Far from accurate (1)

FistFuck (48079) | more than 10 years ago | (#9333879)

No. fpdns is guessing.

Determining what product is used when the product does not identify iteslf does not lead to accuracy.

"That pile of rocks must be coal because they look black."

Far from definitive.

You really see which DNS does heavy lifting. (5, Interesting)

Inoshiro (71693) | more than 10 years ago | (#9333770)

Ratio of BIND domains serviced to installs: 24,335,752 / 340,345 = 71.5 domains/server.

Ration of MS DNS domains to installs: 2,165,143 / 101,781 = 21.27 domains/server.

Ratio of TinyDNS domains to installs: 5,405,266 / 12,130 = 445.6 domains/server!

Despite only having 2% of the installs, TinyDNS serves 15% of all domains on the internet. Obviousy it is very capable, and has few to no exploits available for it. Why don't more people use TinyDNS if it's so capable?

Because they haven't read how easy it is to setup! [kuro5hin.org]

Re:You really see which DNS does heavy lifting. (4, Insightful)

James Youngman (3732) | more than 10 years ago | (#9333831)

Despite only having 2% of the installs, TinyDNS serves 15% of all domains on the internet.
Maybe that just means that TinyDNS is popular with domain squatters.

I think that the best definition of "heavy lifting" is not the size of the installed base or the average number of domains per server, but instead the total number of queries served. Those numbers of course are hard to estimate.

Re:You really see which DNS does heavy lifting. (5, Informative)

Florian Weimer (88405) | more than 10 years ago | (#9333904)

Despite only having 2% of the installs, TinyDNS serves 15% of all domains on the internet. Obviousy it is very capable, and has few to no exploits available for it. Why don't more people use TinyDNS if it's so capable?

tinydns is unmaintained software. It does not compile out of the boxon modern systems. You don't have a license, so you can only do with it what your local copyright law permits (which may or may not be enough). The zone file format of tinydns is non-standard. The answers it generates are often excessively verbose (e.g. redundant NS records). Third-party documentation suggests a configuration that violates recommendations of TLD operators and most ISPs, which means that you have to redo parts of it once you receive your first delegation.

And so on. Go ahead and use BIND alternatives for authoritative name servers, but try to avoid tinydns.

Re:You really see which DNS does heavy lifting. (1)

AKnightCowboy (608632) | more than 10 years ago | (#9333913)

Despite only having 2% of the installs, TinyDNS serves 15% of all domains on the internet. Obviousy it is very capable, and has few to no exploits available for it. Why don't more people use TinyDNS if it's so capable?

Because it sucks. I tried to get it working a Linux box, followed the directions exactly step by step and all I ended up with was a DNS server that worked for about 2 minutes then stopped accepting queries and hung. Whether that's the crappy inetd replacement DJB wrote or the DNS server itself I have no idea. I happily went back to BIND and have NO problems. Not to mention DJB's whole arrogant attitude about zone transfers and using scp to copy zones around. WTF?

thanks! (0)

SQLz (564901) | more than 10 years ago | (#9333786)

Thank you captain obvious.

Re:thanks! (-1)

Anonymous Coward | more than 10 years ago | (#9333921)

No problem son, now to fight more crime.

A clue and a hoooooooooooyyyyyyyyyy!

Reasons why DJBDNS is not more common (5, Informative)

James Youngman (3732) | more than 10 years ago | (#9333793)

  1. Its config file syntax is even more human-unfriendly than BIND's
  2. It doesn't allow free reign to set the records up exactly how you want (trivially for example, it forces you to adopt a mandatory naming convention for MX records - though the convention is pretty sensible)
  3. It doesn't support caching, so you need a separate server for that (this is actually good, but it does add to the overall amount of work required to set up a set of DNS servers)
  4. Some people find DJB difficult to get on with and/or were turned off by the whole problem around (non) distribution of modified versions of qmail, and so avoid DJB's other offerings

Re:Reasons why DJBDNS is not more common (4, Funny)

embo (133713) | more than 10 years ago | (#9333889)

Its config file syntax is even more human-unfriendly than BIND's

I've got to disagree with you when I can parse a zone file like this:

while (<STDIN>) {
$line = split(':', $_);
for $line[0] {
if (/Z/) { # Zone file }
elsif (/+/) { # A Record }
elsif (/\@/) { # MX Record }
etc. etc. etc.
}
}
All you need is this page to understand the entire format of any zone file: http://cr.yp.to/djbdns/tinydns-data.html [cr.yp.to] For BIND, I need the entire manual. Maybe it's just me.

Re:Reasons why DJBDNS is not more common (1)

Sevn (12012) | more than 10 years ago | (#9333898)

it forces you to adopt a mandatory naming convention for MX records

I call shenanigans.

It doesn't *force* you do use anything specific for MX records. I think you are confusing MX with NS. And even there, it doesn't *force* you to use a certain naming convention there either. You can choose what you like if you pop the entire FQDN in the record and throw a dot on the end.

Re:Reasons why DJBDNS is not more common (1)

Sevn (12012) | more than 10 years ago | (#9333952)

Its config file syntax is even more human-unfriendly than BIND's

I'd say this is a matter of opinion. The important thing is that the config file system is more script friendly, smaller, easier to distribute, etc. One record per line.

It doesn't allow free reign to set the records up exactly how you want

I set my records up exactly how I want. You'd have to explain that one. There isn't anything I haven't been able to do.

It doesn't support caching

DnsCache is for caching.
TinyDNS is for authoritative DNS.
They are both part of DjbDNS.

Some people find DJB difficult to get on with and/or were turned off by the whole problem around (non) distribution of modified versions of qmail, and so avoid DJB's other offerings

Some people find cutting and pasting quotes from web pages difficult in the absense of hands on experience with something. On the other hand, some people have no problems at all. A whole lot of people make a lot of decisions with minimal research effort.

5. DJBDNS is not Open Source (1)

Paul Crowley (837) | more than 10 years ago | (#9333964)

Don't bother telling me about non-open source software to solve this problem, I have open source software that works. The same goes for Qmail.

Though I think the way DJB licenses his gratis software is a shame, I'm not going to take part in the great flamefests about the man - to me, as a cryptographer, he stands as an indisputable contributor of genius to the field.

BIND is like weeds! (2, Interesting)

whitelabrat (469237) | more than 10 years ago | (#9333795)

How the heck do you get rid of BIND? It's everywhere unless your a MS Windows shop that is ruled by DDNS... but most folks I know won't expose DDNS directly to the internet, cause you know why... BIND often acts as an intermediate.

I know there are better alternatives out there, but why aren't they more popular?

- When you insult a troll, he wins.

The reason DjbDNS hasn't been updated in forever.. (5, Informative)

Sevn (12012) | more than 10 years ago | (#9333817)

Is because it has been done forever. Instead of the exploit a year phenomenon you have with Bind, there haven't been any yet. When Bind can take 10,000 requests per second on a dual Xeon box (used for MAPS) and not melt into a smoky plastic dog treat, let me know. Don't get me wrong. Djb is slightly, well, he comes across as a bitter man with something to prove. And I can't stand qmail. But he hit the nail on the head with DjbDNS. I've got nearly 240 domains with a combined total of over 125,000 records hosted with no problem.

Why they keep BIND around (5, Insightful)

reaper (10065) | more than 10 years ago | (#9333818)

  • It's in practically every distro by default
  • Not a whole lot of people really need the hassle of installing another DNS server
  • It is the standard by which other implementations get judged
  • It supports just about every obscure feature known to the DNS world
  • If you know how to hack the config files, it makes manually setting up tons of vhosts dirt simple
  • The name is just so powerful
  • Certain other dns server authors(*cough*djb*cough*) always manage to piss off too many people, even when they are proposing a superior solution to a problem.

Hasn't been updated in years?? (5, Interesting)

embo (133713) | more than 10 years ago | (#9333824)

...since D. J. Bernstein's hasn't been updated for years...

Maybe because it hasn't needed updating.

http://cr.yp.to/djbdns/guarantee.html [cr.yp.to]

Re:Hasn't been updated in years?? (3, Informative)

Anonymous Coward | more than 10 years ago | (#9333906)

Maybe because it hasn't needed updating.

He meant the *survey* hasn't been updated, not the software. Even if it wasn't obvious from the language (and I think it was!) it should have been obvios from the link.

Other Servers? (1, Insightful)

Anonymous Coward | more than 10 years ago | (#9333836)

You mean there are other DNS servers? Holy sh*t! I've actually used a couple of different ones on pre OS X Macs. DNS servers more than most other pieces of software are invisible until it breaks. You just never really think about it once you get the sucker running(unless you do something serious as opposed to what I do). Plus in the early days, the Internet was large public research project whose infrastructure was made by task forces rather than market forces, so a task force made a tool for the job and that was that. Combine that with the inertia that builds up behind a successful product and there's little incentive to change. We know it, we like it, it works, and it's free. Why bother with anything else unless you're running Mac OS 8 or something funky like that?

In soviet Russia ... (-1, Troll)

Metatron (21064) | more than 10 years ago | (#9333841)

DNS serves you

Why BIND is popular (0)

Anonymous Coward | more than 10 years ago | (#9333856)

djbdns simply is not as feature complete. Want zone transfers? Want CHAOS records? Want TSIG keys? Want a reasonable configuration syntax?

The fact is, djb staunchly refuses to incorporate features into his various software packages, resulting in a product that's simply less useful. I never thought I'd be defending any ISC products, but BIND surpasses djbdns.

If DJB were.. (5, Insightful)

jayminer (692836) | more than 10 years ago | (#9333858)

If DJB were not such an ass, his software would be on everywhere now. He is smart, you can feel that. But come on, he thinks that if he has thought about something, it's right and it cannot be disproved. You simply can't. He won't accept a thing.

Look at where daemontools installs itself, and of course the other thingies from him, like djbdns and qmail. The default directories cannot be changed (/service, /package etc.), and if you change them from the source, you violate his license!
He's still refusing to fix the extern int errno; problem, because he thinks that it is not a problem. (Everybody should follow his standards, not glibc or anything like that) He still does not apply QMAILSCANNER patch into qmail. You need to go and get netqmail for that, or apply the patches it provices manually. You cannot distribute a patched qmail, therefore you cannot distribute a proper qmail package for your distribution without begging him!

djbdns assumes that you have a.ns.yourdomain.com b.ns.yourdomain.com etc. The add-ns program does not even get any argument about that. (Of course, you can edit the files manually).

And as far as I know, many distributions kicked his software out, including several *BSDs.

The alternatives (5, Insightful)

Florian Weimer (88405) | more than 10 years ago | (#9333859)

The alternatives have not-so-subtle incompatibilities with BIND and existing practice, are not proven in the field, or are unmaintained by the original developer. In fact, BIND is often deliberately incompatible with its previous versions, so it shouldn't be too hard to beat it in this area, but apparently it is.

tinydns, which was mentioned by the story submitter, is unmaintained, like most (if not all) software that Mr Bernstein has ever released. (This is especially problematic because Mr Bernstein refuses to license the software for a fork.) It does not even compile on modern systems, and it uses a non-standard zone file format. In the days of BIND 4 and BIND 8, all that pain was probably justified, but with BIND 9, things are rather different.

In my experience, in the area of caching full resolvers, BIND 9 simply lacks serious competition, feature-wise, and in terms of ease of administration and interoperability. For authoritative-only servers, RIPE's nsd is an alternative, but BIND 9 is typically not such a big trouble that running two different name servers is really needed.

Because it works. (2, Insightful)

morten poulsen (220629) | more than 10 years ago | (#9333880)

BIND - like Sendmail - is popular because it works. They might be ugly, buggy (as in security problems), whatever, but they are old and people know them.

Anything but ... (2, Interesting)

anaplasmosis (567440) | more than 10 years ago | (#9333887)

... djbdns. Nothing to do with the software and everything to do with the attitude of its author.

I need a new DNS server (1)

bgarcia (33222) | more than 10 years ago | (#9333896)

I'm currently using bind, but it doesn't work well at all for my current situation.

I have a small home network. I also have a VPN to my work network. I would like to forward all DNS queries matching a particular domain or IP address range to the DNS servers at work.

For all other DNS queries, I probably should forward them to my ISP's DNS servers, but I'm not too particular about that.

My current problem is that my VPN isn't always running, and if BIND starts when the VPN is not up, then BIND doesn't work right. I have to restart it when the VPN is up, and then it is fine.

So, any suggestions for a DNS server that can handle this situation?

What's wrong with bind ? (1)

noselasd (594905) | more than 10 years ago | (#9333999)

Seriously. I use it, never had a problem with it. Not that hard to
configure if you know how to read.
In fact it's really amazingly much better than the alternatives. bind
seems to support more features than most of them.
ddns is important to me, works nicely used with dhcpd, I don't see
how I would achieve that using other dns servers.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...