On Friday 27 January 2006 08:14, Alexandru E. Ungur wrote:
> > Any reason you're using tinydns as opposed to bind? ?I can throw a
> > couple sample zones your way for bind, but I've never looked at
> > tinydns (given that it doesn't come with centos and all :-P )
>
> How about these reasons:
> http://cr.yp.to/djbdns/blurb/easeofuse.html ?
Boy, that would be funnier if it wasn't just so WRONG...
As somebody who's used djb's various non-standard and often incompatable
re-writes of standard tools, the servers with the most painful costs to
support are those with djb's stuff installed.
It's been a long time since bind was remotely exploitable, and even so,
updating named when something is found is as simple as
yum -y update; service named restart;
which should be part of your standard maintenance schedule, anyway.
DJB's stuff is so old and infrequently updated, that now it often comes with a
"standard set of patches" that must be applied before it will even compile!
Furthermore, the license behind DJB's stuff is terrible - no binary
distribution, etc. It's typical to be forced to recompile it just to apply a
minor config change, making scripting of such updates and changes virtually
impossible.
If you want bind managed easily, Webmin is a good bet for making it "idiot
proof".
Sorry - I once was sold on the idea of djb's tools and Qmail, and I've
regretted installing it ever since. Save yourself some serious agony - run
(don't walk!) away from djb-ANYTHING!
-Ben
--
"The best way to predict the future is to invent it."
- XEROX PARC slogan, circa 1978
