Date: Tue, 20 Feb 2001 01:03:29 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: danp@danp.net (Dan Peterson) Cc: arch@FreeBSD.ORG Subject: Re: DJBDNS vs. BIND Message-ID: <200102200103.SAA04042@usr05.primenet.com> In-Reply-To: <20010219101234.A98114@danp.net> from "Dan Peterson" at Feb 19, 2001 10:12:34 AM
next in thread | previous in thread | raw e-mail | index | archive | help
> > But with BIND, you the user can fix them. You can do that with DJBDNS, too, > > but you can't share your fixes with anyone else. > > http://www.djbdns.org Unfortunately, I still can't sell my company, if I patch DJBDNS, and my company relies upon it, since I will be in violation of the license. > > Dynamic DNS? > > I can't say I've ever used this. Sounds like another BIND klugde, though. It > would probably be easier to write a simple script to edit your data file and > rebuild data.cdb. RTFM at http://cr.yp.to/djbdns/tinydns-data.html . DNSUPDAT, which is the proper name of the facility, allows you to make updates to zone data in the primary, without taking the server down, and without an outage while the server reloads its file. This can be used to make long TTL modifications to zone files, permanent changes to machine configurations within the zone. It is, however, most useful for dialup devices which need short TTL entries during the period of time which they are transiently connected. This is particularly useful for permitting a single relay policy for email (most dialup machines are blocked from direct mail into hosts controlled by sane administrators), and is also useful for "tickled" devices. A "tickled" device is one you call, it sees the ringing, and it calls in to establish a connection. It then makes a DNS entry with its dynamically assigned IP address, which permits you to dial in to get IP connectivity on a local number, and remotely access the dialup machine by name; without this, there's no way to know the IP address of the dynamic assignment. This facility is also useful for assigning DHCP lease names, and names based on RADIUS accounting records. I personally don't use this, since I think that machines should do their own stateless autoconfiguration, and DCHP should die. I don't use the RADIUS accounting records because I don't control a RADIUS server these days. > > DNSSEC? > > http://cr.yp.to/djbdns/forgery.html This is substantially incorrect. His reading is based on trusting an exterior zone on the basis of trusting a signature authority; if, on thge other hand, you want to establish your own security associations internally, perhaps going so far as to establish exterior associations with other companies for whom you have a record of their public keys, you can do so. Also, it is out of date: NSI has stated an intent to start signing, as soon as the RFC goes standard. Meanwhile, there's still the license. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102200103.SAA04042>