On Jun 12, 2009, at 1:50 AM, Adam Tkac wrote:
On Wed, Jun 10, 2009 at 08:37:52PM -0700, Chris Buxton wrote:
A few of our customers, running servers that they describe as
experiencing high traffic (by their own standards), have had to have us
rebuild BIND from the stock source code for them to solve frequent
crashing during such high traffic episodes. Frequent in this case
typically means that named either just dies or dumps core within a few
seconds of starting up.

Have you ever reported the problems to the Red Hat or Debian bug
tracker? Generally you don't have to be experienced programmer. Your
bug report can contain, for example, "named crashed with this INSIST
failure: ..." only. Your vendor will ask you more information if
needed.

Since the servers that have been affected were not mine, I did not do so.

I think it is a good idea to use package from your vendor because
you don't have to watch bind-announce, don't have to compile each
time when bind is updated etc. You can simply run "yum update" or
"apt-get upgrade" and you can be sure you have software without
security issues. But feel free to compile named yourself if you prefer
this approach.

There's a definite argument in favor of this. However, this assumes that the vendors are on the ball. For example, for a long time after 9.3.5-P2 was released, the RH build of BIND on RHEL 5 was still using the -P1 patch. This was a real problem for a small number of our customers.

For most servers, the vendor-supplied builds work fine. But IMO for high-traffic servers, it makes sense for the server administrator to do it himself. This would be true whether or not the vendor supplied build had stability problems on that server.

Chris Buxton
Professional Services
Men & Mice

_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to