On 3/17/19 8:35 AM, Stephan von Krawczynski wrote:
In todays' internet this is no niche any more.
Oh, there most certainly are niches today. I think there are more today than there were before.
And the right tool means mostly "yet-another-host" because you then need at least a cascade of two, one for dnsmasq and one for bind/named. A lot of overhead for quite a simple task...
No, you don't need another host. · You can do things on different ports and / or IPs on the same host.· You can use different BIND features to do exactly what you want in a single daemon. (See my previous email about RPZ / RPS / DLZ.)
Shorter config = shorter load time. The semantic change of "allow update" alone leaves every setup with 1000 domains in a situation where 999 config statments more have to be read, interpreted and configured - just to end up in the same runtime setup.
See my previous email about load time. TL;DR: The config isn't the problem. The zones are the problem.
It is really very obvious that this is only done by ideologists, not technical oriented people.
I disagree.I've seen similar breaking changes in other products for (usually) well published / documented reasons. Often times it's related to blocking new more important features and / or problems maintaining legacy code and / or security implications.
None of that is ideology. That's program maintenance.That being said, I don't know what is the case in the (broken) global allow-updates issue that you're talking about.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
