My problem with named is keeping it patched and up-to-date. If you subscribe to bugtraq, you know that 9.2.0, 9.2.1, and 9.2.2 all had critical bugs within a few weeks of each other. That sucked! Even when I was running BIND (9.x.x, chrooted on OpenBSD), that made me nervous. I have administered the nameservers for some big sites (Xoom.com) and it makes me nervous to run BIND nowadays. I can't tell someone "yeah, do: sudo ./add-mx domain.tld ip.add.re.ss && make " and it's go time...
I'm reworking our djbdns to pull records from a postgresql db that is nice and constrained, with an idiot proof PHP GUI, and only rewrites /service/tinydns/root/data on changes. That's better than named for my purposes. I administered a bunch of BIND installations once upon a time for Xoom.com and I maintain some other peoples' BIND installations, but for my own usage, I prefer djbdns as it is more idiot-proof. It's very hard to screw up PTR and MX records if you follow his directions, for example; I have just watched an ISP (a pretty good one) accidentally botch a primary MX record with named due to forgetting the trailing . It's not just DJB-religion; Postfix is working better for us than Qmail. Similarly while I like Courier-IMAP a great deal, it turned out that DBMail served our needs at rc.com best, so I adapted and used that. The only problem that remains is that I still can't get dbmail-imapd to create folders from within Squirrelmail -- am I retarded?!? Once more for emphasis, dbmail is a great product and has a wonderful community of people around it. Thanks yet again. --tim Quoth Jeff Brenton: > Hello Tim, > > T> Do I deal with our ISP's badly-run BIND servers, or do I roll the dice > T> and hope NSI does not obliterate all nameserver entries for our domain > T> when I try to promote my djbdns-run primary nameserver to the helm? > > If you've got djbdns running on a permanent connection, AND you can > get someone else to be a secondary for you (preferably off-network), > I'd say become your own DNS. > > We have three... one on each of three networks we occupy, and have > been since we got our first IDSL. Once you establish them, things get > a lot smoother in the internet world! > > With GODADDY.COM, for example, we need only specify our three servers > by name during domain setup. The only problem we've had is when NSI > had one of them locked to a particular IP address, which changed; It > only affected the one master domain, because all the others went back > through a look-up process, so they picked up the change. > > Had to fix that by removing that named server (actually substituted > another name with the same IP), let that propagate, then put it back > to the original name. NSI wasn't directly involved, but they had the > original name of the server locked in their control for some reason, > so changes kind of hit a wall. > > For the record, though, BIND isn't so bad, if you're used to the > syntax that DJB dislikes so much. I can throw together a new zone > file, and configure BIND to use it on all 4 of our DNS servers, in 10 > minutes. The only thing I dislike, really, is having to restart named > to get the master to read a zone file change... Fortunately, that's > only a couple of times per month. > > -- > Jeff Brenton > President, > Engineered Software Products, Inc > http://espi.com > Questionable web page: http://dididahdahdidit.com > > Liberalism grants you the freedom to advocate any idea*. > * Please see http://www.dididahdahdidit.com/except.php for a > current list of exceptions > > _______________________________________________ > Dbmail mailing list > Dbmail@dbmail.org > https://mailman.fastxs.nl/mailman/listinfo/dbmail -- "It's just a job. Grass grows, birds fly, waves pound the sand. I just beat people up." --Muhammad Ali
