BIND 9.3 Released With Commercial Support

darthcamaro writes "Time for net admins to update BIND: version 9.3 has been released. internetnews.com has a story on it where they talk with Paul Vixie, the founder of BIND's keeper ISC. In it he details why after so many years BIND has finally decided to offer commercial support. 'Many of the companies who use our software free of charge have told us that their corporate risk management strategy requires them to have a bona fide support channel for all of their critical operations,' Vixie said. 'In other words we were told that having the best software wasn't good enough, and giving it away for free wasn't good enough, we also had to ensure that commercial support was available or they could be forced to switch to software they didn't like as well just to get support.' The full press release on the BIND 9.3 release is also available."

First Post?

[Marxist+Hacker+42]

Maybe not.

On the topic however: Anybody know of a Windoze version of BIND out there I can use for schools? I'm looking into a controled DNS server solution for protection of kids on a DSL line at a Catholic School

Re:First Post?

[Marxist+Hacker+42]

Ok- it was first post, but reading I finally realized- BIND IS OSS! All I need to do is find the time to create my own version, with a nice little PHP web interface to do DNS lookup for teachers to approve sites for the kids server.

Re:First Post?

[superpulpsicle]

Heh Catholic School and Windows. That's like straight out warshipping satan on school grounds.

Re:First Post?

[Marxist+Hacker+42]

Pretty damn close. It's amazing what people think is GOOD. But it beats way back when I first volunteered at a Catholic School- the parents were all donating DOS systems and other early-80s 8-bit trash, but the Archdiocese required the main school system to be a $1200 Macintosh.

Re:First Post?

[Marxist+Hacker+42]

Why not? After all, Marx got his economic theories straight from Catholic teaching. Read Acts Chapters 4 & 5 sometime, you'll see the original inspiration for Das Kapital.

Re:First Post?

[NineNine]

Windows Server has a DNS service built in.

Re:First Post?

ISC has a windows version, works great.

ftp://ftp.isc.org/isc/bind/contrib/ntbind-9.2.3/ BI ND9.2.3.zip

(take out the spaces in the url above)

Re:First Post?

[0racle]

Your going to need to learn how to read first. Bind for Windows NT/2000 binary and source, just a little down the page.

Re:First Post?

windows server has bind built in?
(he did ask for bind, not the subpar windows version

Re:First Post?

[dasmegabyte]

So? If he wanted a quality DNS server, he would have asked about DJBDNS.

Dan Bernstein might be an, uh, "colourful" character, but his software is fast, easy to use, easy to admin, and all around better than anything Vixie & crew could offer. Plus this guy's devotion to security is nothing less than astounding. I trust his internet tools wherever possible...shit, i even run an instance of his no frills HTTP server for images.

Re:First Post?

reedin vasstlee overr-ated.

Re:First Post?

[njet]

as all djb software his dns also lacks CIDR, syslog and IPV6 support for a start....

Wait till the next exploit,,,

[darkjedi521]

Wasn't at one time BIND the IIS of the unix world? This could open them up to a world of problems if/when the next exploit shows up.

Re:Wait till the next exploit,,,

[otis+wildflower]

No, you're thinking of Sendmail.

Re:Wait till the next exploit,,,

[Rosco+P.+Coltrane]

I'm sorry, but who even uses BIND anymore? an article like that on 66.35.250.150 is truly News for Nerds...

Re:Wait till the next exploit,,,

How many exploits has BIND 9 had in how many years? Take your time looking it up, I don't mind.

Re:Wait till the next exploit,,,

[John+Starks]

Exploits are not uncommon in BIND, even today. Take a look at their security alert page, especially the matrix at the bottom. Security problems abound!

It's not clear why people continue to use BIND. It's probably because it's just assumed that it's the only thing out there. But everything from security to configuration is poorly done in BIND. I use tinydns (part of djbdns) instead on all my servers. It's written by Daniel Bernstein, the same guy that wrote qmail. He's got a great track record -- no security holes in any of his software, AND he backs up that assertion with a $1000 prize to anyone that finds such a hole. He makes a better case than I do for tinydns/qmail vs. BIND/sendmail than I ever could.

Re:Wait till the next exploit,,,

[T-Ranger]

I beleive that some of the vendor "supported" (that is, forks) of the 4.x series had more then their fair share of problems.

Mind you, there are still pleanty of place still running the 4.x codebase...

Re:Wait till the next exploit,,,

It's too bad that tinydns sucks, and is lacking features.

Re:Wait till the next exploit,,,

[morelife]

Security problems abound!

There hasn't been any significant security issue with BIND 9. Period. Your link points to BIND 8 stuff, which you shouldn't be using, specifically for those reasons, and I hope ISC stops supporting it soon, it's due for a quick death.

I use tinydns
Who gives a rat's ass what you use? Like an AC said earlier, and I paraphrase, "too bad tinydns is so lacking in features", when he was trying to be nice.

ISC's BIND is the reference implementation, in the free world anyway. Why don't you shut up and contribute code to it, instead of criticizing?

But everything from security to configuration is poorly done in BIND
Really. Such as.. ??

There are a couple of problems with BIND (out of the scope of this rant) which will eventually get worked out. One of them is with zone transfers. But it only happens to losers who don't understand how to design and deploy a componentized architecture suiting the application at hand.

Anyone who understand DNS, their OS's limits, and software applications can deploy BIND 9 in a frighteningly secure manner.

He's got a great track record

(re djb), Yes, but not necessarily in the DNS world. I don't understand. If it's so great, why haven't more professionals adopted it?

Re:Wait till the next exploit,,,

There hasn't been any significant security issue with BIND 9. Period.

What about those pluses in the matrix the grandparent posted?. Like the DoS_findtype that is rated as serious?

Re:Wait till the next exploit,,,

[morelife]

What about those pluses in the matrix

Not a BIND issue. OpenSSL. When OpenSSL has an issue, you'll be recompiling everything you built against it, I hope. Responsible vendors will notify users that their software will become vulnerable if compiled with _______________ as a result of the new vulns...

Re:Wait till the next exploit,,,

[ckaminski]

Bind 8.2 (maybe 8.0, not sure) had some serious nasty exploits. I know, I got nailed by 'em. But there were patches available like 5 or 6 days later, none of this 30 day - 6 month crap Microsoft gives us.

Re:Wait till the next exploit,,,

There hasn't been any significant security issue with BIND 9.

While waiting for the next security reports, we can talk about features, efficiency, code bloat, ease of configuring, ease of setting up.

Your link points to BIND 8 stuff, which you shouldn't be using, specifically for those reasons, and I hope ISC stops supporting it soon, it's due for a quick death.

*laff* Didn't they say the exact same thing about BIND 4?? I can't wait until BIND 10 .. This Time We Rewrote It Much Better.

But it only happens to losers who don't understand how to design and deploy a componentized architecture suiting the application at hand.

Uh-huh.

Anyone who understand DNS, their OS's limits, and software applications can deploy BIND 9 in a frighteningly secure manner.

Anyone who has deployed tinydns has deployed it in a frighteningly secure manner, you don't get to choose.

Yes, but not necessarily in the DNS world. I don't understand. If it's so great, why haven't more professionals adopted it?

When I discovered dnscache I literally dropped all my projects and deployed it on all systems. It is so amazingly simple and elegant. No more "watchdog" scripts. No more thinking "as soon as I have a chance to figure it out I need to reconfigure BIND to run chroot'd". No more watching security lists for BIND problems. No more dealing with an over-engineered config file format. tinydns doesn't *have* a config file! No grammars to learn, no misplaced semicolons, no watching /var/log/messages for errors after restarting.

Why haven't more professionals used it? Well, "who gives a rat's ass what they use" eh?

Re:Wait till the next exploit,,,

Shut up, Dan.

Re:Wait till the next exploit,,,

[/dev/trash]

I thought it was Sendmail that went thru a string of exploits one after the other?

Re:Wait till the next exploit,,,

You seem angry, shrill, and rather unstable.

Too bad named.conf fucked up your life, go home and kill yourself.

Re:Wait till the next exploit,,,

[John+Starks]

Wow. I offer my views about an alternative DNS server, and you get all emotional on me. What a nutcase.

The lack of features is an interesting thing to bring up, because it's not entirely clear what features you're missing. For internal nameservers, sure, I can see the utility of BIND; after all, you might be doing dynamic hostnames and stuff like that. But tinydns is designed for machines on the Internet. It has all the features you need and nothing you don't. In fact, I challenge you to name something that tinydns lacks that even 50% of sites on the 'net need. You can't.

I like how you tell me to contribute to ISC's BIND. Why would I do that? I already said I like tinydns. Why should I contribute to a buggy, poorly designed codebase? Why shouldn't I just accept tinydns and its solid security? More professionals don't use it simply because they're not aware it exists.

I encourage you to read DJB's rants against BIND and DNS in general. I could summarize them poorly here, or you could just follow my earlier link and read them yourself. Why don't you do that instead of blindly supporting BIND 9?

Finally, BIND 9 is relatively new, and is coded by the same organization as BIND 4 and BIND 8, no? Why should I believe that they "finally got it right" this time? After all, BIND 9 is a new codebase. djb's software has NEVER had security flaws. It's easy to set up. It forces you to properly separate DNS cache and nameserver. It's small. Quit clinging to poor software just because that's the UNIX party line.

(Oh, and by the way, BIND 9.x, x 2.1 had a DoS problem that was marked SERIOUS, liar. Who's to say it doesn't have more that have yet to be discovered?)

Re:Wait till the next exploit,,,

[John+Starks]

Bullshit. He mentioned the DoS flaw, but you completely ignored it. Also, older versions of BIND 9 INCLUDED the version of OpenSSL that had the flaw. So by extension, BIND 9 had the flaw since even recompiling would not have helped. You'd have to know to replace the included version of OpenSSL. And recompiling should not be necessary if you're using shared libraries. Liar.

Re:Wait till the next exploit,,,

[dracocat]

As long as we are offtopic... Any opinions on power dns? I just happened to be looking around for some DNS software that is a little more dynamic when I spotted this thread tonight...

Re:Wait till the next exploit,,,

[blakestah]

(re djb), Yes, but not necessarily in the DNS world. I don't understand. If it's so great, why haven't more professionals adopted it?


Dan is pedantic and stubborn, and people just don't like that.

His software is also incredibly good. I would NEVER IN MY WILDEST DREAMS set up a caching only dns server on a machine with BIND. It is just asking for trouble. I use tinydns on every machine, and never think about it again. It is easy to setup. It is easy to install. It is easy to configure. It is fast. It is secure.

You may think those machines will eventually get rooted, but I'm betting an asteroid causes the next ice age first.

Re:Wait till the next exploit,,,

[macdaddy]

Anyone who understand DNS, their OS's limits, and software applications can deploy BIND 9 in a frighteningly secure manner.

...and anyone that doesn't understand DNS, their OS's limits, or software applications should not be running any server, let along a nameserver, PERIOD, IMHO. The problem today is that there are way to damned many incompotent imbeciles that call them selves admins. Most of the rejects think they know Windows pretty well and thus can run any kind of server. It's really a sad state of affairs. I wish there was a certification that people had to acquire before they could call themselves an admin of any platform.

I run Bind. I run Sendmail. I'll always use both. I supplement Bind with rbldnsd. I have no need to supplement Sendmail. Both do what I want. Since I'm not an incompotent moron I don't have any trouble configuring either of them. The claims people make about both/either being difficult to admin or insecure are complete bullshit. If the person was a half-assed compotent admin neither would be a problem. I swear, what is the world coming to....

Re:Wait till the next exploit,,,

[morelife]

Wow. I offer my views about an alternative DNS server, and you get all emotional on me. What a nutcase.

Can you please point me to the link on cr.yp.to describing this methodology you tinydns zealots use (you know, the emotional nutcase strategy) against anyone who questions tinydns? Thanks.

challenge you to name s
proper granular logging, comprehensive acls, a proper fucking configuration file so that I can make and deploy across a platform disk based permanent changes without losing uptime or a built cache.. multithreading.. DNSSEC, transaction signatures, operator access control with cryptographic keys, extensible IXFR, and FINALLY, extensible RR's. Shortly DNS will be used for more than just zone data, why don't you get drop the attitude, get on the home team, and come in for the big win, son?

When ORSC or the regulars use tinydns, IM me. Oh, never mind, I'll be dead from old age.


I like how you tell me to contribute to ISC's BIND. Why would I do that? I..

Well, for one, it would get you off of Slashdot running the tinydns propaganda machine. And second, it might give you a freakin' clue as to the work that actually goes into developing a reference implementation of the RFCs..


I encourage you to read DJB's rants against BIND and DNS in general.
Thanks for the tip. I encourage you to kiss my white ass.


Why don't you do that instead of blindly supporting BIND 9?


I generally respect djb's work, especially the suing MS event, which I've been seeing now for many years.. actually I am not entitled to have an opinion on the person himself, and I'll abstain, since it might be colored by the ravings, flamings, and other output he's well known for but I have no reason to mention further.

More professionals don't use it simply because they're not aware it exists.

Now that is a wild claim, supposedly in defense of tinydns. I'd bet that 99% of serious BIND admins would name djb and tinydns when asked about a BIND alternative. They're connected to the Internet, remember??

Finally, BIND 9 is relatively new,
Finally, BIND 9 HAS BEEN OUT FOR SEVERAL YEARS.

Quit clinging to poor software just because that's the UNIX party line.
You know how I cling.. sorry.

had a DoS problem that was marked SERIOUS, liar.

It was wholly dependent upon openssl. 9.2.1 is two years ago. To say that it "continues" to have security problems is inaccurate, misleading to people who don't know better, and marks you as a raving jackass.

Who's to say it doesn't have more that have yet to be discovered

This asinine statement is not only useless since it can be applied to any software from any maker, but reveals what painfully little you really do know.

Please do not be in touch further unless you are coming over to install BIND 9.3.0 beta 2.

Re:Wait till the next exploit,,,

[morelife]

I would NEVER IN MY WILDEST DREAMS set up a caching only dns server on a machine with BIND. It is just asking for trouble.

I do it on FreeBSD bastion hosts with zero issues.

What's your problem, specifically?

Re:Wait till the next exploit,,,

djb's software has NEVER had security flaws.

No, he just won't pay out the $1000 because he can always blame the problem on the OS and thats not his problem. His stuff has the same race condition bugs that other systems have but he hasn't seen fit to fix them like others have.

Re:Wait till the next exploit,,,

[John+Starks]

I don't know anything about "the same race condition bugs," though I'm willing to learn. Enlighten me.

Re:Wait till the next exploit,,,

[Florian+Weimer]

Exploits are not uncommon in BIND, even today.

Critical exploits in BIND 9 still have to show up. The really nasty bug so far was actually in OpenSSL.

It's not clear why people continue to use BIND.

For the full resolver part, their are hardly any alternatives. If you need DNSSEC, your options besides BIND are even more limited.

tinydns is unusable for most people (who aren't masochists) because it doesn't conform to existing standards and parctice. Just speaking the DNS protocol is not enough, you also have to implement some of BIND's quirks, and more important: the software has to be maintained. DNS is still evolving, DJB's software is not. (Some of it doesn't even compile on modern, POSIX-conforming systems.)

Re:Wait till the next exploit,,,

There hasn't been any significant security issue with BIND 9. Period.

So Dan's comments about BIND 9 having 672 bugs in its history up to 9.2.2rc1 in 2002/08/08 don't warrant attention? How can anything have 672 bugs in somethat that should be so simple and not one of them be a possible security issue? Granted some of the "bugs" are "added another root server" which is more like a request. #1318 "libbind: Remote buffer overrun"

Dan mentions Bug 1252 which is "Dig, host and nslookup were not checking the address the answer was coming from against the address it was sent to." I suppose that's not a security risk where someone could easily forge DNS replies. I see a race condition #1523

Re:Wait till the next exploit,,,

[mi]

I use them both too, but find the sendmail's configuration hopelessly complex. The language, that sendmail uses for .cf is horrible. .mc files make it simpler, but it is still easy to get a non-obviously broken .cf, and for cool things, you still have to code in the .cf directly. Brrr...

Re:Wait till the next exploit,,,

[John+Starks]

"It was wholly dependent upon openssl. 9.2.1 is two years ago."

That is patently untrue bullshit, but you continue to lie about it. Perhaps you'd like to take a look at the CERT advisory if you still think I'm mistaken. Quit giving the OpenSSL guys all the blame.

Of course, this does not mean recent version of BIND are less secure than tinydns. They may even be more secure. But give ISC's track record, I'll stick with tinydns, written by an author that still holds an ounce of credibility regarding security issues in his products. You can deal with your downtime, lost productivity, and unhappy customers when you get hacked, DoSed, or just have to recompile BIND yet again.

Oh, and half those features you mentioned are unnecessary for 80% of sysadmins out there or you're just being unclear about what you mean. And that's pretty funny, telling ME to drop the attitude, since I only suggested a more secure DNS server for the general populus and you flew off the handle.

And it's unclear why the DNS management services you mention need to be included in the DNS server software. This is UNIX we're talking about, right? Since when did UNIX advocate one tool for many jobs? But that's precisely what BIND is.

Your attitude is what bothers me more than BIND, though. I hope you don't manage systems for a living, because I'd hate to be your boss. Your religious zealotry only serves to hurt your case, and you don't seem to be open to alternatives to the products you use. It smacks of unprofessionalism. You make blind assertions, blatently lie in several posts about the flaws of BIND, and exaggerate the usefulness of poorly designed and questionably standardized "features." I can only assume that you work for ISC or make money selling support for BIND, since you clearly want others to avoid even trying tinydns or evaluating it as an option. Good day.

Re:Wait till the next exploit,,,

Qmail has several security holes that Bernstein refuses to fix. It's also the least standard compliant MTA out there. No sane admin would use it, except to get revenge at their soon to be ex-employeer.

I wouldn't touch anything Dr. Berstein writes. He doesn't care about security or standard compliance.

Re:Wait till the next exploit,,,

[ectoraige]

It's not clear why people continue to use BIND.

I continue to use BIND because I don't like DJB's licence.

Re:Wait till the next exploit,,,

And, back in the real world, nobody gives a flying fuck.

Just thought I'd remind you both in case you'd forgotten.

Re:Wait till the next exploit,,,

[lars_stefan_axelsson]

I run Bind. I run Sendmail. I'll always use both. I supplement Bind with rbldnsd. I have no need to supplement Sendmail. Both do what I want. Since I'm not an incompotent moron I don't have any trouble configuring either of them.

Yes, well, I knew how to fix my old 1971 SAAB with just a screwdriver and a wrench, and it always did what I wanted too, but that's not to say that I still drive it (went to the wrecking yard as a matter of fact). Because, quite frankly it was a piece of shit.

And that's my sentiment regarding sendmail to. Sure an expert can get it to do what he/she wants but it's still well past its prime. I switched to postfix and have never looked back.

Re:Wait till the next exploit,,,

[jadavis]

Except that some distros are very open. If there was really a movement to change, it could happen. The browser on windows is entirely controlled by one company.

Re:Wait till the next exploit,,,

[Draknor]

Whoah - when did IE start getting included in Linux distributions?

(Yes, you may groan now...)

Re:Wait till the next exploit,,,

[niittyniemi]

> I continue to use BIND because I don't like DJB's licence.

I call FUD. djb thinks licensing is a lot of nonsense.

Hence, my copy of Qmail doesn't even get shipped with a license.

There's a lot of crap talked about the "evil Qmail license", crap because no such thing exists unless you happen to ask djb to give you one. As djb puts it:

"If you think you need a license from the copyright holder, you've been bamboozled by Microsoft."

Re:Wait till the next exploit,,,

[Directrix1]

BIND has always been buggy. Use djbdns if you want simplicity, stability, and security.

Re:Wait till the next exploit,,,

[Russ+Nelson]

What do you want to do that His license prevents you?
-russ

Re:Wait till the next exploit,,,

[Russ+Nelson]

Um, dude, DNSSEC doesn't work. Even the bind people say that. They only implement it because people dumber than them have it on their checklist. Yes, I'm talking about you.

tinydns has had disk-based permanent changes with no loss of uptime from version 0.0. tinydns supports all RR types, now and forever. You may need a pre-processor for newly-created RR types; oh well. At least you can serve up any record you want. If you can't get the least details about tinydns correct, I have to wonder if you know anything.

And finally, the existance of fixed bugs is an indicator that more bugs remain to be fixed, not that there are no more bugs. It's the absence of any bugs in the first place that indicates that the software was well designed in the first place.
-russ

Re:Wait till the next exploit,,,

[the+morgawr]

If he doesn't give you a license, you are stuck with the default rights under Copyright Law. That's DJB's "license".

As such you can't make changes and distribute them as part of a integrated set (in theory you could distribute just the patches but it's a grey area). Hence many people consider it "un-free". Some people see this as a problem.

Re:Wait till the next exploit,,,

[ectoraige]

Neither of which are without their flaws.
IIRC maradns isn't even under active developement anymore, and powerdns had a number of bugs which were filed under "strange".

FYI, while BIND comes with FreeBSD, I actually use the ports version of it over the built-in one. I could use something else, I choose not to.

Re:Wait till the next exploit,,,

[ectoraige]

Distribute it to clients as part of a custom distro.

Re:Wait till the next exploit,,,

[niittyniemi]

> If he doesn't give you a license, you are stuck with
> the default rights under Copyright Law. That's DJB's "license".

Correct.

> As such you can't make changes and distribute them as part of a
> integrated set (in theory you could distribute just the patches but
> it's a grey area). Hence many people consider it "un-free". Some
> people see this as a problem.

Some people want too much. It's his copyrighted work and it's his right to say how his work is to be distributed (if at all). There's no "grey area" about patches, they're copyright of the person who wrote them and they get to choose how to distribute them.

That doesn't mean that you can't approach djb and ask him for license to distribute his software and patches; unless you choose to instead moan and sulk about the software he wrote being "un-free" as some Linux distributions have.

With djb's software you get a chance to negotiate a license to re-distribute the software, with GPL you get the license thrust upon you - take it or leave it.

I prefer the former both as a user and potential developer.

Re:Wait till the next exploit,,,

[John+Starks]

This does not make any sense at all to me. Ok, great, you use BIND and Sendmail. They work for you. But WHY use them? They have a history of security issues. There are alternatives in high use that have no such history. Why risk the chance of yet another flaw when you can use products such as djbdns, qmail, postfix, etc. that are designed for security?

Yes, fine, any admin worth his salt should be able to configure BIND and Sendmail. And it is possible to minimize (but not eliminate) the dangers of running either through the use of chroot, priviledge separation, etc. But that does not explain why it is prudent to run either program. There are alternatives to both that are easier to configure (== more time spent on more important tasks) and likely (based on track record) more secure (== less downtime next time there's a security hole discovered).

One does not have to be a masochist to be an admin, contrary to your views.

Re:Wait till the next exploit,,,

[JerkBoB]

Any opinions on power dns?

I loves it.

mysql> select count(id) from domains;
+-----------+
| count(id) |
+-----------+
| 809 |
+-----------+

809 domains (I run an ISP/Webhosting co.) in a MySQL DB which is replicated across 3 machines. We switched over from BIND about a month ago.

Uptime: 25.4 days Queries/second, 1, 5, 10 minute averages: 10.9, 10.8, 10.9. Max queries/second: 36.5
Cache hitrate, 1, 5, 10 minute averages: 53%, 52%, 53%
Backend query cache hitrate, 1, 5, 10 minute averages: 58%, 58%, 58%
Backend query load, 1, 5, 10 minute averages: 8.04, 8.45, 8.51. Max queries/second: 28
Total queries: 21330758. Question/answer latency: 0.067ms

Running 2.9.16 on Debian Woody servers. Rock-solid stable, quick, and I love the scalability. I wrote a nice set of Perl classes for DB manipulation, and tied it all into our provisioning system. It was easy with the MySQL backend.

</fanboy>

This is a simple reality in corporate use

[Martin+Blank]

No support, no sale.

I can understand it to a degree; there's no guarantee that the version installed today will not be completely dropped next month. It gets a little aggravating when it holds up an entire project, though, because of one small piece.

The upside, of course, is more funding for critical projects.

Re:This is a simple reality in corporate use

[ron_ivi]

ROI?

How often have you guys seen positive ROI on a support contract?

I think as an organization gets larger, ROI analysis would suggest that they're better of managing the risks themselves -- just like at some scale it can be worth it to be self-insured in some things.

Many of these support contracts are really just the "Circuit City Extended Waranty" of the corporate world.

Re:This is a simple reality in corporate use

I don't think one can compile the Linux Kernel with ICC since the make files are incompatible along with the fact that the kernel has drawn hevily on glibc, so much so that it may be dependent on some of the non ANSI features of GCC and glibc.

Re:This is a simple reality in corporate use

[Dark+Lord+Seth]

there's no guarantee that the version installed today will not be completely dropped next month.

As far as I know, that doesn't stop a whole lot of software companies from doing just that every year, forcing their customers to either upgrade at 80% of the full price or watch support for their current version dwindle down to the eventual EOLing in a year or two, maybe three. That is two or three years/version down the road of said product.

Also, what kind of support are we talking about here? REAL support as in talking to one of the developers regarding some weird bug one has encountered? Or support as in cheapo callcenter with underpaid operators where your worth is judged on how quickly you get your ass of the line?

Re:This is a simple reality in corporate use

[AhBeeDoi]

I can understand it to a degree; there's no guarantee that the version installed today will not be completely dropped next month. It gets a little aggravating when it holds up an entire project, though, because of one small piece.

One could make that statement about any product. That's when you have to rely on the track record as a guage of likely future actions.

Re:This is a simple reality in corporate use

[Shakrai]

Many of these support contracts are really just the "Circuit City Extended Waranty" of the corporate world.

Have you ever known a PHB that didn't get the extended Circuit City warranty? That's what this is all about -- selling it to the PHBs of the World so we can go on using our OSS that we know works and even with the support contract is cheaper then the commercial alternative.

Re:This is a simple reality in corporate use

[KimiDalamori]

Why would a coporation be worried about it being dropped? If anything, Open Source projects seem to be a haven for ancient code where it can linger on forever and ever, continually being tweeked and improved over the ages.

On the other hand, I suppose if some huge IT company wanted to give me money for something I did for free in the community-based support forums alredy availiable, I'd take it too.

Re:This is a simple reality in corporate use

[gl4ss]

Yeah.. so essentially what's needed is a piece of paper and some money exchanging hands for them to feel good about having bought something.

volcano insurance of sorts.

Re:This is a simple reality in corporate use

[NineNine]

It's not about whether it works or not. It's about being able to call somebody at 2:00AM when a critical machine goes down, as opposed to waiting for your Usenet post to get propogated, then hoping that l334G33k425 responds to your message in a timely manner and gives you the correct answer. Case in point... my retail businesses have a POS system that I paid for. Granted, there aren't any truly viable OSS ones out there yet, but assume there are. It's worth the money for me to be able to get someone on the phone 30 seconds after it crashes to get my business running again. Or if an employee fucks something up, I know that I can absolutely get someone on the phone who will eventually fix my problem. I don't care how good a competing OSS project is supposed to be: no software is perfect, and there absolutely, positively MUST be someone to fix it when the shit hits the fan (as it always does, eventually). When your rent & power bill & paycheck is on the line every day (as mine are), you don't fuck around. Period.

Re:This is a simple reality in corporate use

[whoever57]

Have you ever known a PHB that didn't get the extended Circuit City warranty?

I have found that making people understand why they don't need to buy extended warranties is fairly easy: you just have to pitch it right.

The key is to get them to agree that the warranty is merely insurance and then point out that they can self-insure. In other words, that they could put the warranty money in an account that is only used to buy replacements for broken products.

Put in those terms, even PHB's usually get it.

Re:This is a simple reality in corporate use

[Martin+Blank]

In my experience, it doesn't matter if support is 24/7 or three hours a day on odd days of the week every other month. So long as there's a support contract involved, that will get it in over something that has no formal support. I've seen companies buy one product over another solely because, while both are commercial software, one of them offers an option for a support contract and the other does not, whether or not the other one is paid support.

Where I'm at now, it's not uncommon to see support contracts for one product (and not anything from or as ubiquitous as Microsoft, either) reach a quarter of a million dollars a year or more. It's insane.

Re:This is a simple reality in corporate use

[jdray]

While I wouldn't have put it quite the way you did, I have to agree with you. If the OSS community keeps up the attitude that Shakrai puts forth, adoption into corporate datacenters and business areas will be slow and agonizing. As you said, people want assurances.

The upside is that companies are used to and willing to fork over large sums of cash for those assurances. So, if you love an OSS project enough to dedicate your life to it, then get to know it inside and out and start offering commercial support for it. If the product is stable, you never have to answer the phone. If you charge $500 per year for support, 100 customers makes for a tidy income. And, honestly, most midsize corporations wouldn't even blink at $500 per year for support on something that goes on a server, unless it was in astonishment at how cheap it was.

Re:This is a simple reality in corporate use

[homer_ca]

I know the corporate world requires service contracts, but this still makes no sense. Since almost all *nix vendors ship BIND, you can already get commercial support from your vendor, whether it's Redhat, Sun or HP. The only scenario I can think of where you'd might want commercial support from ISC is if your vendor shipped some old version like BIND 8 and you absolutely need some feature in the latest and greatest BIND 9.

Re:This is a simple reality in corporate use

[jdray]

Yup. It's amazing what happens when you pay US$1.5M for software, then the "standard annual maintenance fee" of 17% (plus or minus 2%).

Re:This is a simple reality in corporate use

[ron_ivi]

Places I've been, it's taken Oracle Support *days* to get systems up and running - and at as often as not, the in-house DBA or database programmers who worked around the problem _before_ Oracle Support came through.

ROI calculations are easy, though. If your website might be down for 18 hours while your in-house support guy finishes sleeping, wakes up, and reconfigures BIND; and your web site makes $1000/hour; and the chance of this happening is 10% each year; it's very easy to translate to dollars.

How much business do you lose in those 30-seconds?

I think more .com's died because they overdesigned their "zero-downtime incase California sinks in an earthquake, so let's have our database mirror'd around the world"; rather than think through the (modest) implications of a couple hours downtime.

Re:This is a simple reality in corporate use

[ChoyLeeFut]

It's worth the money for me to be able to get someone on the phone 30 seconds after it crashes to get my business running again.

30 seconds??

Wow... you've never had to deal with support from Monolithic Corporation Inc., have you? ;-)

Re:This is a simple reality in corporate use

Parent wrote: "ROI calculations are easy, though. If your website might be down for 18 hours while your in-house support guy finishes sleeping, wakes up, and reconfigures BIND; and your web site makes $1000/hour; and the chance of this happening is 10% each year; it's very easy to translate to dollars.

How much business do you lose in those 30-seconds? " $1000/hr * 18 hrs * 10% chance/yr = $1800/yr

If your support contract costs more that $1800, don't do it.

(Note that the $1000/hr web site is making $8 Million/year. If your web site makes less than $8,000,000/yr, you should pay even less.

More realistic numbers for most sites would be

$100/hr * 4 hrs (assume a pager) * 5%/yr

Or about $20/YR.

Please plug in your numbers and post... I'm interested to see how other companies compare.

Re:This is a simple reality in corporate use

> ...you don't fuck around. Period.

Given that you are posting on Slashdot, that goes without saying.

Re:This is a simple reality in corporate use

[bofkentucky]

I dunno about that, look at covalent, they basicaly sell and support apache (and keep much of apache's core team employed). At the same time I don't see netcraft reporting tons of "covalent server" or whatever they are calling it these days.

Re:This is a simple reality in corporate use

[Da+Web+Guru]

Why would a coporation be worried about it being dropped? If anything, Open Source projects seem to be a haven for ancient code where it can linger on forever and ever, continually being tweeked and improved over the ages.

Just because it is an open source project doesn't mean that there will always be someone around to update it when there is a major (i.e., root) exploit found for it. That may be fine for smaller setups where you can just firewall something off really quickly, or maybe do a quick code change here and there to temporarily "break" the functionality that causes the issue. Many corporate setups don't have the luxury of quickly hacking in a fix for every little issue as soon as it comes out, especially when downtime is not an option. They have to worry about things like debugging, testing, reintegration, and redeployment. If there is a support contract a corporation has someone to call to complain to and demand a fix from. Corporations also don't have the option to just up and change their entire setup if a particular software product suddenly becomes no longer available. It's not always easy to just rip out a DNS server and install a new one in it's place. There are usually several other scripts and programs that have been integrated into it and depend on that software's specific setup in order to function properly.

Re:This is a simple reality in corporate use

[Martin+Blank]

I just remembered one place I was at where the software we bought had a support contract that was a downsell. The annual contract was for $5000 or so a year. Sending a tech out cost $400 per hour. Travel time and travel cost -- from New Jersey to California -- were paid by the customer. Minimum charged onsite time was eight hours. One day could (and usually would) easily outstrip the annual costs.

I once asked the justification out of curiosity. I was told that they REALLY hated it when people made them keep track of hours, and this way they didn't have to when people had their service contracts.

Re:This is a simple reality in corporate use

[nzkbuk]

A large part of corporate management doesn't rely on track records. And most support contracts that are purchased include penalty clauses.

Re:This is a simple reality in corporate use

[mpe]

It's not about whether it works or not. It's about being able to call somebody at 2:00AM when a critical machine goes down, as opposed to waiting for your Usenet post to get propogated, then hoping that l334G33k425 responds to your message in a timely manner and gives you the correct answer. Case in point... my retail businesses have a POS system that I paid for. Granted, there aren't any truly viable OSS ones out there yet, but assume there are. It's worth the money for me to be able to get someone on the phone 30 seconds after it crashes to get my business running again.

Assuming that the person on the end of the phone does actually fix the problem. It isn't unknown for organisations with "commercial support" to make use of usenet/Google/etc in preferance to picking up the phone.
Since very often the people signing the "support" contracts are not the people who use the service they may not be able to tell the difference between a contract to have a vendor make best effort to fix a problem and one which simply requires the answering of a phone call or the sending of a warm body within X hours.

Re:This is a simple reality in corporate use

[mpe]

As far as I know, that doesn't stop a whole lot of software companies from doing just that every year, forcing their customers to either upgrade at 80% of the full price

Where the customer is also likely to wind up with a large bill for "consequential costs"

or watch support for their current version dwindle down to the eventual EOLing in a year or two, maybe three. That is two or three years/version down the road of said product.

This is a technique proprietary software vendors appear to have hit on as a method for gaining extra revenue. It's a technique which dosn't work well with OSS, since no-one, not even the copyright holder can "kill" software with an OS licence. In many real world situations it can take several years to "shake the bugs out" of software.

Also, what kind of support are we talking about here?

The term "support" is one which has been abused to the point where it can be meaningless in many contexts.

REAL support as in talking to one of the developers regarding some weird bug one has encountered?

With proprietary the developers are anonymous, you have no way of knowing if the person who wrote program foo has any contact with vendor bar any more. Whereas with OSS developers tend to have real contact details and anyone can become one or study the code in order to understand it as well as whoever wrote it.

Or support as in cheapo callcenter with underpaid operators where your worth is judged on how quickly you get your ass of the line?

Is this a "support" contract or a contract to have someone answer phone calls?

Re:This is a simple reality in corporate use

[jcinnamond]

Yeah, it's really good to know that if some critical application goes down I can call the support number and be asked "Have you installed the latest patch?"

Every support contract I've seen has an SLA that guarantees response time, not resolution time. It would be nonsense to suggest that I could call a supplier up and have a fix straight away unless I'd missed something really obvious. (If this was the case then sacking me would make more sense than paying for an expensive support contract.)

I have also seen suppliers decide not to fix a problem because it was not commercially viable for them to do so. It's no good being indignant in this case, your suppliers need to make money as much as you do.

The whole concept of support contracts pisses me off. Of course it is sometimes useful to have someone on the end of the phone, or more usually on the end of an email, when I run out of knowledge. At the same time though it is important that I have a clue and can diagnose and resolve problems on my own. Contacting a supplier for help should be the exception, not the rule, and I don't think it makes sense to pay a large amount of money every year just in case I need to call someone.

Conversly I don't expect to have to keep paying someone to fix bugs in the software they sold me in the first place. I wouldn't pay my television manufacturer a big chunk of money just in case the product they originally sold me was defective. If you are paying someone a continuous amount of money to work towards the solution you need then this should be understood from the outset and the price should reflect this.

Taking the business risk decision that "we need a support contract in case the product breaks" is dumb unless the support contract has SLAs for fault resolution. Until you have that there is no business gain (let alone any technological one) from having some wet behind the ears employee go through checklist of dumbarse questions that need to be answered before you can open a support case that then sits in a queue waiting to be assigned to the person who actually has enough knowledge and experience to resolve your problem. In the interim you get a stupid email every 12 hours (or 4 hours, or 5 minutes, or whatever you've paid through the nose for) telling you that your case is being looked at.

Don't get me wrong, I've nothing against ISC offering commercial support and I hope that they make a big pile of money from it. It just makes me angry when people refuse to adopt a technology on the grounds that it doesn't come with a support contract, thus assuming that the support contract is inherently more useful than emailing the people who wrote the code, or asking a mailing list full of people who actually care about the quality and success of the product they are developing.

My paycheck is on the line (to some extent), and I don't fuck around. I've never found myself in trouble due to lack of support from an open source project. Even if I don't get a response back from the "l334G33k425" (or in most cases the professional programmers taking pride in a piece of software they write and feeling a sense of social and community responsibility to the people who use the software), at least I can look at the source and try to understand the problem for myself, or maybe even fix it. It might not work every time, and sometimes I haven't been able to resolve a particular problem, but I've never found a support contract that served me better.

--John

Re:This is a simple reality in corporate use

[Alex]

I think more .com's died because they overdesigned their "zero-downtime incase California sinks in an earthquake, so let's have our database mirror'd around the world"; rather than think through the (modest) implications of a couple hours downtime.

This hits the nail on the head - I saw the exact same thing companies which had no customers but which had spend $5m on DR sites.

Alex

Re:This is a simple reality in corporate use

Our VCs once had a get-together of all the CTO/CIOs of their portfolio companies so we could learn from each other's mistakes. The CIO of the most-successful-at-the-time but-now-long-gone company stated that he thought the single biggest mistake the company ever made was over-designing their zero-downtime ideas.

These guys literally had a large real-time replication (something parallel server) for a quite large volume e-commerce database located in different places around the country. He said the support costs (both internal (people knowing the replication stuff) and external (buying the replication stuff and support for it)) cost far far more than they any downtime ever could have cost them.

Re:This is a simple reality in corporate use

"then hoping that l334G33k425 responds to your message"

is this really better than someone 12 timezones away learning to speak english who doesn't even work for the company you think you're calling.

more often than not, the person you call is from Daksh or a related company. If you're lucky this guy will happily email l334G33k425 during your 30 second phone call and call you back when 1334G33k425 responds to him.

Re:This is a simple reality in corporate use

"...no customers but which had spend $5m on DR sites"

yeah, i can only wonder if you're refering to my old .com... but i'm sure we weren't alone.

Re:This is a simple reality in corporate use

[AhBeeDoi]

Ceteris paribus (as they say in the dismal "science"), the vendor with the track record (or maybe just a reputation) will win out over the unknown. Kinda reminds me of the old chestnut, "Nobody ever got fired for choosing IBM." Decisions aren't made solely on track record, but it can tip the scales.
Penalty clauses make sense if you are buying a whole lot of mission critical stuff and want your vendor to share in the "down time" cost, but I don't see how that applies to BIND. It's free. I'm not sure what type of "support" BIND needs other than making sure that it has been set-up correctly. Of course, you will need a reasonably competent network administrator (who presumably can set it and make changes as needed). This is not a situation where you sign-up for parasitic consultants to embed themselves in your network and charge fees for little or no visible work.

Finally

I've been waiting forever for them to get this resolved.

Re:Finally

I don't think one can compile the Linux Kernel with ICC since the make files are incompatible along with the fact that the kernel has drawn hevily on glibc, so much so that it may be dependent on some of the non ANSI features of GCC and glibc.

Re:Finally

[Ifni]

+1 funny. I love puns - lowest form of humor my ass. Of course, I do read /., so what do I know...

Is this a good thing?

[NivenHuH]

Hopefully the ISC won't turn this into a RedHat situation.. They find that corporate use is profitable, and release a closed-only solution to corporations, while forking the code over to another open source project..

Re:Is this a good thing?

Just like sendmail did.

Re:Is this a good thing?

> Hopefully the ISC won't turn this into a RedHat situation.. They find that corporate use is profitable, and release a closed-only solution to corporations, while forking the code over to another open source project..

How did this get a "Score 3, Insightful" when it's so completely WRONG?!? All the Red Hat source code is freely available - how "closed-only" is this?!?

Re:Is this a good thing?

[NivenHuH]

I didn't say closed-sourced.. I said a closed-solution.. (as in, RedHat is only distributing RH Enterprise, and forked it's project over to Fedora)..

Re:Is this a good thing?

[MavEtJu]

RedHat always have sold their software (but you could download it for free).

With BIND from the ISC you can download their software (but you can also buy a support contract for it).

If you take into account that one of the goals of BIND is to make a reference platform for all features, you can't really do that with a closed-only solution.

Re:Is this a good thing?

[sloth+jr]

RedHat's not closed source. They provide source code, though they do add (IMO) unreasonable and possibly not legal restrictions on distribution of the binary packages. The SRPMs are available on-line however, hence, they've provided you the source - hence, they're "open source".

Regardless, it'd be disingenuous to suggest that RedHat merely reaps opportunity off the hard work of others. That's true, of course, but they certainly contribute to many open source packages, not the least of which include kernel development.

sloth jr

Re:Is this a good thing?

[NivenHuH]

Touche. =)

Re:Is this a good thing?

No all RedHat stuff is freely available too... Even though they have the source code. You cannot get hold of some stuff directly without being a (paying) subscriber to their Red Hat Network (or whatever it is called now).

Re:Is this a good thing?

[SuiteSisterMary]

When you release a binary for source under the GPL, you can put whatever restrictions on that binary you'd like. You must also, however, release the source on request, and cannot put any restrictions other than the GPL itself upon that source code./P

Best software

Wasn't BIND plagued by a similar bug strain as sendmail was?

Why is this a surprise?!

[Da+Fokka]

If you are running any kind of critical operation, support has to be guaranteed. And in our capitalist world, that means paying for it. No matter how good it is, free software has no guarantees whatsoever. And companies need those guarantees. Simply because in court a 'we'll do our best to support our l33t software' is just not good enough

Re:Why is this a surprise?!

[AhBeeDoi]

Nobody says that support can't come from a third party. I'm sure there a many consultants/groups (many of whom may be contributors to the project) available that can provide the necessary support.

Re:Why is this a surprise?!

[h00dLuM]

The monstrous beast of a company I work for let me set up a linux box running apache/nagios network monitor, unofficially. When I was done, my manager came by to inspect it and and was quite impressed, but I cringed when the launch screen came up with the usual "Not guaranteed for fitness or any purpose" or whatever.

Then he notices the note at the bottom of the browser about Free Software, he asks me how much it would cost to buy licenses, and my stupid answer is "It doesn't cost anything, (yeah yeah my time) it's free!"

His reply: "I don't trust free."

I disagree personally, but this is our corporate environment.

That frigging Not guaranteed for any purpose thing has somehow got to go, although I know that it's fundamental to the GPL.

Re:Why is this a surprise?!

[NineNine]

His reply: "I don't trust free."

That's completely reasonable. Would you take a hamburger from a guy on a street corner that was giving them away, even if he assured you that they were perfectly good... he just made them himself this morning?

Exactly.

Re:Why is this a surprise?!

[operagost]

but I cringed when the launch screen came up with the usual "Not guaranteed for fitness or any purpose" or whatever.

Guess what? The Microsoft EULA (along with most other companies') says the same thing in other words. And you DO pay hordes of money for those without getting any real support, until you pay hordes more. Might as well get the right free product and buy competent support and save one horde.

Re:Why is this a surprise?!

[po_boy]

Free Porn. Period. [ninenine.com]

Would you take porn from a guy on street corner that was giving it away, even if he assured you that it was perfectly good...

Perhaps some analogies are flawed, I guess.

Re:Why is this a surprise?!

The thing is, with open source you get to see exactly what goes into the product, as well as having the the actual product.

Also, the producing of the product doesn't cost anything! And it allows people to help you make your product better.

While i can see how there are people out there that don't get it, you also must see that your hamburger analogy is flawed.

Re:Why is this a surprise?!

I sure would- if he ate a few himself first.

Re:Why is this a surprise?!

[potus98]

I've been in companies with such "vendor support is mandatory" policies and guess what? While they INSIST on making lame s/w decisions because of some policy written by some internal-audit-accounting dweeb, they don't invest in a true dev/test/qa/prod environment.

They build some "fantastic" infrastructure, higher 1/2 the skillsets they need to properly support it, and then some pointy haired boss tells you to "Go test a Solaris 10 upgrade on that nice XP-Pro Dell laptop of your's son. Then, schedule an outage of the E15K tonight for the upgrade from Solaris 2.5." "But sir, I don't think that's a valid..." "Whoa! Are you telling me you're not Sun Certified? We've got to get that production server upgraded tonight! Audit is coming through tomorrow and we're like 7 1/2 versions behind!!!" "But sir, the application has not been certified to run on Solaris 10, and besides, we..." "Damnit son! Winners have a can-do attitude. Losers always have the excuses. Are you a loser son?"

And so it goes...

Also, doesn't it seem strange that many companies insist on support for any s/w tools they use, build some super-duper infrastructure, make it highly-available, mega-redundant, etc..., THEN the app is delivered via the Internet!?!? All of their customers/clients/branch offices must traverse the Internet to use the app. Where do they buy their Internet support contract? Their ISP? Well, that's nice! At least 4 of the 18 hops are covered.

Overall, those type of corporate decisions are the result of blind policy-following drones. In the case of DNS (and many other apps) redundancy and resilancy is built-in! Deployed properly, who cares if one of the DNS servers goes down for a few hours (or even days in some cases).

In my experiences, those panic 2am support calls are usually a result of poor change control, lack of testing, poor planning, and other (easily avoidable) problems.

Re:Why is this a surprise?!

[Theatetus]

That frigging Not guaranteed for any purpose thing has somehow got to go, although I know that it's fundamental to the GPL.

Read your (Microsoft|Sun|Oracle|Intuit|etc.) EULA some time; it says the same damn thing

Re:Why is this a surprise?!

His porn's not that good. One of the links caused Norton to freak out because of some bytecode VM virus of some sort, and popped up a bright yellow page, warning me that the FBI was watching me.

Riiight. Like they'd tell me if they were anyway.

NineNine seems mostly to be an effective troll.

Re:Why is this a surprise?!

Would you take a hamburger from a guy on a street corner that was giving them away, even if he assured you that they were perfectly good... he just made them himself this morning?

No, but if I myself owned a hamburger replicating device that could make an exact copy of his hamburger, and if he clearly worked hard on making that hamburger for himself and it looks like a pretty good hamburger, then I might use my hamburger replicating device to make myself a hamburger exactly like his hamburger. (Before he takes a bite of it, of course.)

Re:Why is this a surprise?!

That frigging Not guaranteed for any purpose thing has somehow got to go, although I know that it's fundamental to the GPL.

Why does rubbish like this get modded "insightful"?
I suggest the author (and the brain-damaged moderator who rated the post "insightful") do the following.

1. Read the GPL. There's nothing to prevent any company from offering a warranty on GPL'd software, and charging for providing a warranty.
2. Read a Microsoft EULA. You do not get a warranty. And, no third party can provide one, because they don't have access to the source code.
   

Of all the FUD thrown at Open Source, the "warranty" rubbish is the most ridiculous.

Re:Why is this a surprise?!

Would you take a hamburger from a guy on a street corner that was giving them away, even if he assured you that they were perfectly good... he just made them himself this morning?

Bad analogy. You can't look at a hamburger and see exactly what ingredients went into it. When you get Free Software, you can see exactly what it is made of.

Re:Why is this a surprise?!

[Shimbo]

Read a Microsoft EULA. You do not get a warranty.

You get an implied warranty of fitness for purpose in many juristictions, although that is likely to be limited to a refund.

Re:Why is this a surprise?!

[cyways]

Show him the (US) Microsoft EULA in his copy of Windows at \\systemroot\system32\eula.txt. What guarantees does he get here?

"NO OTHER WARRANTIES. To the maximum extent permitted by applicable law, Manufacturer and its suppliers disclaim all other warranties, either express or implied, including, but not limited to implied warranties of merchantability and fitness for a particular purpose, [my emphasis] with regard to the SOFTWARE, the accompanying written materials, and any accompanying hardware. This limited warranty gives you specific legal rights. You may have others which vary from state/jurisdiction to state/jurisdiction.

NO LIABILITY FOR CONSEQUENTIAL DAMAGES. To the maximum extent permitted by applicable law, in no event shall Manufacturer or its suppliers be liable for any damages whatsoever (including without limitation, special, incidental, consequential, or indirect damages for personal injury, loss of business profits, business interruption, loss of business information, or any other pecuniary loss) arising out of the use of or inability to use this product, even if Manufacturer has been advised of the possibility of such damages. In any case, Manufacturer's and its suppliers' entire liability under any provision of this agreement shall be limited to the amount actually paid by you for the SOFTWARE and/or Microsoft hardware."

These exclusions appear in nearly every software product I own. Hell, I include them in every support contract I write, and I use all open-source products. No one want to be sued for eighty gazillion dollars in alleged lost revenues when someone's server crashes.

Re:Why is this a surprise?!

[Brian+Boitano]

How much do you have to pay before the burgers become trust-worthy?

Re:Why is this a surprise?!

[Etyenne]

No, I would say NineNine have a decent TPG. Surf with Linux, or use Firefox on Windows at the very least, and do without these stupid popup and virus bullshit.

Autopr0n is another /. pornographer. His site have less gallery, but it's much cleaner, and every gallery carry a witty (and sometime funny) description he wrote himself. The poor boy run his TGP on Windows, so be gentle with him.

Good to see they're 'getting it'

[mgkimsal2]

Not specifically the BIND folks, but it's good to see that people are more and more waking up to this fact. Hopefully the fact that something is 'open source' and people are 'making money' from it won't be a newsworthy item in the near future.

What I think many programmers don't understand is that most people will often choose a so-so product from a well-run business over a better product from a poorly run business or organization. Having no guaranteed support mechanism for BIND (and other projects) does hurt adoption of those projects in many organizations. Option support is essentially the best of both worlds, as long as the prices aren't cost prohibitive. If pricing is too high, there's much less incentive to switch, because people will usually settle for 'good enough' when 'way better' costs a whole lot more.

Re:Good to see they're 'getting it'

Yes, I hope we see lots of companys springing up to fill the support need and employ a couple IT people. Just be warned, when this does start to happen, MS wont be happy. I predict a whole new twist coming from MS soon, keep your tinfoil hats on folks!

The best software?

[ybmug]

Hopefully that wasn't in reference to Bind. I know a few people who might take issue with that...

Re:The best software?

[Triumph+The+Insult+C]

like who? that maniac djb who just denies holes exist in his software to get out of paying?

Re:The best software?

Perhaps you could enlighten us as to which hole to are referring to. Or are you speaking out of your own hole?

<PHB>Who needs competent sysadmins?

[GypC]

We bought support. The god-like powers of software vendors are obviously much superior to those of anyone that would work for us, even if the source code is open. </PHB>

pkill -HUP named

Apr 22 16:26:24 localhost /usr/local/sbin/named[1676]: loading configuration from '/etc/named.conf'

BlIND?

[chipster]

Either I am BlIND, or the only release of 9.3 available is 9.3.0beta2.

One support contract to bind them all?

[Neil+Blender]

Bah. DNS is for outsourcing anyway.

In technical terms...

[Rosco+P.+Coltrane]

"About every year or so they declare it complete, and then implementation begins and we discover that it's actually not complete," Vixie told

Given what Paul Vixie is famous for, I'd say the lines are:

0 0 1 1 * /bin/sh -c "echo it's complete"
5 0 1 1 * /bin/sh -c "echo nevermind..."

He's bona fide. What are you?

[straponego]

Bind: I am the only daddy you got! I'm the damn paterfamilias!

Suit: But you ain't bona fide!

Todo

[T-Ranger]

1. Do a business name search on "BIND Support International".
2. Register it
3. Ditto for good domain name
4. Get letterhead printed
5. Randomly invoice big companies
6. ??
7. Profit!

Re:Todo

[morten+poulsen]

You can leave out #6, it will work as it is ;-)

Re:Todo

[arduous]

Chesley Rafferty, is that you?? DNA mail out fraud

Re:Todo

[Adam9]

6. Make sure invoice amount is low enough so some companies pay it without investigating the bill

Read your EULA please.

[Moderation+abuser]

Then come back and start telling us about the guarantees that you get. Oh, and have a look at your support contracts as well to see exactly you are guaranteed.

I think you'll find they amount to little more than "we'll do our best to support our l33t software".

Re:Read your EULA please.

[NineNine]

At the very least, you can tell a company that if it doesn't get fixed, you won't buy another piece of software from them, and neither will anybody else you know. An OS person will tell you to fuck off. I'm the leader of a user group for a specialized piece of software, and the company knows that if I'm not happy, most of their customer base is gonna hear about it. There's incentive for them to get it fixed. There's zero incentive for an OS person to fix your problem.

Re:Read your EULA please.

Right, because it becomes incumbent upon you to fix any problems you encounter.
Otherwise, you're not part of the Free Software community, now are you?

Re:Read your EULA please.

[morelife]

You are, loudly, shooting yourself in the foot.

If you had a critical software problem, and you told the vendor you "won't buy another piece of software from them" you know what you still have?

Your same broken ass software, and a worse relationship with your vendor.

Read your EULAs, ask your lawyer about them, and then go do a little research on the reliability and fix times for problems in BIND, Postfix, Apache, OpenSSL/SSH, etc etc etc.

You'll find that you're better off in many cases with OSS, with many less dollars lost.

Re:Read your EULA please.

[vena]

of course you can also rely on the very catty nature of the OSS community. post to usenet the problem, how to repeat it, that the maintainers refuse to acknowledge it, and if it's at all important it'll make headlines on every geek blog around.

Re:Read your EULA please.

[killjoe]

Yes tell MS you'll never buy anything from them again. I hope you don't hear the snickers coming in when the tech yells that out in the helpdesk room and everybody starts cracking up.

Re:Read your EULA please.

[caluml]

At the very least, you can tell a company that if it doesn't get fixed, you won't buy another piece of software from them

Isn't it a bit late by then?

Re:Read your EULA please.

[Tony-A]

You'll find that you're better off in many cases with OSS, with many less dollars lost.
Yes, but how does megacorp have its cake and eat it too? How does megacorp take advantage of the inherent efficiencies of OSS? OSS can be had cheap, very cheap, but the real advantage is on the high end.

You've paid good money for whatever. That entitles your manager to call your salesman's manager and give him/her an earful. Not that it will do a lot of good, but at least it's something. The vendor has certain responsibilities whether the vendor likes it or not. These responsibilities are tied to the money paid and in reality override whatever legalese is in the EULA or whatever. Satisfied customers are your best salesmen. Dissatisfied customers do not tend to keep it to themselves. It takes something like ten satisfied customers to balance one dissatisfied customer. A very dissatisfied customer, or a dissatisfied prominent customer carries a lot of clout. "Never buy another piece of software" is explicit only at the very end of a nasty downhill slide.

Corporations, businesses, most of us really, like to feel in control. With OSS, the developer(s)/maintainer(s) are very much in control and are subject only to their own whims. They have no requirement to be reasonable by anyone's standard of reasonableness. (I did not say anyone else's. Intentionally.) By buying foo, by whatever name they choose to call it, corporations buy a sense of control and help ensure the viability of something they depend on. I'd also suspect that corporations have a moral sense that freeloading is not a viable long-term plan.

Re:Read your EULA please.

[Etyenne]

At the very least, you can tell a company that if it doesn't get fixed, you won't buy another piece of software from them, and neither will anybody else you know.

I'll tell that to Microsoft next time I have a bug with any of their software.

Re:Read your EULA please.

[Lochin+Rabbar]

I'd also suspect that corporations have a moral sense that freeloading is not a viable long-term plan.

Thankyou for your unique perspective of corporate morality.

Re:Read your EULA please.

[ManxStef]

That's a good point there. An oft quoted "rule" of business is that it's much easier to hold on to existing customers than get new ones, and that when you piss off a customer they tell, on average, 8 other companies/people not to buy your product. (Of course this varies wildly across the vastness of business and products but the principle is the same.)

So when you tell a company that if they don't fix their product you won't buy another bit of software off them (and will tell all your friends), if they have any sort of competent management they'll damn well pull out some stops to get it sorted. Otherwise they know they'll be shooting themselves in the foot with regards to future sales and their reputation with other existing customers.

Open Source, on the other hand to what you said, doesn't *always* tell you to fuck off. In fact, a good percentage of the time the maintainers will actually get it fixed faster than their closed-source counterparts. But this in itself highlights the problem - what it comes down to is accountability and the unknown.

With commercial software you've got a known comeback. With open source you may *or may not* have any, depending on luck, prior research, who (if anybody) is maintaining the code, etc. - all unknowns. Management *hate* unknowns, so having a commercial support channel and therefore filling the void with a known trail of accountability, is *essential* for wide-scale adoption and a massively good thing for Open Source software in general.

You know what?

[Neil+Blender]

I really dig them root name servers.

Re:You know what?

[Ifni]

Bah, and me without moderation points - +1 funny for sure!

Good move...

[Trolling4Dollars]

...in way. At least it keeps the crappy proprietary DNS products from infiltrating the net to an extent. Since the asshat suits who think it's better to have commercial support for something are wailing about thi issue, at least it's addressed now. They can go sit and spin.

hilarious

[Tumbleweed]

All of a sudden, that commercial comes to mind, "The _stapler's_ down! The _stapler's_ DOWN!"

They'd best make sure they have a support contract for their staplers. And for their pens & pencils, etc. Critical items, all.

Maybe this explains why it's so expensive to do business here, and jobs have to be shifted overseas. Then we can get our stapler support from India!

Symmetry. I like it.

Re:hilarious

[T-Ranger]

Ship your bulk paper to India where a Profesional Stapler can bind them for $5 a day.

Re:He's bona fide. What are you?

This is the best comment I have ever seen. EVER.

Re:Who needs competent sysadmins?

[rblum]

Don't you think there's the remote possibility that people who work on the same code base all the time know it better than your programmers/sysadmins, who have tons of other things to do?

NOT "Time for net admins to update"

[strabo]

I really hope that most net admins know better than to update until after the beta is over, and the release version comes out.

BIND 9.3.0 is not released yet. It is at beta 2, which was released two days ago.

Re:NOT "Time for net admins to update"

You mean after they have tested BIND to be stable and working in their environment.

A "stable" / non-beta release does not automatically mean it is working in YOUR system.

Re:NOT "Time for net admins to update"

[darthcamaro]

Umm it's pretty darn stable - i think that's why the ISC made the public press release . A BIND release candidate from the ISC is more mature than 98% of all proprietary shrink wrapped software that you gotta pay for. I'm running it just fine, thank you very much and it kicks ass.

Re:NOT "Time for net admins to update"

[darthcamaro]

i'm a lugnut sorry - wrong link in the previous post the correct isc link is http://www.isc.org/about/press/?pr=2004042000
guess that's why you're supposed the preview and test your links right? aaaugh that's gotta be a karma killer

Hope they don't go the way of redhat.

[matth]

Hope they don't go the way of redhat, as some others have said.. otherwise we'll be in a very large bind.... ha ha ahem..

Suprised by opportunity

[Sloppy]

If you are running any kind of critical operation, support has to be guaranteed. And in our capitalist world, that means paying for it. No matter how good it is, free software has no guarantees whatsoever.

Free software has whatever guarantee the vendor wants to sell with it -- and the vendor can be anyone! You just happening to be thinking of the case that most of of nerds are in, where we use the software without there being any vendor at all. Thus, there's no guarantee. But it doesn't have to be that way.

This doesn't so much look like a disadvantage for free software, as it looks like a really easy and cushy business opportunity for some laid-off programmers and sysadmins. Some company wants BIND with support? Then be the guy who sells BIND to them. Get paid $n/month to do almost nothing. Compete with Paul Vixie, selling his own software.

It looks like Paul's problem, is that nobody else wanted the money, so he was forced into taking it himself. Life's a bitch.

IDN internationalization support?

OK, when will this be supported in BIND without patching?

This is something that will need to be included by default if we want IDN support to grow beyond the few sites that has it today.

Wait till the next exploit,,,BIND is hard to setup

Bind actually is decent. Setting it up however in a trouble-free manner that doesn't give you a headache, or cause problems for others on the Internet, is hard.

BTW How do you get Squid to use Bind for DNS?

How the BIND company makes money

[amacleod98]

D. J. Bernstein has a few things to say about this Also see here And here

Re:How the BIND company makes money

DJB might be all cool and not corrupt like bind, but why does DJB insist on enviroment variables to run? Hasn't the guy ever heard of a conf file?

Re:How the BIND company makes money

Why write a function to parse a config file if your app only has a few settings and you can just use getenv()? Besides, you can easily set options by just typing echo newsetting > /service/dnscache/env/SETTINGNAME, no text editor required.

Re:How the BIND company makes money

[wobblie]

Bernstein is a certifiable loon. He regularly flames people on the bind9-users list, and if there was any doubt that he is a complete DWEEB, read this. He goes to St Petersburg and complains about the hotel and eats at Burger King. Whatever. The guy is a nut. A smart nut, but a nut.

His software also has onerous restrictions on it, and djbdns does not support as many record types and such as bind does. His rantings about bind are full tilt hysterical conspiracy theory level paranoia.

Re:How the BIND company makes money

God, I am glad someone posted this.
When I read:

"In other words we were told that having the best software wasn't good enough"

I almost choked on my drink. BIND's track record ranks right up there with sendmail, and the mono-culture in DNS has unnecessarily complicated the protocol.

I for one am glad they are moving in a money-grubbing direction, since maybe some will start to shy away from the ISC and their terribly insecure software.

Re:How the BIND company makes money

Ad hominem. Please try again.

Re:How the BIND company makes money

[lussmu]

Yeah, and he's right, we need a good alternative to BIND. Too bad djbdns is just Bernstein's tool for trying to shape the Internet to his liking.

It isn't RFC-compliant and DJB takes the typical attitude of the cocky security programmer. For instance, he doesn't really care about implementing such unnecessary protocol add-ons as notify or ixfr, but advocates rsync - with a straight face.

Re:How the BIND company makes money

[Russ+Nelson]

Interesting. The onerous restrictions that you complain about are simply because djb can write secure software AND YOU (probably) CAN'T. He doesn't want you fucking up the security of his software.

djbdns supports every record type, because you can write a pre-processor for the 'data' file which creates any damn record you want. And tinydns will happily serve it up.

Any other "facts" you want to present?

Re:How the BIND company makes money

[Russ+Nelson]

Isn't RFC-compliant? What parts that tinydns and dnscache don't implement do you really need? DNSSEC? DNSSEC doesn't work. Why implement something whose design is broken? For that matter, zone transfers are broken. The only reason I use zone transfers on my tinydns server is because I have to secondary BIND zones, and my secondary server runs BIND (heterogenous services).

What's wrong with rsync?
-russ

Re:How the BIND company makes money

[wobblie]

No, he is meglomaniacal, and a cursory reading of the material on his website is demonstrative enough of his hysteria.

His software could comply with the FHS, but he wants his own /djbdns and /svc and all sort of other crap because he is a fucking freak. he regularly used to post to the bind9-users list accusing the bind developers of trying to ruin his reputation, which is ridiculous.

I've run bind for years and never had a security problem, thanks.

Re:How the BIND company makes money

but advocates rsync [cr.yp.to] - with a straight face.

What's better: using a known quantity like rsync or making up your own way of transfering what's really a text file around?

Keep in mind that whenever one makes up their own protocol for transferring data there's always going to be security holes and the like. I think its best to stick with SSH and RSYNC for this purpose.

Re:How the BIND company makes money

[D.+J.+Bernstein]

``He goes to St Petersburg and complains about the hotel''---C'mon, that's hardly a fair summary. You could at least mention the part where they pumped poison gas into my hotel room.

EGO

[mgkimsal2]

That's the primary thing that keeps many OS people going. I ain't saying it's much, but it's there quite often. :)

Re:EGO

[warpSpeed]

It might be partly ego, but that ego is derived from good software craftsmanship. Praise and recognition from thier programming peers is what keeps many of the Open Source projects going. Doing something worth while with thier skill is another. If they write good code it is recognized and admired by the community of thier peers. Not to mention the warm fuzzy you get from contributing back to the community.

Not everyone is in it for the EGO rush, they like doing good things, and some like the recognition.

Re:Who needs competent sysadmins?

[GypC]

Awww, don't get you panties in a wad. I was just going for some "Funny" karma.

This is a simple reality in corporate use-Priority

"If you charge $500 per year for support, 100 customers makes for a tidy income. And, honestly, most midsize corporations wouldn't even blink at $500 per year for support on something that goes on a server, unless it was in astonishment at how cheap it was."

Are these the same corporations that blink when it comes to keeping jobs in the US? Are these the same corporations that overwork their employees, and manipulate overtime rules? It's nice to know corporations have their priorities straight. Throw money at a nonproblem, or withhold money and create a problem.

Re:Who needs competent sysadmins?

[matuscak]

Sure. But in the case of the commercial software support I get to deal with, the people that answer the phone call are almost always clueless drones. OTOH, when I've posted questions about open source software, a good chunk of the time the answer comes from the person that wrote it.

Re:Java / .NET / Strict OOP

[s0m3body]

the nice thing about this is, that you don't need to leave 'free' world in order to start selling it

as you have mentioned that guy offering free hamburgers, you could take 10 hamburgers from him and start selling them behind the corner

and what's even nicer, as long as you don't claim these hams to be your work, and you are willing to tell your customers how they (hamburgers) can be made, the guy won't be angry !

i can sell you the leading web server technology -> apache cd -> for 500 eur if you want
and that's not all, i will give you the source code as well ! as a bonus, for free !

compare that to IIS !!!

Well, that's convenient...

[Angst+Badger]

In other words we were told that having the best software wasn't good enough [...]

That works out well, because BIND isn't anywhere near the best software, at least not for name serving. It is, however, an exceedingly reliable source of serious vulnerabilities, and considering how relatively simple DNS is, that's a monumental achievement in its own right.

Re:Well, that's convenient...

[dmiller]

Rubbish - please name a "serious vulnerability" for Bind 9?

Re:Well, that's convenient...

[Vainglorious+Coward]

please name a "serious vulnerability" for Bind 9

The ISC website lists the DoS_findtype bug, in all BIND versions prior to 9.2.1, and rates it "SERIOUS".

Re:This is a simple reality in corporate use-Prior

Support cost: $500/year
Employee salary: $50 000/year

So for one less employee hired, the company can pay for 100 support contracts, effectively hiring 100 people to fix critital things. I'd say that's a deal.

Support? why?

[blanks]

Isn't this why companies will pay so much money for IT that know what their doing. If your paying for the best of the best, support should not be a high priority. If you have to use lower quality products just for support, then someone in the chain of command shouldn't have a job.

Shouldn't trust mum's cooking then ...

[anti-NAT]

Or how about when you go around to a new colleages house for a BBQ, to get to know them. Do you eat the free food there ?

Or go to a party where everybody has to bring food or drinks. Do you eat the free food there ? Would you be offended if other people don't eat the free food that you brought ? If they don't, aren't they saying that you are untrustworthy ?

Free doesn't mean you can't trust something.

You are overlooking social and reputational consequences of providing something at no cost that has intrinsic value. I know you know about this idea, as you posted your own example earlier. In your case, it was software you paid money for. You still threaten social and reputational consequences if the product fails, which for a commercial company has financial consquences. For people who provide software for free, social and reputational consequences are far more costly, as the only increase in value they get from providing the software for free are social and reputational.

In fact, this is one of the fundamental truths of The Cluetrain Manifesto. The Internet provides the ability for social and reputational consquences to travel much further and much faster, which increase the impact of those consequences.

I'm sure if BIND wasn't good enough, the readership of Slashdot would know about it pretty quickly. We already know when an exploitable bug is discovered, the day it is discovered. That is likely to be one of the major origins of negative comments about BIND in Slashdot forums. The Slashdot community is a large technical community, who usually are in positions to select one DNS server implementation over another.

If ISC care about their social position within the Internet community (I'm sure they do), and want to avoid reputational consquences when they can't be relied upon (I'm sure they do), they can either try to out market the negative messages, or try to do the right job. It is almost a sport for techos to spot marketroids, so I'm confident they will try to do the right job.

Commercial Support!

[fazookus]

Oh, great, this is marketing at it's worst. I suppose we're going to have to sit through a commercial every time we type in a URL!?!?!

Somebody outta do something.

Faz

BIND, Security, and You.

[EmCeeHawking]

Taco:

I trust you already have the Slashdot article entitled "Vulnerability found in BIND 9.3" queued up for Saturday, right ?

Re:This is a simple reality in corporate use-Prior

"Throw money at a nonproblem, or withhold money and create a problem."

Yeah, that's pretty much how it works.. Amazing so many have stayed in business.

http://www.ntcanuck.com/

[rs79]

They even squished the bugs. Slick stuff.

Poeple still use bind?

[rs79]

Ewwwwwww. As for Vixie calling it "the best software" he should try DJBDNS.

Bind is utter crap. As reliable as Windows-ME with all the easy of use of UNIX System V.

Re:Who needs competent sysadmins?

Well, let me put this as an example...

Place I went to recently for a "day fix" sort of job had recently replaced their old AIX server with a brand new happy Linux server from a big company, complete with service agreements.

It was doing simple stuff, (vs)FTP and CUPS, straight from the standard vendor distribution (RedHat, if you must know)... and it was falling over and dying with both every 6 hours maximum.

Now, this was a manufacturing company with little IT staff, less Unix experience, and no Linux experience at all.

Did it matter to them one bit that "hey, the code is there, you can fix it yourself, or there are hundreds of dudes on the web in chatrooms who can fix the stuff?" No, they didn't even know what questions to ask.

No, what mattered to them was that they could call their VAR, tell them "have someone here pronto at 6:30AM Monday morning to stay on site until the problem is fixed." In essence, they needed having the ability to make it S.E.P. (someone else's problem.)

Sure, the fix in this case was going with a slightly more stable FTP server, and fixing a few bonehead configuration mistakes that the installer made in setting up CUPS, and us discovering and implementing these fixes was tied completely to using OSS software and resources, but that wasn't what THEY needed to know.

This, in essence, is why service contracts are important to businesses, and those of you poopooing them in here, and saying "what a bunch of morons" are going to get hit with a clue by four with a pink slip nailed to it someday if that continues to be your attitude.

Not that they will do the right job, necessarily,

[anti-NAT]

which is why I don't use BIND anyway.

Just pre-empting anybody who suggests I'm a BIND undercover agent.

baffled by obsession with "official" support

[Bob+the+Hamster]

I work in IT for an aerospace manufacturer, and I am baffled by other company's obsession with commercial support. I feel lucky to work for an employer who isn't a stickler for it.

By far the best support I get is from newsgroups, mailing list archives, or simple RTFM'ing

A company with a boiler-room full of telephone techs simply isn't capable of providing better support than the support that the open source community already puts at my fingertips.

Re:baffled by obsession with "official" support

[MikeBabcock]

There are times when I need corporate support of some form, but it is rare. And in those instances, I find who to call and I call and I pay an incident fee and get over it.

I've payed for support for HylaFax for example (excellent faxing solution) and in turn they linked me up with the programmers who handle the firmware for my Multitech modems. They were willing to log into the server by SSH and fix the problems hands-on if necessary.

That said, simply offering support contracts isn't the same as actually providing decent support for a product.

I think this is a great move!

[dawg+ball]

It is unfortunately true that in many corporate environments, support for various software is an essential requirement. I know how frustrating this can be as I deal with "suits" making IT decisions every day of my life. For many of them, the fact that the software is fantastic AND free just isn't good enough. I suppose their insecurities lie in the fact that many of the "decision making suits" that hold the purse-strings of IT have a bean-counting background and actually shouldn't be making IT decisions at all.

Comment removed

[account_deleted]

Comment removed based on user account deletion

BIND means...

[schabi]

BIND means "Bugs Integrated Name Server" - so let's hope that this version has less holes compared to the predecessors.

Re:BIND means...

[The+Angry+Mick]

Funny, I always heard it was "BIND Is Never Done".

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Wait till the next exploit,,,BIND is hard to se

"BTW How do you get Squid to use Bind for DNS?"

You set /etc/resolv.conf accordingly.

Re:Java / .NET / Strict OOP

[Tony-A]

What you're selling is your phone number. RTFM doesn't do the customer any good if the customer doesn't know what a FM is, or even WHICH FM to R. Even if most of the customers can do it all themselves, it's nice to have that phone number in case of emergencies.

Re:Wait till the next exploit,,,BIND is hard to se

I've set bind up as a caching DNS server. then in resolv.conf I dumped my local ip address. There are some good howto's on setting up a caching dns server using bind

all open-source software should do this

[Sivaram_Velauthapill]

I think if open-source software is to gain popularity (particularly in the enterprise environment), they must all provide corporate support.

Regardless of what you think, corporations are all about minimizing risk and shifting blame onto someone else. Having a support contract is almost a minimum at many large corporations. If there is a problem, management would like to have the confidence that some specialist outside the organization will be helping--or more likely, blamed for the problems. It is much easier for management to blame another company than themselves. Which seems more easy to defend:
"hmm... my team is working as much as they can on it. It'll be resolved soon"

OR

"The problem is being dealt with. Our vendor (insert name; say Novell) is providing a resolution."

Sivaram Velauthapillai

Re:all open-source software should do this

[ChoyLeeFut]

Okay, I'll play along and test your silly straw man argument.

Let's shift focus to the vendor (insert name; say Novell) and see which argument is easier to defend: 1) (After escalating past the phone drones): "hmm... my team is working as much as they can on it. It'll be resolved soon, after we RTFM, dredge through the Internet, and otherwise play the role of a savvy sysadmin."

OR

2) "The problem is being dealt with. Our vendor... oh wait, do we have a vendor we can delegate this problem to?"

You see, the buck has to stop somewhere. Granted, if all the company has is a trained monkey for a sysadmin, then buying support and passing the buck makes perfect sense.

But if the company is already paying serious scratch for a (team of) seasoned sysadmins, then why fork over even more cash?

I've had the pleasure of working with experienced sysadmins who know the drill and can resolve problems more quickly than the vendor. I myself have figured things out where the vendor was flailing. Food for thought.

Re:all open-source software should do this

[Sivaram_Velauthapill]

This isn't as silly as it seems; it's standard corporate behaviour.

The flaw that you fail to realize rests with your 'seasoned admin' vs 'trained money' distinction. Most corporations, let alone management, can't tell the difference. Furthermore, the vast majority of employees in any field are more closer to 'trained monkey' than 'seasoned admin' category--this goes for any job in any field.

In addition, certain businesses do not have the expertise. The modern trend is to outsource everything and only worry about your core competence. In such a case, you cannot expect your employees to be able to solve things as easily as the vendor.

I've had the pleasure of working with experienced sysadmins who know the drill and can resolve problems more quickly than the vendor. I myself have figured things out where the vendor was flailing.

That doesn't mean anything. If anything, that's what corporations expect of their employees. Obviously your first approach is to attempt to solve it with internal resources (i.e. company people). The vendor should only be contacted as a last resort. The employees should try their best to resolve problems, and often they themselves can solve it quicker than an external entity. However, having a support contract mitigates risk. It's all about risk.

Sivaram Velauthapillai

Re:all open-source software should do this

[ChoyLeeFut]

And risk can be measured in downtime.

One company I worked for about 10 years ago, one of the developers posted a question to Usenet, and had his answer in 45 minutes. It was his educated opinion that had he gone to Sun with the same question, first he would have had to deal with the phone drones and their canned list of questions, before eventually getting through to the people who he knew could really answer the question, and guesstimated that resolution path at hours, not minutes. 45 minutes vs. a few hours. You be the judge.

Having said that, I'm all for getting support from closed-source solutions such as the Veritas product line. But trying to compare BIND (open-source, many many years, many platforms, comparatively smaller code base, etc) to, say, Veritas Volume Manager (closed-source, not as many years, not as many platforms) is like comparing apples to pianos: sure, they both come from trees, but that's where the similarity ends.

If the goal of purchasing support is for the placebo effect, then by all means, ante up.

Still not convinced? Then why not a support contract for every daemon that runs on the server (eg, sendmail, ntpd, (x)inetd, NFS, etc)? Every instance of awk, grep, sed, etc? After all, why take a chance that any one of these is anything less than perfect?

ObSig: A fool and his money are soon parted.

Re:all open-source software should do this

[Sivaram_Velauthapill]

One company I worked for about 10 years ago, one of the developers posted a question to Usenet, and had his answer in 45 minutes. It was his educated opinion that had he gone to Sun with the same question, first he would have had to deal with the phone drones and their canned list of questions, before eventually getting through to the people who he knew could really answer the question, and guesstimated that resolution path at hours, not minutes. 45 minutes vs. a few hours. You be the judge.

I don't think purchasing support should preclude what you are saying. Clearly if someone was hired by a corporation, they should do the best that they can--which might include checking out the web, and so forth.

Then why not a support contract for every daemon that runs on the server (eg, sendmail, ntpd, (x)inetd, NFS, etc)? Every instance of awk, grep, sed, etc? After all, why take a chance that any one of these is anything less than perfect?

I don't think things like awk, grep, etc need support since they are just tools and hardly ever change. These are more like command line tools than complicated software (although you CAN do some complicated stuff with it I suppose). Things like postfix, xinetd, Samba, etc probably do need commercial support. I'm pretty sure the lack of enterprise adoption is partly related to the lack of commercial support.

Sivaram Velauthapillai

Re:Who needs competent sysadmins?

[GypC]

Exactly... they didn't need a competent sysadmin, they just had to do without until the cavalry arrived. That way, the IT department doesn't actually have to learn a whole lot about computers, they can just be glorified hardware techies that hire their buddies for good jobs, and pay vendors out the nose for tools and services they should be able to script or figure out themselves.

get rid of it

"Time for net admins to update BIND", install djbdns. Geez people move on... BIND and sendmail
must die...

No Guarantees

[The+Angry+Mick]

free software has no guarantees whatsoever

Read a EULA recently? Neither does a whole lot of non-free software.

Bind Holes

[CalsailX]

Seem's every time there's a story about Bind the security fud flies. Well guess what ISC has been saying for years Don't use Bind 4, and Bind 8 has problems that can't be addressed without a major code rewrite, but people being what they are you'll find them both in use.

The guys running Bind 8 drag thier feet at upgrading because they know Bind 9 will refuse to load thier borked up Bind 8 zone files. Then they scream like hell, when there is yet another hole found in Bind 8 code.

Sorry no pity here, any one using the old releases should have moved to 9 long ago, and now that there is support they can buy into I'm sure they can hire someone to convert their zone files to conform to Bind 9. Last excuse for running a Bind 8 server is gone.

I do it too

[rs79]

I have dnscache (2 of them actually), tinydns and bind on the same machine.

Bind will be outta here by year end. It's nothing but trouble.

Test post, ignore

[dbarclay10]

This is a test post. MY GOD DON'T READ IT! :)

Extra characters inserted for lame filter:

asldkfja slfkj asldkjf asldk jfasljfd alsjfd laskjdflaks djfaslk jfdalskjf