I am one of your support customers. Thing is, I'm not comfortable saying much else because we were told the 10th was the magic day, and it leaked 2 days early. To be clear, the patched BIND worked the way it's supposed to, and I'm sure it's going to work fine for most customers. With the news that you have patched versions that address the issues with heavily taxed servers, probably almost all of them. We jumped the gun because that's what we do. : ) And I'm sorry I was critical on BIND. It is still the industry standard, and the original daemon that made it possible to get rid of enormous host files. There's a degree of comfort in running *the* DNS daemon, and we were doing it even though my organization is decidedly anti opensource. That speaks volumes.
We've known about it for a while. Certain providers were contact about it a while ago. Any other information is confidential, as I said, not my call. We were seeing QPS start out at 5,000ish then drop to 3,000ish during our testing. With the 30ish days we had to react, the path of least resistance was replacement. The only version we were given to play with was 9.5.0rc1, which was three weeks ago. Understand that all this was driven by Microsoft saying they were going to spill the beans on a certain date. So your "now" wasn't good enough to meet our deadline. I'm not a huge fan of replacing production services that are "working fine", and BIND was performing adequately for us before we got the word on this vulnerability from one of our vendors. At this point, we are "BINDless" though, and the mountains we had to move will probably not be moving back.
It depends on your operational requirements. The only real barrier to djbdns is whether or not your organization is ok with:
a) No commercial support b) Your precompiled package that you made
Mine is not ok with either of those. I could probably make the argument that the djb code is so clean it hasn't had to be altered in, my God, has it really been 7 years? Either way, if you were to do some reason into similar client/server solutions where they are separate services, you'll find several that are very viable and not too expensive. PowerDNS has commercial support available, and I've never heard anything bad about it. However, I've never benchmarked it either so I have no idea what kind of QPS you'd see. I'd be amazed if it is worse than BIND.
I can remember people saying how ipv6 would be crucial in 5 years, ten years ago. Either way, If I'm not mistaken Fefe did a diff for AAAA's. I'd have to look.
Oh, and despite the Ron Paulesque nature of the DJB fanbase, I'd still recommend the djbdns suite as the best free solution. I can think of a little ISP in Iowa that I set up with djbdns that has to be happy they don't have to do a thing right now.
I help admin one of the larger DNS systems (90,000+ zones) and our initial testing of the patched BIND showed it having half the performance of prior versions. That prompted us to very quickly replace all BIND caching servers with something else. We had already replaced authoritative services with something else because of BIND's lackluster performance. 3+ hours to load zones on reboot is quite frankly ridiculous. We really had no choice. Microsoft said they were going to open their mouths on a certain date, and we had a massive time crunch. We can't be the only company that simply had to ditch BIND. And I can't say I'm sorry to see it go. I'm sure mister Vixie is a great guy, but his domain name service is, and always has been complete garbage.
I used to have a typing teacher that would smack your fingers with a ruler. I told her not to smack my hands with the ruler. So she went out of her way to try to do it. Most of the time I got my hands out of the way fast enough that she'd smack the keyboard instead and get all pissed. She finally lost it when she went to smack my hands, hit the keyboard, I busted up laughing, and she hit me over the head. So I took the ruler, broke it in half, and threw it in trashcan. I got suspended for 3 days even after she admitted she hit me over the head with the ruler. So I went to the county, filed assault charges, dropped her class and went on with my life. The school board apologised later, and she got fired for drinking on the job about 3 months after that. They still eventually charged me for the cost to replace the ruler.
It already hit hard over fifteen years ago. Mac OSX is based on UNIX. UNIX had its security crisis a long time ago. That's why Mac OSX is more stable, and less vulnerable to attacks that take advantage of ownership and permissions problems that are par for course in microsoft operating systems.
Good point. I know I'm getting bored. I installed Gentoo once over two years ago, spend two freaking weeks configuring it, and haven't had a problem since. Perhaps I could recapture the unstable glory days of Linux by installing unstable Debian.
If IBM was smart.... They'd avoid what appears to be a deliberate attempt to test the GPL in court. As ackbar would say, IT'S A TRAP. I think at this point it's just a matter of finding the microsoft link to CherryOS.
Any tard who plugs ANY machine into a DSL/Cablemodem/Broadband connection with no protection gets every virus, trojan and bit of spyware they deserve.
Congrats. You've just described at least 95 percent of all Windows users. Perhaps they'd be better suited with something better designed, and easier to maintain. Like a Mac for example.
Sure. Until I want to run PowerPath software from EMC. Oh? Not supported by Gentoo or Debian? Ok, how about Polyserve Matrix? Oh? Not supported by Gentoo or Debian? Ok, how about Plesk. Oh? Not supported by Gentoo or Debian?
See where this is leading? Sometimes it's a hell of a lot cheaper to just buy a solution instead of developing one in house. For those situations, you want RHEL, or SuSe. So sorry. Thank you for playing.
That's what we play. We haven't played a cooperative game yet. It's always versus. She kicks my ass at mortal kombat also. I rock the racing games, she rocks the fighting games. Then our daughter wants attention and interrupts the game.
Portage: rsync emerge make.conf USE flags ebuilds qpkg
Two distinctly different ways to approach a source compiled package management system. Of course, if you knew what you were talking about you'd know that already and I wouldn't have to explain. You really should give FreeBSD a try instead of playing expert.
I don't know if that's what he wants, but that's what he'll get.
Sorry classic Mac users. Mac OS is ours now.
on
Running Mac OS X Panther
·
· Score: 3, Interesting
And I truly mean it. There has been so much influence from the FOSS, OSS, OSC, CIAFBINAACPHPGPG13, etc and so many features have been added that cater to my kind of work that it's not surprise that the powerbook count has been steadily rising at meetings and conferences. We had one guy left in our department that stubbornly refused to stop developing perl on his winXP laptop. We let him borrow a 12" powerbook for the weekend and he still has it. His winXP laptop is a place to sit one of those obnoxiously large-bottomed coffee pot/cups. XCode is fun stuff to play with. It was so fun we've ended up using Mac OS X for some small kiosk based products. So far we've purchased 5 Xserve RAID's for storage when we need something cheap and autonomous. They've been cheap as sin and rock solid reliable. Ich bein Impressed! (lame sealab reference) We probably aren't going to be using it for servers anytime soon. We have a pretty entrenched RHES 3.0 install and have just started to see the light at the end of the tunnel with the package management hell that naturally arises when you have UTF8 compatibility issues with Perl, a need for a version of aspell that isn't 3 fucking years old, or the ability to make a ton of custom rpm's for various things (ldap integration, sendmail customizations, etc) and not cause dependancy breakage hell.
Slashdot Mirror
I am one of your support customers. Thing is, I'm not comfortable saying much else because we were told the 10th was the magic day, and it leaked 2 days early. To be clear, the patched BIND worked the way it's supposed to, and I'm sure it's going to work fine for most customers. With the news that you have patched versions that address the issues with heavily taxed servers, probably almost all of them. We jumped the gun because that's what we do. : ) And I'm sorry I was critical on BIND. It is still the industry standard, and the original daemon that made it possible to get rid of enormous host files. There's a degree of comfort in running *the* DNS daemon, and we were doing it even though my organization is decidedly anti opensource. That speaks volumes.
We've known about it for a while. Certain providers were contact about it a while ago. Any other information is confidential, as I said, not my call. We were seeing QPS start out at 5,000ish then drop to 3,000ish during our testing. With the 30ish days we had to react, the path of least resistance was replacement. The only version we were given to play with was 9.5.0rc1, which was three weeks ago. Understand that all this was driven by Microsoft saying they were going to spill the beans on a certain date. So your "now" wasn't good enough to meet our deadline. I'm not a huge fan of replacing production services that are "working fine", and BIND was performing adequately for us before we got the word on this vulnerability from one of our vendors. At this point, we are "BINDless" though, and the mountains we had to move will probably not be moving back.
It depends on your operational requirements. The only real barrier to djbdns is whether or not your organization is ok with:
a) No commercial support
b) Your precompiled package that you made
Mine is not ok with either of those. I could probably make the argument that the djb code is so clean it hasn't had to be altered in, my God, has it really been 7 years? Either way, if you were to do some reason into similar client/server solutions where they are separate services, you'll find several that are very viable and not too expensive. PowerDNS has commercial support available, and I've never heard anything bad about it. However, I've never benchmarked it either so I have no idea what kind of QPS you'd see. I'd be amazed if it is worse than BIND.
I can remember people saying how ipv6 would be crucial in 5 years, ten years ago. Either way, If I'm not mistaken Fefe did a diff for AAAA's. I'd have to look.
Oh, and despite the Ron Paulesque nature of the DJB fanbase, I'd still recommend the djbdns suite as the best free solution. I can think of a little ISP in Iowa that I set up with djbdns that has to be happy they don't have to do a thing right now.
Confidential.
Not my idea. I think security through obscurity is stupid, but I walk the line. Needless to say, it is a somewhat expensive vendor provided solution.
I help admin one of the larger DNS systems (90,000+ zones) and our initial testing of the patched BIND showed it having half the performance of prior versions. That prompted us to very quickly replace all BIND caching servers with something else. We had already replaced authoritative services with something else because of BIND's lackluster performance. 3+ hours to load zones on reboot is quite frankly ridiculous. We really had no choice. Microsoft said they were going to open their mouths on a certain date, and we had a massive time crunch. We can't be the only company that simply had to ditch BIND. And I can't say I'm sorry to see it go. I'm sure mister Vixie is a great guy, but his domain name service is, and always has been complete garbage.
I used to have a typing teacher that would smack your fingers with a ruler. I told her not to smack my hands with the ruler. So she went out of her way to try to do it. Most of the time I got my hands out of the way fast enough that she'd smack the keyboard instead and get all pissed. She finally lost it when she went to smack my hands, hit the keyboard, I busted up laughing, and she hit me over the head. So I took the ruler, broke it in half, and threw it in trashcan. I got suspended for 3 days even after she admitted she hit me over the head with the ruler. So I went to the county, filed assault charges, dropped her class and went on with my life. The school board apologised later, and she got fired for drinking on the job about 3 months after that. They still eventually charged me for the cost to replace the ruler.
It will hit us, it will hit us hard.
It already hit hard over fifteen years ago. Mac OSX is based on UNIX. UNIX had its security crisis a long time ago. That's why Mac OSX is more stable, and less vulnerable to attacks that take advantage of ownership and permissions problems that are par for course in microsoft operating systems.
Good point. I know I'm getting bored. I installed Gentoo once over two years ago, spend two freaking weeks configuring it, and haven't had a problem since. Perhaps I could recapture the unstable glory days of Linux by installing unstable Debian.
Put cameras on the ceiling and paint big orange numbers on top of the forklifts.
I notice no AOL on this list. The single largest provider of drone machines for botnets. You'd think they'd want in on something like this.
Tinfoil hat time!
If IBM was smart....
They'd avoid what appears to be a deliberate attempt to test the GPL in court. As ackbar would say, IT'S A TRAP. I think at this point it's just a matter of finding the microsoft link to CherryOS.
Any tard who plugs ANY machine into a DSL/Cablemodem/Broadband connection with no protection gets every virus, trojan and bit of spyware they deserve.
Congrats. You've just described at least 95 percent of all Windows users. Perhaps they'd be better suited with something better designed, and easier to maintain. Like a Mac for example.
Sure. Until I want to run PowerPath software from EMC. Oh? Not supported by Gentoo or Debian? Ok, how about Polyserve Matrix? Oh? Not supported by Gentoo or Debian? Ok, how about Plesk. Oh? Not supported by Gentoo or Debian?
See where this is leading? Sometimes it's a hell of a lot cheaper to just buy a solution instead of developing one in house. For those situations, you want RHEL, or SuSe. So sorry. Thank you for playing.
When does the movie starring Ben Afflec come out?
That's what we play. We haven't played a cooperative game yet. It's always versus. She kicks my ass at mortal kombat also. I rock the racing games, she rocks the fighting games. Then our daughter wants attention and interrupts the game.
Oh, you've never been married.
This would make such an awesome episode of "Desparate Housewives". I'd be riveted to my seat.
For winning the poll on how long it would take, and 50 bucks.
Well M1FCJ, (since it's obvious)
_ delete
I guess I do have to explain.
Portage is a redo of FreeBSD ports. Not the other way around.
Ports:
cvs
cvsup
port-upgrade
pkg_info
pkg
pkg_install
make install clean, etc
supfiles
make.conf
backported security fixes
makefiles
Portage:
rsync
emerge
make.conf
USE flags
ebuilds
qpkg
Two distinctly different ways to approach a source compiled package management system. Of course, if you knew what you were talking about you'd know that already and I wouldn't have to explain. You really should give FreeBSD a try instead of playing expert.
FreeBSD's portage is not much different compared to Gentoo
I shouldn't have to explain what is inherantly wrong with this statement.
I completely agree with you, and I'm totally stealing this form. Rest assured, I'll probably never give you proper credit either. :)
I don't know if that's what he wants, but that's what he'll get.
And I truly mean it. There has been so much influence from the FOSS, OSS, OSC, CIAFBINAACPHPGPG13, etc and so many features have been added that cater to my kind of work that it's not surprise that the powerbook count has been steadily rising at meetings and conferences. We had one guy left in our department that stubbornly refused to stop developing perl on his winXP laptop. We let him borrow a 12" powerbook for the weekend and he still has it. His winXP laptop is a place to sit one of those obnoxiously large-bottomed coffee pot/cups. XCode is fun stuff to play with. It was so fun we've ended up using Mac OS X for some small kiosk based products. So far we've purchased 5 Xserve RAID's for storage when we need something cheap and autonomous. They've been cheap as sin and rock solid reliable. Ich bein Impressed! (lame sealab reference) We probably aren't going to be using it for servers anytime soon. We have a pretty entrenched RHES 3.0 install and have just started to see the light at the end of the tunnel with the package management hell that naturally arises when you have UTF8 compatibility issues with Perl, a need for a version of aspell that isn't 3 fucking years old, or the ability to make a ton of custom rpm's for various things (ldap integration, sendmail customizations, etc) and not cause dependancy breakage hell.