Already included. To repeat the relevant excerpt, for your convenience:
Proprietary packages include:
UltraDNS (UltraDNS Corporation)
djbdns/tinydns
ATLAS (Verisign)
BINDPlus (Information Network Eng. Group, Inc.)
Global Name Service (Nominum, Inc.)
NeDNS (Neteka, Inc.)
If people know of additional nameservers for Linux/*BSD, either open-source or proprietary, please e-mail me, and I'll be glad to add them to the list.
BTW, what alteratives to BIND exist for Linuxand *BSD? I actually don't know and would like to know.
There are now a number of alternative packages that may have advantages for many deployments. E.g.:
MaraDNS is a general-purpose, fast DNS server package (doing recursive, authoritative, and caching roles, plus fully supporting zone transfers): http://www.maradns.org/
pdnsd is a small caching-only DNS server with a disk-based cache, suitable for small networks and workstations: http://home.t-online.de/home/Moestl/
Dnsmasq is a small authoritative and caching DNS server for a group of NATted / IPmasqued machines (optionally pulling names from DHCP leases): http://www.thekelleys.org.uk/dnsmasq/
MyDNS is a MySQL-based authoritative and caching server (no recursive service) suitable for very large sites. In such roles, it's faster and more responsive than BIND9, even though the latter uses a RAM-based cache: http://mydns.bboy.net/
ldapdns implements the same idea, except out of an LDAP database. Again, much faster than BIND9: http://nimh.org/code/ldapdns/
PowerDNS (open source as of 2002-11-25) is an authoritative-only daemon with a modular structure supporting various back-end information stores such as SQL databases (MySQL, PostgreSQL, Oracle 8i, Oracle 9i, IBM DB2, and others via ODBC), BIND zonefiles and other file formats, and LDAP directories. Supports AXFR zone transfers. http://www.powerdns.com/products/powerdns/
CustomDNS is a authoritative-only daemon for both static addresses and its variant form of dynamic DNS: http://customdns.sourceforge.net/
lbnamed is a similar authoritative-only daemon for static and dynamic information, with a load-balancing multi-machine architecture: http://www.stanford.edu/~riepel/lbnamed/
Oak DNS Server is an authoritative and caching DNS server, supporting dynamic DNS updates and AAAA records. It's written in Python, and doesn't need to run privileged: http://www.digitallumber.com/oak
dnsjava is a minimal, authoritative-only server, a resolver library, and a set of DNS utilities, all written in Java: http://www.xbill.org/dnsjava/
Related:
FireDNS is a client library for DNS requests, with emphasis on speed and asynchronous processing. Written in C, and has low-timeout blocking functions. Can be used to relace standard libc resolver library functions like getbyhostname with much faster equivalent code: http://ares.penguinhosting.net/~ian/
The anonymous flamer who claims to be named "Chris" said:
Readers note that "rather light" is being used an extremely loose synonym for "nonexistent" in this context.
You seem to have miss the Mailman archive link I posted earlier to disprove your initial post's rather scurrilous factual claim. Whereupon, as mentioned, your story suddenly mutated. The rest of your stuff, by contrast, amounted to basically name-calling:
I appreciate all the efforts to maintain interest in this "noise" for this amount of time.
Which is, to be sure, a perfectly delightful way to characterise spurts of unilateral personal flamage posted from cover of anonymity. The reason I was saying it's probably a couple of bored teenagers in west Texas reflects no intent to malign the perfectly nice folk who live there, but rather difficulty otherwise imagining anywhere -- well -- dull enough to drive anyone to that kind of public misbehaviour. Apologies to any Lubbockites I might have inadvertantly offended.
An anonymous flamer claiming to be named "Chris" wrote:
His presence on the SVLUG list has been NULL....
It might well continue to be rather light, because I simply don't have time, as I'm busy with other affairs.
Anyhow: One can't notice (1) that you're changing your story between posts -- probably because your Google research was faulty? -- but also (2) that you've been the one posting abuse, noise, and uncouth behaviour. (And, for all I know, all of the AC flamers who've plagued this topic might well be the same pair of bored teenagers in west Texas. I hope for SVLUG's sake that that's so.) I honestly don't know what your problem is, but the irony's been pretty thick.
Yet another anonymous coward (this one claiming to be named "Chris") wrote:
SVLUG had enough of his abusive treatment of just about anyone on-list, and forced him to cease contact with the list.
I simply stopped having time for the SVLUG list in mid-2001, the list often suffering high volume and a serious S/N problem, but do lurk and post there on occasion.
Such callous attitudes towards end users and the "linux does not entitle you to a usable interface, so shut up and quit whining" mantra only further strengthen Microsofts hold on desktop computing and chase away people who want to make linux more usable.
That's an odd way to characterise the referenced essay, since that's not what it says. In fact, it actively encourages people who're crafting variant forms of the usual Linux distributions to meet the needs of particular user communities.
It says that computer users merely coming onto Linux mailing lists and newsgroups, and demanding that randomly selected Linux people "must" change their existing Linux distributions to meet the speaker's preferences simply doesn't work, and is likely to mostly get you politely filtered out and ignored. It says that, instead, you might want to look around and see if there's a different packaging of Linux that suits you better. And it makes a few other points about systems perceived as being "simple" usually are anything but that, and tend to just have their complexity better concealed than typical Linux people prefer.
That strikes me as being the simple truth. I doubt people who would otherwise "make Linux more usable" are "scared away" by hearing it -- in the unlikely event of their seeking it out. I suppose people wander across the page occasionally -- but you're really going a bit far out of your way to misread what I wrote.
Readers will note that I did not "call the LUG a disgrace", that being Josh's misreading: I gave my opinion that it was a disgrace for a Linux user group to very obviously not use Linux for its primary public presence, especially something Linux is particularly good at, such as Web sites.
Webmaster Jeff Burton had asked, at the top of the thread, "if anyone has any suggestions for the website or if you find an error". So, I pointed out that the Web site seemed to be pervaded with non-standard HTML characters in place of apostrophes and such (likely produced by Microsoft software), and that its HTML was a horrible tangle of tables and Javascript, which they presumably had never looked at and badly needed to. Not knowing exactly how they'd brought this about, I asked rhetorically, "What did you use, Front Page?" I said I was sorry for having to sound a bit pointed on the matter, but had been trying to call their attention to that problem for several months in e-mail, and gotten nowhere.
Note: This was before Mozilla, Konqueror, and Opera were yet in a usable state, and browsing the LUG's site with Netscape Communicator 3.x/4.x for Linux crashed one's browser frequently (probably that tangle of tables and Javascript). In that sense, the LUG's site was actively Linux-hostile.
Jeff confirmed that yes, they used Word and Front Page. So, I suggested some Linux-based alternatives (repeating what I'd already said in e-mail). But Josh had basically already hijacked the conversation at that point, by jumping in with name-calling directed at me.
I posted once more to clarify that I'd not said what Josh claimed I had, and dropped the entire subject. Some weeks later, the LUG revised its site and cleaned up the HTML, and everyone (except, apparently, Josh) was happy.
Well, I'm still sorry you feel that way, but you're still misrepresenting my views -- the details of which I don't think need repetition.
Guy, whoever you are, you obviously don't know me at all, and it was downright tacky to attack my character behind cover of anonymity, and try to sound self-righteous while doing it. Want to be concerned about "something that isn't right"? Try starting at home.
While I'm addressing the anonymity crowd: An allegedly different (I suppose) AC alleged that anyone who asks me about how to run Visio at work within Linux will get nothing but tirades against usage of Visio anywhere, on grounds of a need to "take a stand against MS". Which, I pointed out, is nothing at all like my view (as should have been obvious from The Age's article).
But anyone who bothers to check Google for my name plus "Visio" will see what I've actually said (very consistently) on that subject, when asked, for about three or four years: That some simple charting applications (dia, kivio) exist, but that anyone who is used to Visio and wants it specifically will probably end up needing to run genuine Visio via vnc or VMware; that I don't yet know of any reasonable substitutes.
Well, whoever you are, I've been perfectly glad to install every version of Red Hat Linux for all comers since v. 2.0, and have every expectation of continuing to do so indefinitely. In fact, I do so every month, routinely, at every installfest and most of my LUG's meetings. I have nothing particularly against their distribution (though there are others I generally recommend to desktop users who ask for recommendations).
But the sheer irony of your posting gratuitous, anonymous personal attacks concerning my "going far beyond what is necessary or reasonable" is really very funny.
No, I understood that anonymous attempt at character assassination -- and frankly, all of these sound very pretty like they're from the same person. It's just that I didn't see any real point in commenting.
Well, I'm sorry you feel that way (whoever you are).
I've certainly been known to tell people they "don't have to load Red Hat", if they seem to have picked up that impression and are asking my advice. For most people running desktop setups, if they ask, I tend to recommend Libranet, Lycoris Desktop/LX, Linux-Mandrake, or SuSE.
But I'm glad to help people with RH. I think three people at the last SVLUG installfest used my CDs of RH 8.0, and I duplicated a set on the spot for someone else. Currently, I also have ISOs of the post-8.0 "Phoebe" beta. A couple of days ago, I invited anyone interested to visit and make copies.
I'm sorry, but -- whoever you are -- I can only assume you've confused me with someone else. I've never had anything against usage of Visio, let alone any inclination to advise people not to "use Visio in any circumstance because it's MS junk".
The rest of this seems to be pretty generic attempted mudslinging from behind cover of anonymity, but I was really rather startled by those characterisations, e.g., the bit about moralising at people they need to "take a stand against MS".
As you'll see if you read the article, I have no interest in convincing people to "take a stand against MS". I personally prefer Linux (mostly); when/if other people prefer different software, that's entirely their business.
That's an extremely odd sort of view for you to attribute to me. Visio's a rather nice application, and I have nothing against it. Or MS-Project, particularly.
And I certainly couldn't imagine telling people not to use them. Perhaps you're thinking of someone else entirely?
Well, I'm not sure I understand, either. Sam Varghese is a really good reporter, and I always enjoy talking to him, but I wasn't really clear on why he wanted to interview me. (And the term "Linux advocate" was Sam's, not mine, by the way.) 'Hope you enjoyed reading it, anyway.
Subversion is indeed already a giant step better than CVS in all the areas where CVS was painful, while having a good migration path. Arch, OpenCM, and PRCS2 could be in the running, and Arch has that multi-repository support going for it. But I'd say Subversion is the best thing going as of right now.
The Red Hat road tour stopped at our University (SIUE) near St. Louis. For the most part almost everyone was very disipointed with the stop. It turned out to be more of a marketing ploy with them trying to sell the Red Hat Network, then a stop to realy explain the advantages of Linux and open source all together.
It's logical for them to want to talk about that, since it's almost certainly going to be their main bread-and-butter product for the medium term. It works well enough, at this point, and is packaged exactly the right way for the business users it's primarily aimed at. I may or may not want to hear an entire presentation mostly to it, but it's understandable that they'd want to talk up its virtues.
Rick Moen is an idiot. He claims that, if an MTA tries to reach all the relevant DNS servers, and none of them respond, the MTA bounces the message instead of trying again later.
What I said was that one cannot count on delivery attempts past expiration of the relevant cached DNS information, when no nameserver (or, impliedly, other source of that information such as static hostfiles) can still be reached. Which, as any sysadmin will tell you, is in fact the case. (I did not state, Prof. Bernstein's representation to the contrary, that such mail would necessarily be immediately bounced.) Thus part of the desirability of offsite backup nameservice. (There are other reasons, such as having a second authoritative host at which you can deploy to the public any needed changes to the RRs, even while the first host is unreachable to the public.)
Now, this typical tactic of yours, of seeking to derail a conversation you don't like through a barrage of personal attacks and attempting to force others to explain what they did not say, was once mildly amusing, but has proven over the years to be a colossal time-waster. I think, on the whole, that we'll not indulge you further.
Moen is also completely incorrect when he claims that my web page ``argues against the very notion of backup nameservers.''
Well, it think that's overall a fair characterisation. E.g., "The bottom line is that, for the vast majority of sites, third-party DNS service has serious costs and negligible benefits." But I'll trust people to see that for themselves, and discount these mealy-mouthed excuses concerning the nature of a Web page that -- even worse -- seems mostly intended as rationalisation for your software's scant functionality in that area.
One of the things that continues to attract me to djbdns is being able to update a domain without restarting the server... but, that's also why I'm interested in a SQL-based solution, since I can administer those pretty easily... B-)
MyDNS is looking extremely promising for such things: It back-ends into a MySQL database -- and is nonetheless very fast. The slow, bloated in-memory storage of BIND (any version) really is totally obsolete, and really should have been done away with, ages ago.
After it's been torture-tested for a while, I expect MyDNS will be widely adopted at sites where BIND's inefficient caching has begun to be a problem.
And here we are, over two years since the release of BIND 9, and there has been one native exploit, and it was in the resolver library not the server.
Just a quibble: That resolver library is actually legacy code from the antique BIND4/BIND8 codebase. I'm pretty certain there has been no new resolver code introduced with BIND9.
That is not to say that the legacy resolver code isn't a problem. On the contrary: It's buggy as a lepidopterist's closet, and is no doubt a grave security liability. But my point is that it was not part of the BIND9 from-scratch rewrite, which was of the daemon code. (This is a particularly important point to make because of all the DJB groupies going around trying to slur BIND9's reputation with BIND8's faults, usually willfully.)
Or support zone transfers rather than telling to go away and rsync your gibberish-zone-files behind the scenes.
Tim, to clarify, Prof. Bernstein talks about rsync/ssh or scp just as examples of alternate approaches that can be used to mirror zonefiles, without use of outgoing AXFR, not to mention TSIG and IXFR. And I suppose that, in fairness, that's worth considering (when you don't want/need to interoperate with other people's nameservers that do the standard zone-transfer protocols). You might be able to efficiently and reliably do pull-distribution of zonefiles in one of the ways Bernstein speaks of. It's worth trying, in some circumstances. (On the other hand, I don't see offhand how you could do push-distribution that way, without creating a security hazard.)
But Prof. Bernstein didn't merely content himself with issuing a nameserver that doesn't fully support zone-transfer protocols he deprecates and say "Hey, that's how it is. Use it if you like the design, or don't." No, he had to justify that using one of the most wacko Web pages I've ever seen, where he argues against the very notion of backup nameservers (which in DJBware jargon are termed "third-party DNS service"). That just floors me, but, yes, the man actually does say that.
On that page, you'll find a great deal of logic-chopping that presents facts that seem to support the conclusion he desires while omitting crucial ones that don't. Example: Bernstein says you needn't worry about inbound SMTP mail bouncing when your on-site DNS becomes unreachable (with no backup DNS elsewhere) because "Mail transfer agents defer delivery attempts when DNS servers are unreachable". Well, yes, but not past the expiration of any cached DNS values -- which is exactly the problem that offsite backup nameservers address.
Example #2: Bernstein says having offsite backup nameservers won't stop the mail from bouncing during an extended outage because "the SMTP servers aren't reachable either". That is, of course, a non-sequitur: You would of course have offsite backup MX hosts, in addition to your offsite backup nameservice, to ensure that "the SMTP servers are reachable".
Building up that sort of wacko justification for why offsite backup nameservers aren't useful (when clearly they are essential), just because his software supports that functionality in only a partial and eccentric fashion, is certainly the most bizarre move I've seen from the DJB camp, to date.
The pity of it is that Bernstein has a number of excellent points he's made, that people really should heed, e.g., modular design, attention to trust relationships, eschewing featuritis, careful coding to prevent buffer overflows, and not mindlessly enshrining protocols into RFCs for little reason other than BIND already doing them. If not for his unexcelled talent at pissing people off, and for wacko post-hoc rationalising like the foregoing, those important lessons would surely be more widely understood.
Part of my problem with DJB's apparently wonderful products is that they don't come "ready to run". We wanted to run qmail. Spent several weeks trying to figure out how to get it to run, though, because the documentation (at the time) sucked. The (very nice) qmail book came out about 6 months after we'd switched to postfix, though!
When DJB's qmail and djbdns products are distributed in compiled and working form with major Linux distributions, I might look at them again. However, I haven't seen that.
Jeff, you may be interested to hear that there's a new project by John Newbegin, to create a GPLed clone of qmail. It's just starting, but eventually aims to have a permanent open-source codebase into which that vast cloud of qmail patches can finally be merged and regression-tested.
(However, since you've already adopted Postfix, you no longer personally face that dilemma. A point I'll come back to, below.)
DJB's refusal to allow distribution of anything but unpatched source tarballs keeps his tools out of the hands of a lot of people, pushing them to use BIND, Sendmail, postfix, and all these other "less secure" or "less perfect" options. I can see where djbdns would be the perfect default DNS for Linux distributions... if the license allowed it.
I think the open-source MaraDNS package (again, as with you and Postfix) nicely eliminates this dilemma -- and possibly pdnsd for some caching-only situations such as workstations on demand dial-up.
Maybe the solution would be for someone to develop RPMs that include the official DJB source tarballs, all the best patches, and a script to apply the patches, then compile and install the result? B-)
More feasible than you might think. The standard way to install qmail on Debian is to apt-get the "qmail-src" package from Debian's non-free collection, then run a "build-qmail" script to Debianise-patch DJB's source tarball and compile/install it. (You must also have done the same drill with the similar ucspi-tcp-src package, first.)
But, you know, after having to spend considerable creativity finding workarounds for problems that shouldn't exist, most people will just say "Fsck it. Let's eliminate this insanity, and just use Postfix."
It's actually pretty appalling that all 13 root nameservers run BIND8 -- that any of them do, actually, but particularly that they all do. Fortunately, it looks as if the RIPE.NET root nameserver will switch to the new, and very promising (for authoritative nameservice only) NSD package, which is BSD-licensed.
No AXFR w/TSIG support yet, but it's under development.
Well, hello again, Prof. Bernstein! How refreshing it is to see you no longer brandishing legal threats, and instead lapsing into your more-customary namecalling mode.
Frankly, I don't particularly care whether you agree with John Cowan or not. I simply point people to the full text of his post, state that I found his analysis convincing, and let readers make up their own minds.
And, if Prof. Bernstein cares to dispute the matter with Cowan, I'd be delighted to see him join license-discuss@opensource.org, so I can watch the carnage from the sidelines, as the attorneys descend upon him.
Fair use is, to quote the Copyright Act, limited reproduction of parts of a copyrighted work for "purposes such as criticism, comment, news reporting, teaching. [...] In determining whether the use made of a work in any particular case is a fair use the factors to be considered shall include (1) the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes; (2) the nature of the copyrighted work; (3) the amount and substantiality of the portion used in relation to the copyrighted work as a whole; and (4) the effect of the use upon the potential market for or value of the copyrighted work. The fact that a work is unpublished shall not itself bar a finding of fair use if such finding is made upon consideration of all the above factors."
...and if your modifying the program didn't impact the market for the program, or the reputation of the author, it is almost unthinkable that a judge would decide that your modifications were illegal.
Adversely affecting the market is relevant, as my quotation from section 107 (above) explains. Attacking the author's reputation is not. But the fair-use defence as a whole, since it applies only to copying (rather than modification), and only to limited excerpts for criticism, comment, news reporting, teaching, etc., doesn't have any obvious application to your point.
There really is no "set in stone law" - each case will depend on the considerations relevant to fair use and the particulars of the case.
It is true that there is relatively little caselaw on software licensing, but any caselaw would be guided strongly by statute, such as that cited.
And, in such a case, in as much as DJB has publicly stated many times that he thinks you can and should (if you want to) modify his programs for your use, the point is really really moot.
Now, there is an important and vital point. Thank you for posting that. Yes, permission grants under copyright law may be through various means such as orally or through conduct of the parties (as opposed to assignment of copyright ownership, which must be in a particular sort of written form).
I will note, however, that I was addressing (via Cowan) Prof. Bernstein's assertion of an alleged right to modify software generally. Cowan's point (if you find his more-complete quotation from the legislative history convincing) is that the Copyright Act does not in itself grant that right, and is unlikely to be held by courts to do so.
Prof. Bernstein's softwarelaw.html page has helped many people better understand software licensing under copyright law: I definitely have. I appended Cowan's comments to my essay solely to help improve people's understanding of the legal issue by that small additional measure.
(A further comment on your book example: The question of right to modify would arise also only if a court held that you had created a "derivative work". IANAL, but I somehow doubt that scribbling in a book qualifies.)
There could certainly be cases in which modifications of source code for personal use would be illegal. But, in general, if your personal use modifications have no impact on the market for the copyrighted work or the reputation of the author, it will be fair use. Just like writing in the margins of a book is fair use.
Again, the fair-use clause concerns redistribution, not modification.
On the subject of freedoms, I agree that the right to re-distribute derivative works is a big freedom. The GNU freedoms are simpler though - the relevant right is the right to distribute your improvements of the program to others. In the case of DJB software, you can do that.
But only as source code patches against a source-code tarball that, itself, may not be distributed in "improved" form. Over the long haul, that simply cannot be not a feasible way to maintain a project, let alone successor projects that could otherwise arise as derivative works of the original (a la FreeBSD being descended from Berkeley CSRG's BSD).
You've chosen to ignore that point, and try to gloss over it with handwaves like the one preceding, several times, now. That's a shame; it seems more like propaganda than honest discussion.
Like his licenses or not, I am going to keep using it. Well, really, that is a no brainer. The stuff works and I never need to look at it.
I can well imagine. Even though I personally hated administering the stuff for a living, think its design is downright peculiar, and feel it's regrettable how often its proprietary nature is misrepresented to the public, it has some significant virtues.
But of course, so do Postfix, MaraDNS, etc.
That is the highest praise an admin could give any piece of software.
I feel the highest would be that plus "...and, unlike that DJB stuff we used to use, it didn't become effectively unmaintainable after its owner retired." But you place your money and you take your chances, eh?
Afterthought: The right to fork is such a fundamental assumption of the open-source model that it's easy to forget other vital reasons for it, beyond just the code being maintainable after its owner decides to quit. I posted before thinking of those.
When we say something is "open source", we're also implying the right to create derivative works descended from that codebase. E.g., the most important long-term fact about the Berkeley NET2, 4.4BSD, 4.4BSD-Lite, and 4.4BSD-Lite2 releases is that we got 386BSD, and then {Free|Net|Open}BSD from them. Had the U.C. Berkeley Computer Science Research Group used a Bernstein-style no-forking-allowed licence, there would have been none of those things: Their creation would have been illegal.
So, I think if you mull over your assertion that you "don't think that [a right to fork] is necessary for something to be free (as in GNU free)", you'll see that this right actually is absolutely vital and essential to the very concept.
Slashdot Mirror
Also there's Dr. Bernstein's djbdns
Already included. To repeat the relevant excerpt, for your convenience:
Proprietary packages include:
UltraDNS (UltraDNS Corporation)
djbdns/tinydns
ATLAS (Verisign)
BINDPlus (Information Network Eng. Group, Inc.)
Global Name Service (Nominum, Inc.)
NeDNS (Neteka, Inc.)
If people know of additional nameservers for Linux/*BSD, either open-source or proprietary, please e-mail me, and I'll be glad to add them to the list.
Rick Moen
rick@linuxmafia.com
BTW, what alteratives to BIND exist for Linuxand *BSD? I actually don't know and would like to know.
There are now a number of alternative packages that may have advantages for many deployments. E.g.:
MaraDNS is a general-purpose, fast DNS server package (doing recursive, authoritative, and caching roles, plus fully supporting zone transfers):
http://www.maradns.org/
pdnsd is a small caching-only DNS server with a disk-based cache, suitable for small networks and workstations:
http://home.t-online.de/home/Moestl/
Dnsmasq is a small authoritative and caching DNS server for a group of NATted / IPmasqued machines (optionally pulling names from DHCP leases):
http://www.thekelleys.org.uk/dnsmasq/
DNRD is a small caching-only DNS server for NAT / IPmasq networks:
http://dnrd.nevalabs.org/
MyDNS is a MySQL-based authoritative and caching server (no recursive service) suitable for very large sites. In such roles, it's faster and more responsive than BIND9, even though the latter uses a RAM-based cache:
http://mydns.bboy.net/
ldapdns implements the same idea, except out of an LDAP database. Again, much faster than BIND9:
http://nimh.org/code/ldapdns/
GnuDIP is an authoritative server for Dynamic DNS:
http://gnudip2.sourceforge.net/gnudip-www/
NSD is a high-performance authoritative-only daemon:
http://www.nlnetlabs.nl/nsd/
PowerDNS (open source as of 2002-11-25) is an authoritative-only daemon with a modular structure supporting various back-end information stores such as SQL databases (MySQL, PostgreSQL, Oracle 8i, Oracle 9i, IBM DB2, and others via ODBC), BIND zonefiles and other file formats, and LDAP directories. Supports AXFR zone transfers.
http://www.powerdns.com/products/powerdns/
CustomDNS is a authoritative-only daemon for both static addresses and its variant form of dynamic DNS:
http://customdns.sourceforge.net/
lbnamed is a similar authoritative-only daemon for static and dynamic information, with a load-balancing multi-machine architecture:
http://www.stanford.edu/~riepel/lbnamed/
Posadis is another fast authoritative-only daemon:
http://posadis.sourceforge.net/
dents is another general-purpose DNS server, but is perenially unfinished, and is probably dead, at this point:
http://sourceforge.net/projects/dents/
Pliant DNS Server is another general-purpose DNS server, although it may not support zone transfers:
http://pliant.cx/pliant/protocol/dns/
Yaku-NS is another small, fast general-purpose DNS server:
http://www.kyuzz.org/antirez/ens.html
Twisted Names is an authoritative and caching DNS server, written in Python:
http://twistedmatrix.com/documents/howto/names
Oak DNS Server is an authoritative and caching DNS server, supporting dynamic DNS updates and AAAA records. It's written in Python, and doesn't need to run privileged:
http://www.digitallumber.com/oak
dnsjava is a minimal, authoritative-only server, a resolver library, and a set of DNS utilities, all written in Java:
http://www.xbill.org/dnsjava/
Related:
FireDNS is a client library for DNS requests, with emphasis on speed and asynchronous processing. Written in C, and has low-timeout blocking functions. Can be used to relace standard libc resolver library functions like getbyhostname with much faster equivalent code:
http://ares.penguinhosting.net/~ian/
GNU adns is a resolver library for C (and C++) programs, and a collection of useful DNS resolver utilities:
http://www.chiark.greenend.org.uk/~ian/adns/
Proprietary packages include:
UltraDNS (UltraDNS Corporation)
djbdns/tinydns
ATLAS (Verisign)
BINDPlus (Information Network Eng. Group, Inc.)
Global Name Service (Nominum, Inc.)
NeDNS (Neteka, Inc.)
I maintain this list at http://linuxmafia.com/~rick/linux-info/dns-servers
Rick Moen
rick@linuxmafia.com
Readers note that "rather light" is being used an extremely loose synonym for "nonexistent" in this context.
You seem to have miss the Mailman archive link I posted earlier to disprove your initial post's rather scurrilous factual claim. Whereupon, as mentioned, your story suddenly mutated. The rest of your stuff, by contrast, amounted to basically name-calling:
I appreciate all the efforts to maintain interest in this "noise" for this amount of time.
Which is, to be sure, a perfectly delightful way to characterise spurts of unilateral personal flamage posted from cover of anonymity. The reason I was saying it's probably a couple of bored teenagers in west Texas reflects no intent to malign the perfectly nice folk who live there, but rather difficulty otherwise imagining anywhere -- well -- dull enough to drive anyone to that kind of public misbehaviour. Apologies to any Lubbockites I might have inadvertantly offended.
Rick Moen
rick@linuxmafia.com
His presence on the SVLUG list has been NULL....
It might well continue to be rather light, because I simply don't have time, as I'm busy with other affairs.
Anyhow: One can't notice (1) that you're changing your story between posts -- probably because your Google research was faulty? -- but also (2) that you've been the one posting abuse, noise, and uncouth behaviour. (And, for all I know, all of the AC flamers who've plagued this topic might well be the same pair of bored teenagers in west Texas. I hope for SVLUG's sake that that's so.) I honestly don't know what your problem is, but the irony's been pretty thick.
Rick Moen
rick@linuxmafia.com
SVLUG had enough of his abusive treatment of just about anyone on-list, and forced him to cease contact with the list.
I simply stopped having time for the SVLUG list in mid-2001, the list often suffering high volume and a serious S/N problem, but do lurk and post there on occasion.
Rick Moen
rick@linuxmafia.com
Such callous attitudes towards end users and the "linux does not entitle you to a usable interface, so shut up and quit whining" mantra only further strengthen Microsofts hold on desktop computing and chase away people who want to make linux more usable.
That's an odd way to characterise the referenced essay, since that's not what it says. In fact, it actively encourages people who're crafting variant forms of the usual Linux distributions to meet the needs of particular user communities.
It says that computer users merely coming onto Linux mailing lists and newsgroups, and demanding that randomly selected Linux people "must" change their existing Linux distributions to meet the speaker's preferences simply doesn't work, and is likely to mostly get you politely filtered out and ignored. It says that, instead, you might want to look around and see if there's a different packaging of Linux that suits you better. And it makes a few other points about systems perceived as being "simple" usually are anything but that, and tend to just have their complexity better concealed than typical Linux people prefer.
That strikes me as being the simple truth. I doubt people who would otherwise "make Linux more usable" are "scared away" by hearing it -- in the unlikely event of their seeking it out. I suppose people wander across the page occasionally -- but you're really going a bit far out of your way to misread what I wrote.
Rick Moen
rick@linuxmafia.com
http://www.eblug.org/forums/read.php?f=2&i=2&t =2
That URL is invalid. Here, let me help you. I believe you mean this thread: http://www.eblug.org/forums/read.php?f=2&i=22& t=2
Readers will note that I did not "call the LUG a disgrace", that being Josh's misreading: I gave my opinion that it was a disgrace for a Linux user group to very obviously not use Linux for its primary public presence, especially something Linux is particularly good at, such as Web sites.
Webmaster Jeff Burton had asked, at the top of the thread, "if anyone has any suggestions for the website or if you find an error". So, I pointed out that the Web site seemed to be pervaded with non-standard HTML characters in place of apostrophes and such (likely produced by Microsoft software), and that its HTML was a horrible tangle of tables and Javascript, which they presumably had never looked at and badly needed to. Not knowing exactly how they'd brought this about, I asked rhetorically, "What did you use, Front Page?" I said I was sorry for having to sound a bit pointed on the matter, but had been trying to call their attention to that problem for several months in e-mail, and gotten nowhere.
Note: This was before Mozilla, Konqueror, and Opera were yet in a usable state, and browsing the LUG's site with Netscape Communicator 3.x/4.x for Linux crashed one's browser frequently (probably that tangle of tables and Javascript). In that sense, the LUG's site was actively Linux-hostile.
Jeff confirmed that yes, they used Word and Front Page. So, I suggested some Linux-based alternatives (repeating what I'd already said in e-mail). But Josh had basically already hijacked the conversation at that point, by jumping in with name-calling directed at me.
I posted once more to clarify that I'd not said what Josh claimed I had, and dropped the entire subject. Some weeks later, the LUG revised its site and cleaned up the HTML, and everyone (except, apparently, Josh) was happy.
Rick Moen
rick@linuxmafia.com
Guy, whoever you are, you obviously don't know me at all, and it was downright tacky to attack my character behind cover of anonymity, and try to sound self-righteous while doing it. Want to be concerned about "something that isn't right"? Try starting at home.
While I'm addressing the anonymity crowd: An allegedly different (I suppose) AC alleged that anyone who asks me about how to run Visio at work within Linux will get nothing but tirades against usage of Visio anywhere, on grounds of a need to "take a stand against MS". Which, I pointed out, is nothing at all like my view (as should have been obvious from The Age's article).
But anyone who bothers to check Google for my name plus "Visio" will see what I've actually said (very consistently) on that subject, when asked, for about three or four years: That some simple charting applications (dia, kivio) exist, but that anyone who is used to Visio and wants it specifically will probably end up needing to run genuine Visio via vnc or VMware; that I don't yet know of any reasonable substitutes.
And that, of course, is still my view today.
Rick Moen
rick@linuxmafia.com
But the sheer irony of your posting gratuitous, anonymous personal attacks concerning my "going far beyond what is necessary or reasonable" is really very funny.
Rick Moen
rick@linuxmafia.com
Rick Moen
rick@linuxmafia.com
I've certainly been known to tell people they "don't have to load Red Hat", if they seem to have picked up that impression and are asking my advice. For most people running desktop setups, if they ask, I tend to recommend Libranet, Lycoris Desktop/LX, Linux-Mandrake, or SuSE.
But I'm glad to help people with RH. I think three people at the last SVLUG installfest used my CDs of RH 8.0, and I duplicated a set on the spot for someone else. Currently, I also have ISOs of the post-8.0 "Phoebe" beta. A couple of days ago, I invited anyone interested to visit and make copies.
Rick Moen
rick@linuxmafia.com
The rest of this seems to be pretty generic attempted mudslinging from behind cover of anonymity, but I was really rather startled by those characterisations, e.g., the bit about moralising at people they need to "take a stand against MS".
As you'll see if you read the article, I have no interest in convincing people to "take a stand against MS". I personally prefer Linux (mostly); when/if other people prefer different software, that's entirely their business.
Rick Moen
rick@linuxmafia.com
And I certainly couldn't imagine telling people not to use them. Perhaps you're thinking of someone else entirely?
Rick Moen
rick@linuxmafia.com
Rick Moen
rick@linuxmafia.com
Subversion is indeed already a giant step better than CVS in all the areas where CVS was painful, while having a good migration path. Arch, OpenCM, and PRCS2 could be in the running, and Arch has that multi-repository support going for it. But I'd say Subversion is the best thing going as of right now.
I have a listing of all known SCM software for Linux at http://linuxmafia.com/~rick/linux-info/scm.html, in case it will help.
Rick Moen
rick@linuxmafia.com
The Red Hat road tour stopped at our University (SIUE) near St. Louis. For the most part almost everyone was very disipointed with the stop. It turned out to be more of a marketing ploy with them trying to sell the Red Hat Network, then a stop to realy explain the advantages of Linux and open source all together.
It's logical for them to want to talk about that, since it's almost certainly going to be their main bread-and-butter product for the medium term. It works well enough, at this point, and is packaged exactly the right way for the business users it's primarily aimed at. I may or may not want to hear an entire presentation mostly to it, but it's understandable that they'd want to talk up its virtues.
Rick Moen
rick@linuxmafia.com
Rick Moen is an idiot. He claims that, if an MTA tries to reach all the relevant DNS servers, and none of them respond, the MTA bounces the message instead of trying again later.
What I said was that one cannot count on delivery attempts past expiration of the relevant cached DNS information, when no nameserver (or, impliedly, other source of that information such as static hostfiles) can still be reached. Which, as any sysadmin will tell you, is in fact the case. (I did not state, Prof. Bernstein's representation to the contrary, that such mail would necessarily be immediately bounced.) Thus part of the desirability of offsite backup nameservice. (There are other reasons, such as having a second authoritative host at which you can deploy to the public any needed changes to the RRs, even while the first host is unreachable to the public.)
Now, this typical tactic of yours, of seeking to derail a conversation you don't like through a barrage of personal attacks and attempting to force others to explain what they did not say, was once mildly amusing, but has proven over the years to be a colossal time-waster. I think, on the whole, that we'll not indulge you further.
Moen is also completely incorrect when he claims that my web page ``argues against the very notion of backup nameservers.''
Well, it think that's overall a fair characterisation. E.g., "The bottom line is that, for the vast majority of sites, third-party DNS service has serious costs and negligible benefits." But I'll trust people to see that for themselves, and discount these mealy-mouthed excuses concerning the nature of a Web page that -- even worse -- seems mostly intended as rationalisation for your software's scant functionality in that area.
Rick Moen
rick@linuxmafia.com
One of the things that continues to attract me to djbdns is being able to update a domain without restarting the server... but, that's also why I'm interested in a SQL-based solution, since I can administer those pretty easily... B-)
MyDNS is looking extremely promising for such things: It back-ends into a MySQL database -- and is nonetheless very fast. The slow, bloated in-memory storage of BIND (any version) really is totally obsolete, and really should have been done away with, ages ago.
After it's been torture-tested for a while, I expect MyDNS will be widely adopted at sites where BIND's inefficient caching has begun to be a problem.
Rick Moen
rick@linuxmafia.com
And here we are, over two years since the release of BIND 9, and there has been one native exploit, and it was in the resolver library not the server.
Just a quibble: That resolver library is actually legacy code from the antique BIND4/BIND8 codebase. I'm pretty certain there has been no new resolver code introduced with BIND9.
That is not to say that the legacy resolver code isn't a problem. On the contrary: It's buggy as a lepidopterist's closet, and is no doubt a grave security liability. But my point is that it was not part of the BIND9 from-scratch rewrite, which was of the daemon code. (This is a particularly important point to make because of all the DJB groupies going around trying to slur BIND9's reputation with BIND8's faults, usually willfully.)
Rick Moen
rick@linuxmafia.com
Or support zone transfers rather than telling to go away and rsync your gibberish-zone-files behind the scenes.
Tim, to clarify, Prof. Bernstein talks about rsync/ssh or scp just as examples of alternate approaches that can be used to mirror zonefiles, without use of outgoing AXFR, not to mention TSIG and IXFR. And I suppose that, in fairness, that's worth considering (when you don't want/need to interoperate with other people's nameservers that do the standard zone-transfer protocols). You might be able to efficiently and reliably do pull-distribution of zonefiles in one of the ways Bernstein speaks of. It's worth trying, in some circumstances. (On the other hand, I don't see offhand how you could do push-distribution that way, without creating a security hazard.)
But Prof. Bernstein didn't merely content himself with issuing a nameserver that doesn't fully support zone-transfer protocols he deprecates and say "Hey, that's how it is. Use it if you like the design, or don't." No, he had to justify that using one of the most wacko Web pages I've ever seen, where he argues against the very notion of backup nameservers (which in DJBware jargon are termed "third-party DNS service"). That just floors me, but, yes, the man actually does say that.
On that page, you'll find a great deal of logic-chopping that presents facts that seem to support the conclusion he desires while omitting crucial ones that don't. Example: Bernstein says you needn't worry about inbound SMTP mail bouncing when your on-site DNS becomes unreachable (with no backup DNS elsewhere) because "Mail transfer agents defer delivery attempts when DNS servers are unreachable". Well, yes, but not past the expiration of any cached DNS values -- which is exactly the problem that offsite backup nameservers address.
Example #2: Bernstein says having offsite backup nameservers won't stop the mail from bouncing during an extended outage because "the SMTP servers aren't reachable either". That is, of course, a non-sequitur: You would of course have offsite backup MX hosts, in addition to your offsite backup nameservice, to ensure that "the SMTP servers are reachable".
Building up that sort of wacko justification for why offsite backup nameservers aren't useful (when clearly they are essential), just because his software supports that functionality in only a partial and eccentric fashion, is certainly the most bizarre move I've seen from the DJB camp, to date.
The pity of it is that Bernstein has a number of excellent points he's made, that people really should heed, e.g., modular design, attention to trust relationships, eschewing featuritis, careful coding to prevent buffer overflows, and not mindlessly enshrining protocols into RFCs for little reason other than BIND already doing them. If not for his unexcelled talent at pissing people off, and for wacko post-hoc rationalising like the foregoing, those important lessons would surely be more widely understood.
Rick Moen
rick@linuxmafia.com
Part of my problem with DJB's apparently wonderful products is that they don't come "ready to run". We wanted to run qmail. Spent several weeks trying to figure out how to get it to run, though, because the documentation (at the time) sucked. The (very nice) qmail book came out about 6 months after we'd switched to postfix, though!
When DJB's qmail and djbdns products are distributed in compiled and working form with major Linux distributions, I might look at them again. However, I haven't seen that.
Jeff, you may be interested to hear that there's a new project by John Newbegin, to create a GPLed clone of qmail. It's just starting, but eventually aims to have a permanent open-source codebase into which that vast cloud of qmail patches can finally be merged and regression-tested.
(However, since you've already adopted Postfix, you no longer personally face that dilemma. A point I'll come back to, below.)
DJB's refusal to allow distribution of anything but unpatched source tarballs keeps his tools out of the hands of a lot of people, pushing them to use BIND, Sendmail, postfix, and all these other "less secure" or "less perfect" options. I can see where djbdns would be the perfect default DNS for Linux distributions... if the license allowed it.
I think the open-source MaraDNS package (again, as with you and Postfix) nicely eliminates this dilemma -- and possibly pdnsd for some caching-only situations such as workstations on demand dial-up.
Maybe the solution would be for someone to develop RPMs that include the official DJB source tarballs, all the best patches, and a script to apply the patches, then compile and install the result? B-)
More feasible than you might think. The standard way to install qmail on Debian is to apt-get the "qmail-src" package from Debian's non-free collection, then run a "build-qmail" script to Debianise-patch DJB's source tarball and compile/install it. (You must also have done the same drill with the similar ucspi-tcp-src package, first.)
But, you know, after having to spend considerable creativity finding workarounds for problems that shouldn't exist, most people will just say "Fsck it. Let's eliminate this insanity, and just use Postfix."
Rick Moen
rick@linuxmafia.com
How many root nameservers run DJBDNS?
It's actually pretty appalling that all 13 root nameservers run BIND8 -- that any of them do, actually, but particularly that they all do. Fortunately, it looks as if the RIPE.NET root nameserver will switch to the new, and very promising (for authoritative nameservice only) NSD package, which is BSD-licensed.
No AXFR w/TSIG support yet, but it's under development.
Rick Moen
rick@linuxmafia.com
Well, hello again, Prof. Bernstein! How refreshing it is to see you no longer brandishing legal threats, and instead lapsing into your more-customary namecalling mode.
Frankly, I don't particularly care whether you agree with John Cowan or not. I simply point people to the full text of his post, state that I found his analysis convincing, and let readers make up their own minds.
And, if Prof. Bernstein cares to dispute the matter with Cowan, I'd be delighted to see him join license-discuss@opensource.org, so I can watch the carnage from the sidelines, as the attorneys descend upon him.
Rick Moen
rick@linuxmafia.com
There is also fair use....
Fair use is, to quote the Copyright Act, limited reproduction of parts of a copyrighted work for "purposes such as criticism, comment, news reporting, teaching. [...] In determining whether the use made of a work in any particular case is a fair use the factors to be considered shall include (1) the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes; (2) the nature of the copyrighted work; (3) the amount and substantiality of the portion used in relation to the copyrighted work as a whole; and (4) the effect of the use upon the potential market for or value of the copyrighted work. The fact that a work is unpublished shall not itself bar a finding of fair use if such finding is made upon consideration of all the above factors."
Adversely affecting the market is relevant, as my quotation from section 107 (above) explains. Attacking the author's reputation is not. But the fair-use defence as a whole, since it applies only to copying (rather than modification), and only to limited excerpts for criticism, comment, news reporting, teaching, etc., doesn't have any obvious application to your point.
There really is no "set in stone law" - each case will depend on the considerations relevant to fair use and the particulars of the case.
It is true that there is relatively little caselaw on software licensing, but any caselaw would be guided strongly by statute, such as that cited.
And, in such a case, in as much as DJB has publicly stated many times that he thinks you can and should (if you want to) modify his programs for your use, the point is really really moot.
Now, there is an important and vital point. Thank you for posting that. Yes, permission grants under copyright law may be through various means such as orally or through conduct of the parties (as opposed to assignment of copyright ownership, which must be in a particular sort of written form).
I will note, however, that I was addressing (via Cowan) Prof. Bernstein's assertion of an alleged right to modify software generally. Cowan's point (if you find his more-complete quotation from the legislative history convincing) is that the Copyright Act does not in itself grant that right, and is unlikely to be held by courts to do so.
Prof. Bernstein's softwarelaw.html page has helped many people better understand software licensing under copyright law: I definitely have. I appended Cowan's comments to my essay solely to help improve people's understanding of the legal issue by that small additional measure.
(A further comment on your book example: The question of right to modify would arise also only if a court held that you had created a "derivative work". IANAL, but I somehow doubt that scribbling in a book qualifies.)
There could certainly be cases in which modifications of source code for personal use would be illegal. But, in general, if your personal use modifications have no impact on the market for the copyrighted work or the reputation of the author, it will be fair use. Just like writing in the margins of a book is fair use.
Again, the fair-use clause concerns redistribution, not modification.
On the subject of freedoms, I agree that the right to re-distribute derivative works is a big freedom. The GNU freedoms are simpler though - the relevant right is the right to distribute your improvements of the program to others. In the case of DJB software, you can do that.
But only as source code patches against a source-code tarball that, itself, may not be distributed in "improved" form. Over the long haul, that simply cannot be not a feasible way to maintain a project, let alone successor projects that could otherwise arise as derivative works of the original (a la FreeBSD being descended from Berkeley CSRG's BSD).
You've chosen to ignore that point, and try to gloss over it with handwaves like the one preceding, several times, now. That's a shame; it seems more like propaganda than honest discussion.
Like his licenses or not, I am going to keep using it. Well, really, that is a no brainer. The stuff works and I never need to look at it.
I can well imagine. Even though I personally hated administering the stuff for a living, think its design is downright peculiar, and feel it's regrettable how often its proprietary nature is misrepresented to the public, it has some significant virtues.
But of course, so do Postfix, MaraDNS, etc.
That is the highest praise an admin could give any piece of software.
I feel the highest would be that plus "...and, unlike that DJB stuff we used to use, it didn't become effectively unmaintainable after its owner retired." But you place your money and you take your chances, eh?
Rick Moen
rick@linuxmafia.com
Afterthought: The right to fork is such a fundamental assumption of the open-source model that it's easy to forget other vital reasons for it, beyond just the code being maintainable after its owner decides to quit. I posted before thinking of those.
When we say something is "open source", we're also implying the right to create derivative works descended from that codebase. E.g., the most important long-term fact about the Berkeley NET2, 4.4BSD, 4.4BSD-Lite, and 4.4BSD-Lite2 releases is that we got 386BSD, and then {Free|Net|Open}BSD from them. Had the U.C. Berkeley Computer Science Research Group used a Bernstein-style no-forking-allowed licence, there would have been none of those things: Their creation would have been illegal.
So, I think if you mull over your assertion that you "don't think that [a right to fork] is necessary for something to be free (as in GNU free)", you'll see that this right actually is absolutely vital and essential to the very concept.
Rick Moen
rick@linuxmafia.com