"On the other hand it's wonderful how wise and insightful his remarks are. Face it, the vast majority of time people spend on the internet is wasted in stupid, distracting ways."
How come most popular books in libraries are nothing more than stupid time-losers ?
It's much harder if author at least makes some steps to counteract this. Like uploading his/her book to a server somewhere far away or tucking it along in some torrent of a popular game. Etc.
They'll probably use stateless autoconfiguration (since it's easier). That way Comcast will assign your computer/80 prefix and the rest 48 bits are derived from your MAC address. Or you can configure them manually for a nice-looking number.
The language itself is OK (though not quite on par with C#) and execution environment is pretty nice (though startup delay is _still_ noticeable). But there's NO TOOLS FOR DESIGNERS. And that means DOOOOOM!
At the same time, Microsoft Expression Blend is really nice. And Adobe's tools are really great.
First, a special strain of flu virus (A/PR/8/34) is combined with the target virus. The strain A/PR/8/34 is not very pathogenic for humans, but grows readily in eggs.
So there's really not even a trace of a target flu virus in vaccines.
Next, inactivated flu virus is filtered and purified (by centrifugation, chromatography, etc.) to remove nucleic acids, other viral material and all sort of cell debris. So for all practical purposes, flu vaccine does not contain live or even attenuated flu viruses.
In fact, flu vaccine is so non-immunogenic that special adjuvants are needed to boost body's response.
The problem is here (view.c, row 1176): ===========/*
* If the zone is defined in more than one view,
* treat it as not found.
*/
zp = (zone1 == NULL) ? &zone1 :
result = dns_zt_find(view->zonetable, name, 0, NULL, zp);
INSIST(result == ISC_R_SUCCESS ||
result == ISC_R_NOTFOUND ||
result == DNS_R_PARTIALMATCH); ===========
And I have to define this zone in the external view as well, for NOTIFY support.
Frankly, I don't understand the reason for this behavior. It can be disabled easily, but I'm not brave enough to modify BIND9.
"OK, but it still doesn't address the problem of when to trigger a sync. Do you run it from a cron job, or can you script it from the dynamic DNS update program? "
You can script it (I use a cron job, because I don't need fast updates).
"Actually, I guess you could relay the update request out to the slaves and not worry about syncing it often. Is that possible?"
Yes, there's actually a plugin which uses SMTP/POP3 to broadcast changes (which is a neat idea, IMO). It's also easy to pipe notifications through SSH.
"What I meant was that I didn't understand what you were trying to do and so can't confirm or refute it on my own."
Ok, it's a bit complicated. I have a master DNS in USA which hosts my zone and I also have a LAN in Ukraine.
I want to set up a DNS in my LAN which has a copy of my master zone so we can survive Internet outages without disruption of work. Of course, I don't want this DNS to be authoritative for my zone.
So I tried to set up a configuration with two views: internal and external. Internal view hosts a slave zone and performs recursive resolving. External view only listens for NOTIFYs for the slave zone.
BIND pulls the slave zone and keeps it in sync, no problem.
But it doesn't use it to resolve queries from my LAN! Instead, it forwards requests to my zone's nameservers. Even though it has a full copy of my zone.
If I disable views then it all works just fine, but it means that I expose a recursive DNS resolver to the whole world.
"That's not quite right. IXFR is implemented in BIND as a journal playback (O(1)), but rsync has to examine the entire database for changes to propagate (O(n), where n = number of records in the zone)."
Yes, you are right. But in practice, rsync works fast enough even with zones with hundreds thousands of hosts.
With djbdns I can easily try to use SVN or git for zone updates.
"How do you customize djbdns without patching source code?"
djbdns is incredibly modular. It's a collection of small utilities, each doing a separate job.
"What do you mean exactly? You've already made your choice and that's cool, but I'd be willing to bet that BIND does actually support that feature."
No, it doesn't. It works only if I disable views. I checked BIND source to be sure.
"Whenever they get their DHCP lease, they say, "hey, user23.lan.example.com is now at 10.0.0.8". BIND dutifully updates its records and relays that message to the slave BINDs."
Yes, djbdns can process dynamic DNS updates (via special plug in). Yes, it can then relay records to slaves _or_ you can make multi-master replication (if your master is down).
"If so, what happens when updates start to come in faster than rsync can copy them to the slaves (I can imagine some pretty large zones with tens of thousands of machines) - do you just accept that they're only synced every x minutes and call it good?"
rsync is incremental protocol. _EXACTLY_ like IXFR used in BIND. So there won't be much difference.
"What if you want to push those updates to your registrar's hosted DNS?"
djbdns supports AXFR.
"They're also RFC standards that let my servers talk to their compliant peers without having to roll out an extra parallel PKI like you've had to do."
You miss the point - any self-respecting organization _already_ has PKI. But BIND _forces_ to create yet another security hierarchy, with completely different administration tools and security model. Also, AXFR and IXFR are clear-text and do not support encryption.
And the worst of it - you can't customize BIND without patching source code. No wonder, that ActiveDirectory and Novell Directory Services do not use IXFR/AXFR for zone transfers.
Personally, I switched to djbdns when I found out that I can't have a hidden DNS slave which can correctly work with views (i.e. I wanted a recursive resolver for my LAN with replicated zone). BIND just doesn't support it. I was able to script it with djbdns in ~2 hours.
I've switched my entire infrastructure to djbdns and I'm glad I did it.
For example, I don't need TSIGs because djbdns uses plain rsync over SSH (which utilizes my PKI) for zone transfers. Dynamic updates are performed using simple shell scripts.
"On the other hand it's wonderful how wise and insightful his remarks are. Face it, the vast majority of time people spend on the internet is wasted in stupid, distracting ways."
How come most popular books in libraries are nothing more than stupid time-losers ?
It's much harder if author at least makes some steps to counteract this. Like uploading his/her book to a server somewhere far away or tucking it along in some torrent of a popular game. Etc.
I'd say about 0.1 versus 0.1
No, on the second thought it's 0.1 versus 0.00001 (once you consider Bible and other religious literature).
Sorry, I can't drink with you. I need to walk my dancing bear through the Red Square.
IPv6 core is NOT a draft standard for about 8 years now.
Some details were only recently approved, but they generally do not have effect on end-user (Windows XP already had a working IPv6 stack).
I've been running IPv6 on my computers (including Windows XP-based ones) for a year now, without any problems.
They'll probably use stateless autoconfiguration (since it's easier). That way Comcast will assign your computer /80 prefix and the rest 48 bits are derived from your MAC address. Or you can configure them manually for a nice-looking number.
Soon drones will probably use laser links to low-orbit satellites. Try to jam that.
Good. Do you want to be killed by a targeted strike? For example, once one of the 'terrrist' states develops similar technology?
We actually have a minuscule effect on climate, yes.
But our greenhouse gases have effect on how our planet adsorbs and reflects Solar radiation. And Sun, as you've said, is more than 99% of climate.
I live in a country with 18% VAT (which for consumers is pretty much equivalent to "sales tax").
There's not that much VAT tax evasion.
So far, JavaFX is an utter failure.
The language itself is OK (though not quite on par with C#) and execution environment is pretty nice (though startup delay is _still_ noticeable). But there's NO TOOLS FOR DESIGNERS. And that means DOOOOOM!
At the same time, Microsoft Expression Blend is really nice. And Adobe's tools are really great.
It's complicated...
First, a special strain of flu virus (A/PR/8/34) is combined with the target virus. The strain A/PR/8/34 is not very pathogenic for humans, but grows readily in eggs.
So there's really not even a trace of a target flu virus in vaccines.
Next, inactivated flu virus is filtered and purified (by centrifugation, chromatography, etc.) to remove nucleic acids, other viral material and all sort of cell debris. So for all practical purposes, flu vaccine does not contain live or even attenuated flu viruses.
In fact, flu vaccine is so non-immunogenic that special adjuvants are needed to boost body's response.
Flu vaccines _do_ _not_ use a weakened viruses. They use _proteins_ from virus envelope, the don't contain viral RNA.
So it's not possible to get a flu infection from a flu vaccine.
No, they won't. Silverlight 3 is miles ahead of Mono technically right now.
I don't see that changing any time soon.
The problem is here (view.c, row 1176): /*
===========
* If the zone is defined in more than one view,
* treat it as not found.
*/
zp = (zone1 == NULL) ? &zone1 :
result = dns_zt_find(view->zonetable, name, 0, NULL, zp);
INSIST(result == ISC_R_SUCCESS ||
result == ISC_R_NOTFOUND ||
result == DNS_R_PARTIALMATCH);
===========
And I have to define this zone in the external view as well, for NOTIFY support.
Frankly, I don't understand the reason for this behavior. It can be disabled easily, but I'm not brave enough to modify BIND9.
Yes. So do I:
=====
view "internal" {
match-clients {127.0.0.0/8;192.168.20.0/24;};
recursion yes;
zone "somezone.net" {
type slave;
file "/var/cache/bind/somezone.net";
masters {xxx.xxx.xxx.xxx;};
};
};
=====
Doesn't work.
Have you checked that it really works while you're offline? If it does, then can you send me named.conf, please?
Is your office's BIND slaved to master? Or justs hosts a master zone in the private view?
The latter works fine, I used it all the time in BIND before I migrated to djbdns.
Yes, it's the latter.
BIND tries to resolve names in my zone just as usual (i.e. by asking authoritative nameservers), even though it has a complete copy of my zone.
Setting up two nameservers would work, but it's incredibly clumsy.
Also, I was able to automate some other tasks with djbdns. Particularly, handling of split-view DNS for another zone.
"OK, but it still doesn't address the problem of when to trigger a sync. Do you run it from a cron job, or can you script it from the dynamic DNS update program? "
You can script it (I use a cron job, because I don't need fast updates).
"Actually, I guess you could relay the update request out to the slaves and not worry about syncing it often. Is that possible?"
Yes, there's actually a plugin which uses SMTP/POP3 to broadcast changes (which is a neat idea, IMO). It's also easy to pipe notifications through SSH.
"What I meant was that I didn't understand what you were trying to do and so can't confirm or refute it on my own."
Ok, it's a bit complicated. I have a master DNS in USA which hosts my zone and I also have a LAN in Ukraine.
I want to set up a DNS in my LAN which has a copy of my master zone so we can survive Internet outages without disruption of work. Of course, I don't want this DNS to be authoritative for my zone.
So I tried to set up a configuration with two views: internal and external. Internal view hosts a slave zone and performs recursive resolving. External view only listens for NOTIFYs for the slave zone.
BIND pulls the slave zone and keeps it in sync, no problem.
But it doesn't use it to resolve queries from my LAN! Instead, it forwards requests to my zone's nameservers. Even though it has a full copy of my zone.
If I disable views then it all works just fine, but it means that I expose a recursive DNS resolver to the whole world.
"That's not quite right. IXFR is implemented in BIND as a journal playback (O(1)), but rsync has to examine the entire database for changes to propagate (O(n), where n = number of records in the zone)."
Yes, you are right. But in practice, rsync works fast enough even with zones with hundreds thousands of hosts.
With djbdns I can easily try to use SVN or git for zone updates.
"How do you customize djbdns without patching source code?"
djbdns is incredibly modular. It's a collection of small utilities, each doing a separate job.
"What do you mean exactly? You've already made your choice and that's cool, but I'd be willing to bet that BIND does actually support that feature."
No, it doesn't. It works only if I disable views. I checked BIND source to be sure.
"Whenever they get their DHCP lease, they say, "hey, user23.lan.example.com is now at 10.0.0.8". BIND dutifully updates its records and relays that message to the slave BINDs."
Yes, djbdns can process dynamic DNS updates (via special plug in). Yes, it can then relay records to slaves _or_ you can make multi-master replication (if your master is down).
"If so, what happens when updates start to come in faster than rsync can copy them to the slaves (I can imagine some pretty large zones with tens of thousands of machines) - do you just accept that they're only synced every x minutes and call it good?"
rsync is incremental protocol. _EXACTLY_ like IXFR used in BIND. So there won't be much difference.
"What if you want to push those updates to your registrar's hosted DNS?"
djbdns supports AXFR.
"They're also RFC standards that let my servers talk to their compliant peers without having to roll out an extra parallel PKI like you've had to do."
You miss the point - any self-respecting organization _already_ has PKI. But BIND _forces_ to create yet another security hierarchy, with completely different administration tools and security model. Also, AXFR and IXFR are clear-text and do not support encryption.
And the worst of it - you can't customize BIND without patching source code. No wonder, that ActiveDirectory and Novell Directory Services do not use IXFR/AXFR for zone transfers.
Personally, I switched to djbdns when I found out that I can't have a hidden DNS slave which can correctly work with views (i.e. I wanted a recursive resolver for my LAN with replicated zone). BIND just doesn't support it. I was able to script it with djbdns in ~2 hours.
BIND is PITA. It's not modular.
I've switched my entire infrastructure to djbdns and I'm glad I did it.
For example, I don't need TSIGs because djbdns uses plain rsync over SSH (which utilizes my PKI) for zone transfers. Dynamic updates are performed using simple shell scripts.
Everything is pretty simple.
http://www.rsdn.ru/forum/philosophy/1710544.1.aspx - sorry, it's in Russian. You can download benchmark here: http://www.rsdn.ru/File/37054/benchmark.zip Basically, it creates, stat()s and deletes lots of files. As you can see, performance in Windows is quite poor.
I have several more microbenchmarks and _all_ of them work faster on Linux. As a not-very-micro-benchmark: git works way faster on Linux.
And it's not the problem of NTFS itself, because ntfs-3g on my computer _still_ works faster for a lot of operations than the native NTFS in Windows!
"And Microsoft Word won't benefit from a parallelized UI until you have users trying to click on menu buttons at the same time they are typing text."
Or maybe, you know, until user starts spell-checking in the background? Or maybe pagination of a large document?