woody wrote "and the usual kids-ranting-at-each-other" and so i'm back again:
No IXFR, no automatic notification of bind slaves (you get to run a separate notify script) ...
No RFC requires a specfic system of notification.
true enough, RFC1996 (thanks again randy!) isn't actually required -- it's just convenient to speak the same protocol between all authority servers for a given zone. i guess sometimes that's rsync.
Seperate notify scripts are ok, rsync is even better! Oh wait, does bind support rsync ?
back before rsync, there was rdist. and because BIND4.8 was horrid at AXFR, i admit that i used rdist to move zones around. rsync is quite a bit better, and i know of people who use it to move zones around between BIND9 authority servers because the access control and secrecy features can use the same configuration infrastructure as their other sysadmin-related file sharing. i myself am quite comfortable with DNS I-N-D (IXFR, NOTIFY, DYNUPD) and so i move zones using IETF protocols rather than rdist/rsync/etc. but there's nothing that prevents multiple BIND servers from all thinking of themselves as "masters" and having their "zone files" managed by external programs such as rdist or rsync.
... (as in it returns all the A records in the same order every time, whereas bind does this in a different order ...)
Bind should patent this.
BIND's publisher is a public benefit corporation, so our only reason for filing a patent would be for defense, and we consider the prior art strong enough in the case of round-robin DNS that no defensive patent is needed.
No v6 support without a patch either
Oh yes, patch, patch ... welcome to patching hell if you run qmail or any other djb ware :)
Yeah we tech folk hate patching.
people with a lot of servers to run have to use configuration control on their operating systems and utilities and config files. if a vendor will offer patched binaries through "rpm" or "/usr/ports" or whatever then everything gets easier. djb's license precludes this kind of repackaging, is what i'm hearing. ISC uses a BSD-style license, and i personally think that anything more restrictive, even GPL or LGPL, is suboptimal. apparently DJB's license is even more restrictive than GPL, which is hard to fathom.
As I mentioned earlier, djb - non-djb is a religion thing:
perhaps to you it is. perhaps to DJB it is. perhaps to many, DJB is. but the arguments i'm seeing tonight for/against djbware are engineering arguments, not religious arguments.
rfc-wise, feature-wise (bind supports something, tinydns should too).
the people who are happy with djbware are VERY happy with it. no argument from me on that point. in <http://www.circleid.com/article/774_0_1_0_C/>, i wrote: ... Those are good articles. But Jacco's site at <http://www.bind9.net/> is also very good, and includes all kinds of useful links. Education is good. Administrators can also look at alternatives to BIND such as DJBDNS located at http://cr.yp.to/djbdns.html. OK, so some of you were wondering why I bothered to respond to this obvious "hit piece" written by someone without much background in the field -- maybe the same yet-to-be-fired marketing wizard who came up with the name "Internet Storm Center" when the term ISC had another, much stronger, much older, meaning. I was going to Just Hit Delete -- something you should never do with spam, by the way! Until I saw the DJBDNS reference. Mr. Bernstein has what could politely be called a grudge against... well, almost everybody. His software seems to work, and it has a loyal and committed user base. But if you're going to look at alternatives to BIND, you need more options, and you need a better reason. For more options, check out Nominum's ANS and CNS products, and NLNetLabs' "NSD", and Cisco's DNS/DHCP Manager, and Microsoft's Advanced Server product. (I'm sorry if I'm leaving somebody out, that's off the top of my head.) For a better reason, discard "I don't want to have to learn about patches and apply them every year or two" since no vendor will ever be able to guaranty this. If you want help staying patched, talk to ISC about BIND support, or talk to your operating system vendor, or talk to your ISP. Help is out there. ... -- Paul Vixie