On 4/9/2005 1:50 AM +0100, Paul Vixie wrote:

Count Server Software [snip some list]

One could also put together a list based on: - Security holes. - Amount of code - Bloatness - Seperation of functionality - # of seconds it takes to load huge amounts of zones In the end, it all comes down to religion: Bind people don't ack djb points and vice versa. Niek Baakman --

niek@asbak.coding-slaves.com (Niek) writes:

One could also put together a list based on: - Security holes.

in BIND9-- zero so far.

- Amount of code

in BIND9-- % find . -name '*.[chyl]' -print | xargs wc -l | awk '{X+=$1} END {print X}' 687674

- Bloatness

in BIND9-- none.

- Seperation of functionality

in BIND9-- you got me on this one, we have one daemon that does everything.

- # of seconds it takes to load huge amounts of zones

in BIND9-- you got me on this one. in BIND9.3.1-- better but not good enough, BIND9.4 will be better still.

In the end, it all comes down to religion:

no.

Bind people don't ack djb points and vice versa.

i don't ack djb's existence, not merely his "points." i'm happy to ack your points, and debate them, though. -- Paul Vixie

* david.conrad@nominum.com (David Conrad) [Sat 09 Apr 2005, 10:14 CEST]: [..]

PowerDNS: Yes (authoritative only) [..] (I might have gotten some of these wrong)

You are - PowerDNS has pdns_recursor and has for quite a while. Uses less memory than BIND and is faster too. Potential conflict of interest: I know the author personally (and he's a truly nice guy). -- Niels. -- The idle mind is the devil's playground

...

Fortunately, if it is a religion, I am agnostic in the BIND vs. DJB war since I work for a company that has created a product that could be argued competes with both... :-).

and from what i've heard, everyone who has tested nominum's ANS and/or CNS has been impressed with the performance, protocol compliance, and usability. (only the fact that it's commercial software, possessing a price tag, keeps it from being even more popular than it already is.)

Didn't Nominum write BIND9, and doesn't / didn't it provide commercial support for it? I'd think / hope that would give you a slight slant in one direction.

all of the developers who worked on BIND9 worked at nominum or its predecessor (internet engines), and most of them are still at nominum. note, though, that this work was done under contract to ISC, who owns the copyright and who is BIND9's current developer and publisher. nominum and isc now both offer "commercial" (for a fee) support for BIND9, but i suspect nominum would prefer to sell and support ANS/CNS than just support BIND9.

And he's obsessed with the idea of "The BIND Company" http://cr.yp.to/djbdns/blurb/bindmoney.html

apparently, every political sphere needs an axis of evil to keep it focused. -- Paul Vixie

On Fri, 08 Apr 2005 23:50:51 -0000, Paul Vixie said: OK. So one of them is a Honda Civic, and one is an M3. And I really don't care which is which, because:

Count Server Software Version 2673 BIND 4.9.3 -- 4.9.11

Gaak. :) Some of us are obviously still walking barefoot down unpaved muddy streets in third world countries. It's time for *both* camps to send in the missionaries to save the poor heathen zone file's immortal souls, or at least provide safe drinking water or something.. ;)

Vicky - "Thou shalt not post about DJB software to a mailing list Vixie reads regularly". I take it you didn't listen in bible study class.. I had a play with DJBDNS after using BIND for years. Here's why I switched back: - No AXFR support - No TCP support - I was forced to use DJBs naming conventions for zones - Licensing - Installation Now, it looks like some of this has changed in the past few years, but at the time I was unable to provide a bunch of services that I wanted to because of these "missing features". One of the reasons I see people quoting for their transition from BIND to DJBDNS is "BIND is hard to configure". Really. If you've got a good understanding of DNS (which, IMO, is required to run DJBDNS effectively), and you're finding BIND hard to configure, you'd best unsubscribe now and start looking for work elsewhere. The other one is "BIND is a bigger binary than DJBDNS". So? It's the 00's kids, RAM and disk are cheaper than a hooker scraping for a fix. My licensing and installation points above are common to all DJB software. I'm a lazy bastard. I want to click a button or tap some keys and have stuff happen in a way I understand and trust. I don't want to have my hosts littered with weird arcane trash that isn't looked after by my packaging system. If DJB were to allow people to provide binary packages of his software, this point wouldn't exist. Anyway, in closing - Run BIND9. Save yourself. On 9/04/2005, at 12:19 PM, Chris Kuethe wrote:

On Apr 8, 2005 4:55 PM, Vicky Rode <vickyr@socal.rr.com> wrote:

...

http://software.newsforge.com/article.pl?sid=05/04/06/197203&from=rss

Just wondering how many have transitioned to djbdns from bind and if so any feedback.

regards, /vicky

I used to use djbdns on my laptop for testing things, and then I took an afternoon, learned to write BIND zone files, and decided I should just use the BIND that comes with so many modern unixen and that powers so much of the internet anyway...

Since then, I've always preferred deploying bind over djbdns. Even if it was easier to configure, the installation process for DJBDNS always really annoyed me. So that's a djbdns *to* bind transition story.

CK

-- GDB has a 'break' feature; why doesn't it have 'fix' too?

On Apr 9, 2005 7:26 AM, Niek <niek@asbak.coding-slaves.com> wrote:

On 4/9/2005 3:46 AM +0100, Nathan Ward wrote:

...

I had a play with DJBDNS after using BIND for years. Here's why I switched back: - No AXFR support It supports this.

No IXFR, no automatic notification of bind slaves (you get to run a separate notify script) ... But yes, it is far easier to use, consumes very low amounts of memory and makes an excellent local resolver cache e&oe no roundrobin DNS without a patch (as in it returns all the A records in the same order every time, whereas bind does this in a different order ...) No v6 support without a patch either Oh yes, patch, patch ... welcome to patching hell if you run qmail or any other djb ware :) --srs -- Suresh Ramasubramanian (ops.lists@gmail.com)

On Apr 9, 2005 7:47 AM, Niek <niek@asbak.coding-slaves.com> wrote:

...

Oh yes, patch, patch ... welcome to patching hell if you run qmail or any other djb ware :) Yeah we tech folk hate patching.

I like it - as long as I dont have to spend all my time on it. Take qmail for instance - or at least netqmail that adds a set of patches to make qmail borderline modern and usable (e&oe the "comparison table" that rates it against sendmail 8.8, exim 2.x etc) Add a couple more patches for tls, smtp auth etc, then try patching for (say) mysql or ldap support. Too many patches, none of which are guaranteed to play well with each other without some re-patching If djb would just have done what most other mta authors (especially Wietse Venema and Philip Hazel) do, and be more open to rolling contributed patches into qmail, or into other software he's written, well it'd be more usable But right now, if you are running anything other than a barebones mta, or barebones dns, if you want to spend your time doing other things than being a coding slave .. have fun running djbware --srs (who needs a barebones dns server and resolver, so installed tinydns) -- Suresh Ramasubramanian (ops.lists@gmail.com)

On Sat, 9 Apr 2005, Niek wrote:

On 4/9/2005 3:46 AM +0100, Nathan Ward wrote:

...

- I was forced to use DJBs naming conventions for zones If you administer 2-3 domains, sure it's an hassle, if not, put code-monkeys to work. Most script people I know love the tinydns zone structure in comparison to bind's one.

because instead of MX you have . or + or - or : or something so helpfully meaningful... same for NS and A and CNAME... Yes, 1 more level of indirection is not always a good thing. -chris (not that I dislike djbdns, i just don't understand why things have to be 'different' so very much... and if bind works, why use djbdns?)

oddly enough, i still consider this on-topic, even though it has more to do with sysadmin than netops. adam@flounder.net (Adam McKenna) writes:

Try writing a script to parse BIND zone files.

why on earth would i want to do that? BIND might be storing it in SQL or BerkeleyDB or some other DB/SDB/DBZ container. or the server might not be BIND at all. the right way to do this is in Perl if you've got it: our $zones = { }; $res->nameservers($ns); my @zone = $res->axfr($mz); foreach my $rr (@zone) { next unless $rr->type eq 'TXT'; my ($name, @words) = ($rr->name, $rr->char_str_list()); my ($attr, $value) = @words; $name =~ s/$mzp//; $zones->{$name}->{$attr} = $value; } as operators we should all strive to make our tools as robust and as independent as possible. i'm very glad that nothing i've written depends on the format of zone files. if you don't have perl, just use "dig", pipe it to awk or sed or cut or whatever, and once again you'll have a server-independent format. AXFR is your friend, don't ignore it.

...

(not that I dislike djbdns, i just don't understand why things have to be 'different' so very much... and if bind works, why use djbdns?)

A Honda Civic will get you to work and back, so why buy an M3?

because there might be a hill.

As with many other things in the IT world, this decision boils down to several factors. Who wrote it, or how popular it is, if you are a true techie, should be close to the bottom of that list.

amen. -- Paul Vixie

On Mon, 11 Apr 2005, william(at)elan.net wrote:

Surely, you aren't saying that is somethig wrong with that or that they are making non-compliant product just because they choose to use different "proprietary" protocol when two of their products interact with each other (while still supporting standard protocols for other systems)? Otherwise if we do use your rationale tha product is bad when it does it, then all my cisco equipment would be considered bad!

The way that the went about it is certainly irresponsible: 1) They first thought they had to change AXFR to accomodate IXFR (they didn't really, but due to BIND architecture, it may have been easier) 2) Then they discovered a vagueness in the RFC describing AXFR. 3) Then, instead of clarifying the RFC first, they altered their protocol. Knowing that other implementations would not interoperate, they included code to detect BIND9, and code to turn off non-standard protocol. 4) Then they deployed BIND9 on an unsuspecting user community. 5) Then, after criticism, finally decided to try to clarify the draft, assuming that their employee who was a Working group co-chair would breeze through the change. As justification for the change, they asserted it would be easier for the 6 or 8 other DNS implementations to change their installed base than to change BIND9. (holy cost-shifting, batman) They should have realized that a non-interoperable change was going to be tough to push though: That the likely outcome where 6 or 8 other implementations (including their own) had read the draft a particular way originally, would probably result in a clarification that the original particular way was what was really meant. They used bad judgement, to put it mildly. Cisco has done some non-standard things, and it has gotten some well-deserved criticism for them, as well. But Cisco hasn't done anything that is quite this blatantly irresponsible. In most cases that I can think of (cisco hdlc, skinnystation--which technically wasn't cisco), standards and implementations were far and few between and they formed up as best they could to actually have a working product in an immature market. That isn't the same as what BIND9 did. DNS is a mature and pretty well-defined protocol.

...

Its not a real big problem, though the BIND9 detection might be dicey. An implmentation that pretends to be BIND (but not using the proprietary protocol) might have a problem. But so far as I know, there are no such implemenations at present, so its not a big problem, at least, not right now, anyway. It could be a problem later, if someone introduces a server that pretends to be BIND9, but isn't.

Nobody should be producing product that "pretends" to be something else, that itself would be a problem and may even be illegal if BIND name is trademarked (and even if its not if somebody makes different product that is using bind name and that product does not work or works differently, it creates dillusion and bad reputation for makers of bind and so its something ISC could legally demand to be stopped).

BIND is an acronym of Berkeley Internet Name Daemon. I've heard that Vixie claims a trademark on this, but it seems rather like the linux trademark issue of a few years ago. I didn't hear that they purchased the copyright from the University of California. So, I don't think it is his to trademark, and it was a common term in use well before ISC existed. ISC didn't write BIND, but has only maintained and modified it over the years. They own modifications, at most. But even if they did purchase the copyright from Berkeley, we are talking about what amounts to packet signatures. Fair use allows one to create interoperable products. [DMCA 1201(f), I think]. For example, many web browsers "pretend" to be other browsers. There are also examples of packet signature changing, so that your linux box appears to be a netbsd box, for instance. One can always interoperate if one can figure out how. Trademark issues are only relevant to marketplace branding, not to protocol details. (I'm LPF president for something like 13 or 14 years, I know a little bit about copyrights, trademarks and patents.) --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000

Date: Mon, 11 Apr 2005 11:20:07 -0700 (PDT) From: "william(at)elan.net" <william@elan.net> Sender: owner-nanog@merit.edu

On Mon, 11 Apr 2005, Dean Anderson wrote:

[critisicism of AXFR in BIND9 snipped]

Again, the point of all of that is that they chose to implement protocol that is non-standard, but knowing that they made sure that this would only be used between BIND9 programs. This is proprietary protocol but as long as its used only when their products are talking to each other, there is nothing substantially wrong. Well ok, what maybe wrong is that they still call it AXFR instead of clearly calling it something like AXFR-BIND9.

Note that it matters, but cisco has very many prorprietary additions, just take "weight" in bgp routes for instance. Since these features are only used for communication between two cisco routers there is nothing seriously wrong with them having such a features.

...

5) Then, after criticism, finally decided to try to clarify the draft, assuming that their employee who was a Working group co-chair would breeze through the change. As justification for the change, they asserted it would be easier for the 6 or 8 other DNS implementations to change their installed base than to change BIND9. (holy cost-shifting, batman)

That is why some people now say its now IVTF and not IETF. Large vendors (large by comparing their share in the market for particular area or simply a very large company that things its owns the world) try to bully everyone else to accept what they want because they own the market. Luckily for us this is not OASIS and IETF would not often accept such tactics, although its getting worth lately...

In any case BIND folks got properly punished for attempting to do it and as long as they support standard way and inter-operate with other products its fine; and if they think their proprietary way is better for when two bind daemons talk to each other, that is fine too and I accept it.

...

...

Nobody should be producing product that "pretends" to be something else, that itself would be a problem and may even be illegal if BIND name is trademarked (and even if its not if somebody makes different product that is using bind name and that product does not work or works differently, it creates dillusion and bad reputation for makers of bind and so its something ISC could legally demand to be stopped).

BIND is an acronym of Berkeley Internet Name Daemon. I've heard that Vixie claims a trademark on this, but it seems rather like the linux trademark issue of a few years ago. I didn't hear that they purchased the copyright from the University of California. So, I don't think it is his to trademark, and it was a common term in use well before ISC existed. ISC didn't write BIND, but has only maintained and modified it over the years. They own modifications, at most.

Well, Paul Vixie wrote bind and he started ISC later to provide more organization to his work and supporting it further, so I really dont see a problem with consdering BIND to be ISC product even if original acronym was more general (though I doubt he could get it trademarked because of all that)..

William, Paul Vixie did NOT write the original BIND. The first BIND version (4.3?) was written by the CSRG at UC Berkeley by Kevin Dunlap who was on loan to CSRG by Digital (who also employed Paul at that time). When Paul took over support of BIND at about 4.4, it was a horrid mess and rapidly moving toward death. After some fixes and clean-up of the code, the first real BIND from Paul was 4.8. ISC (including Paul) wrote BIND 8. BIND 9 was contracted out to Nominum and one of the stipulations was that the existing code base could not be used at all and another was that the team that wrote BIND 8 should not work on BIND 9. For that (and other) reason, Paul did not write any of BIND 9. Paul is welcome to correct any of this as my memory is probably failing on details. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634

On Mon, 11 Apr 2005, Kevin Oberman wrote:

When Paul took over support of BIND at about 4.4, it was a horrid mess and rapidly moving toward death.

As long as we are getting history out, It was moving towards death as a _result_ of Vixie involvment from 1987-1994. I knocked heads with Vixie around 1989/91 several times about Hesiod root servers, bugs and such issues. Vixie was a such a jerk back then that I just gave up on DNS altogther for about 10 years, as did a lot of other people. That's what caused it to languish so that by 1994, Vixie could "take it over". But it was a mistake on to let it go to him. DNS in general has languished for 10 years, at least. Look how long it took to get DNSSEC. Compare DNSSEC to SSL, for example. Or HTTP. Of course, on the other hand, if he wasn't such an butthead, we wouldn't have the veritable bonanza of DNS implementations, today. So, I suppose unreasonable jerks are good overall, perhaps. I was surprised to read that no BIND8 developers were allowed to touch BIND9. I knew that Vixie wasn't involved, but I thought there was a more specific reason for that. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000

On Mon, 2005-04-11 at 17:30 -0400, Dean Anderson wrote:

As long as we are getting history out, It was moving towards death as a _result_ of Vixie involvment from 1987-1994. I knocked heads with Vixie around 1989/91 several times

"knocked" implies past tense. I'd say that you are still exhibiting that behavior. Give it a break guys, even I'm tiring of this. Moderators??? -Jim P.

there are replies to three messages here, in an attempt to sweep up the thread and/or end it. i can see from the tailings that a lot of you are not only reading dv8's posts, but replying to them. i'm trying to sort out the part of the result that's meaningful in spite of that poison. note that the BIND9 code base is completely forkable. some dns pirates added code to 9.0.0 to try to make it look at more than one set of root name servers, which was naive on their part but they were acting in the spirit and the letter of the BSD-style license we use. (of course, we thought their patch was silly, so we didn't incorporate it into the code base we publish from.) apparently they, and their bind9 fork, are now lost in the weeds of prehistory. --- william@elan.net ("william(at)elan.net") writes:

Again, the point of all of that is that they chose to implement protocol that is non-standard, but knowing that they made sure that this would only be used between BIND9 programs.

no, that's not what we did at all.

This is proprietary protocol but as long as its used only when their products are talking to each other, there is nothing substantially wrong. Well ok, what maybe wrong is that they still call it AXFR instead of clearly calling it something like AXFR-BIND9.

let's lay this to rest, shall we? the people who implemented BIND9 read the spec (RFC 1035) and pronounced it "toe-may-toe", whereas the person who implemented "tinydns" read the same spec and pronounced it "toe-mah-toe". the BIND9 interpretation is more strict, and therefore runs afoul of the internet philosophy to "be liberal in what you accept". however, since BIND9 is compatible with BIND8 and BIND4, and with microsoft's DNS, and with virtually every other DNS in the world except for "tinydns", various people put some effort into clarifying RFC 1035. they encountered endless and may i say vitriolic opposition from the "tinydns" author, and in the end, the IETF somewhat spinelessly decided that clarification was "too hard" and so here we are, with incompatible implementors each thinking we're right.

Well, Paul Vixie wrote bind

nope. kevin dunlap and other folks at U C Berkeley wrote BIND originally. all i did was fork the code base at 4.8.3, produce King James BIND, then BIND 4.9 through BIND 8.1, and along the way co-founded ISC with rick adams. also along the way i won the "most cert advisories by a single author" award (which noone has been willing to try to take away from me) and stopped coding. i'm pleased to announce that BIND9 has no code from BIND8 or BIND4 in it, and also no code from me in it. --- oberman@es.net ("Kevin Oberman") writes:

Paul Vixie did NOT write the original BIND. The first BIND version (4.3?) was written by the CSRG at UC Berkeley by Kevin Dunlap who was on loan to CSRG by Digital (who also employed Paul at that time).

no, i was employed by Digital later, long after kevin dunlap had moved on.

When Paul took over support of BIND at about 4.4,

4.8.3.

it was a horrid mess and rapidly moving toward death.

and there were other code forks besides mine. what distinguished my work was that i merged in every change i could understand from every other fork. (that's why i called it King James BIND, for you literary history buffs.)

After some fixes and clean-up of the code, the first real BIND from Paul was 4.8.

4.9.

ISC (including Paul) wrote BIND 8.

john gilmore and bob halley had a LOT to do with the creation of BIND8 btw. (john also taught me to use CVS rather than RCS, to my great betterment, and he wrote some early DNSSEC code, and negotiated a licensing deal between RSADSI and ISC... he's an unsung hero in the BIND revolution.)

BIND 9 was contracted out to Nominum

internet engines. which later became nominum.

and one of the stipulations was that the existing code base could not be used at all and another was that the team that wrote BIND 8 should not work on BIND 9.

actually, bob halley worked on both BIND8 and BIND9.

For that (and other) reason, Paul did not write any of BIND 9.

yea, verily. --- david.conrad@nominum.com (David Conrad) writes:

However, I don't speak authoritatively (pun intended) on BIND.

and yet, for the record, i agree with everything drc said in his note today. -- Paul Vixie

I'm reminded a lot of Michael Jackson here.

I'm reminded of Jim Fleming.

owner-nanog@merit.edu wrote:

...

however, since BIND9 is compatible with BIND8 and BIND4, and with microsoft's DNS, and with virtually every other DNS in the world except for "tinydns",

Err, "compatible" because it detects them and then does the right thing, and uses the traditional protocol.

You know...I'm reminded of something we're all familiar with that came up, oh...lets say 8 years ago. There were some new-fangled devices out there that were capable of communicating over POTS at somewhere close to 56 kbps. It seems to me there were two flavors of them, K-Flex and X2. You might have heard of them. Anyway, if your modem had K-Flex firmware and was trying to connect to something using X2, you couldn't connect anywhere near 56 kbps. And vice-versa. The two technologies were incompatible. And yet, once they detected the incompatability, they were able to renegotiate down to a protocol they had in common, say v.32. Now eventually we came out with the v.90 standard so that everyone could play together nicely. Point is, even before there *was* a 56k standard, all those "incompatible" modems could still communicate, just not using their new proprietary protocols. So, I guess I'm wondering....how is what BIND9 does substantially different than the case I've outlined above? Andrew

On Mon, 11 Apr 2005, william(at)elan.net wrote:

Well ok, what maybe wrong is that they still call it AXFR instead of clearly calling it something like AXFR-BIND9.

Agreed.

In any case BIND folks got properly punished for attempting to do it and as long as they support standard way and inter-operate with other products its fine; and if they think their proprietary way is better for when two bind daemons talk to each other, that is fine too and I accept it.

I'm not sure they got "properly punished". They take some criticism for it now and then. But that doesn't seem to get them to change anything. Issue continues unresolved. Network operators will suffer, sooner or later.

Well, Paul Vixie wrote bind

Err, no. Myth created by personality cult, perhaps: http://www.bind9.net/manual/bind/9.0.0/Bv9ARM.9.html The first working domain name server, called "Jeeves," was written in 1983-84 by Paul Mockapetris for operation on DEC Tops-20 machines located at the University of Southern California's Information Sciences Institute (USC-ISI) and SRI International's Network Information Center (SRI-NIC). A DNS server for Unix machines, the Berkeley Internet Name Domain (BIND) package, was written soon after by a group of graduate students at the University of California at Berkeley under a grant from the US Defense Advanced Research Projects Administration (DARPA). Versions of BIND through 4.8.3 were maintained by the Computer Systems Research Group (CSRG) at UC Berkeley. Douglas Terry, Mark Painter, David Riggle and Songnian Zhou made up the initial BIND project team. After that, additional work on the software package was done by Ralph Campbell. Kevin Dunlap, a Digital Equipment Corporation employee on loan to the CSRG, worked on BIND for 2 years, from 1985 to 1987. Many other people also contributed to BIND development during that time: Doug Kingston, Craig Partridge, Smoot Carl-Mitchell, Mike Muuss, Jim Bloom and Mike Schwartz. BIND maintenance was subsequently handled by Mike Karels and O. Kure.

and he started ISC later to provide more organization to his work and supporting it further, so I really dont see a problem with consdering BIND to be ISC product even if original acronym was more general (though I doubt he could get it trademarked because of all that)..

ISC was formed much later, in 1994, according to the registration. Incidentally, CSRG (and consequently BIND) owes more to OSF than to ISC. CSRG was funded 1/3 each by Dec, HP, and DARPA. In 1990, when DARPA transferred its funding to CMU for Mach development, the OSF picked up the funding gap, and that made BSD 4.4 possible. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000

On Tue, 12 Apr 2005, Jay R. Ashworth wrote:

...

But even if they did purchase the copyright from Berkeley, we are talking about what amounts to packet signatures. Fair use allows one to create interoperable products. [DMCA 1201(f), I think].

You can't "purchase a copyright" to a trademark, Dean.

I didn't say you could "'purchase a copyright' to a trademark". Such a phrase is nonsense. [I am the LPF president for 14 years, I know a bit about trademarks, copyrights, and patents. The LPF is the reason you don't have 'user interface copyrights', and is why you have things such as Zebra and Quagga.] But I should have said 'purchase the trademark', instead. Usually, when one purchases a copyright, one also gets the trademark. One can purchase them separately--Indeed, I just reminded the IETF lawyer of this recently. For example, The Open Group owns the trademark for Unix. Novell claimed never to have transferred ownership of the patents, and SCO owns the copyright.

If someone already *holds* a trademark -- something one gets by *activity of commerce*,

You do not get a trademark merely by activity in commerce. Rather, activity in commerce is a prerequisite to obtaining a right to a trademark. A trademark must be identified as a trademark or registered. And if you haven't used it in commerce, you have no rights to it.

you can purchase a *license* to use it.

Yes, you _can_ purchase a *license*, if a license is offered. But the mark itself can also be sold. Same goes for a copyright. Same goes for patents. -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000

Apologies for interrupting the rehash of the protocol wars, but, as a sometime teacher of trademark law, I must protest. Under US law at least, a trademark can only be sold as part of a larger transfer of assets structured to "include" the "goodwill". Typical examples include: selling the equipment used to make the good; selling the whole subsidiary. To sell just a mark is not usually possible -- it would be the dreaded "assignment in gross" -- which leads to a finding that the mark is no longer protected. (A mark can of course be licensed...but woe to the licensor who does not monitor the quality of the goods licensed.) OK. Back to our regularly scheduled programming. On Tue, 12 Apr 2005, Dean Anderson wrote:

Yes, you _can_ purchase a *license*, if a license is offered. But the mark itself can also be sold. Same goes for a copyright. Same goes for patents.

-- http://www.icannwatch.org Personal Blog: http://www.discourse.net A. Michael Froomkin | Professor of Law | froomkin@law.tm U. Miami School of Law, P.O. Box 248087, Coral Gables, FL 33124 USA +1 (305) 284-4285 | +1 (305) 284-6506 (fax) | http://www.law.tm -->It's cool here.<--

I'd prefer it if you gave an opinion on how this was operationally relevant?

Thanks for the clarification. I agree, it is very unusual to transfer a trademark without transferring the product it identifies. I didn't know it was impossible.

Since you are an expert on the subject, I would like to have your opinion regarding how ISC can claim a trademark on BIND, assuming no transfer ever took place. Or if you think it cannot reasonably make such a claim.

On Mon, 11 Apr 2005, David Conrad wrote:

As far as I know, BINDv9 complies with the AXFR protocol.

Very, very technically, (and only due to the unresolved vagueness in the AXFR RFC), this is true. But it is isn't exactly honest. Every implementation including BIND interpreted the "vague" section the same way, and now BIND9 wants it changed. That isn't a clarification.

Empirically, given BINDv9 interoperates with every DNS server that implements AXFR and IXFR that I'm aware of, it would seem assertions that "BIND9 is not compliant with AXFR standards" is simply pure crap.

"Empirically" is because BIND9 attempts to detect other BIND9 servers, and if it thinks the other server isn't BIND9, then it uses the traditional protocol. So it will work so long as no implementation can fool BIND9 into thinking the other server is BIND9, but then not implement the non-standard protocol. However, if you were to capture the packets between two BIND9 servers, and use that as your guide to reverse engineer AXFR protocol specification (or more practically, just send it to another server verbatim), you will not be able to communicate with other non-BIND9 servers.

There was an attempt to clarify various ambiguities found in the rather loose specification of the AXFR protocol by writing up the issues encountered and a solution to those issues, but that effort sunk in the IETF swamp.

Uhh, not exactly "sunk in the swamp", so much as overwhelming opposition from nearly every implementor who didn't want to alter their implementation. As I said above, and as was pointed out by many on the DNSEXT WG, this isn't a clariification. Its a major change and it was rejected. -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000

On Tue, 12 Apr 2005, Jay R. Ashworth wrote:

On Mon, Apr 11, 2005 at 04:53:26PM -0400, Dean Anderson wrote:

...

"Empirically" is because BIND9 attempts to detect other BIND9 servers, and if it thinks the other server isn't BIND9, then it uses the traditional protocol. So it will work so long as no implementation can fool BIND9 into thinking the other server is BIND9, but then not implement the non-standard protocol.

Well, not to put too fine a point on it, Dean, why in he|| would you want to *do* something that silly? Since the only identifiable reason to pretend to be BIND9 *is to get that protocol modification*, if you can't do that protocol, and you claim to be BIND9 anyway, you seem to deserve what you get.

Because, for the dullards, if one changes the RFC, then BIND9 can remove the detection code and still be RFC compliant. Removing the detection code would mean that non-BIND9 implementations wouldn't work anymore with BIND9. And BIND9 then gets to say that the other implementaions failed because they are non-compliant. A classic microsoft-like "fuck the competition" maneuver. Was that not obvious? --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000