Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
studpenguin, Dan is a real loud-mouth, but he who screams loudest doesn't necessarily know the most. There are several areas where DJBDNS fails, one of which is the bizarre and restrictive license, another is that none of DJB's stuff supports IPv6, and he has been outspoken about not supporting IPv6. I would do a lot more research before convincing myself that DJB is a god and his DNS rules all.
Originally posted by markus1982 Well Bernstein has clearly stated that he will ONLY IMPLEMENT THE THINGS HE LIKEs - so this is about to break standards...
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Quote:
Originally posted by studpenguin What standards are those?
It's his own freakin' software!!!!
/boggle
You really don't know what you're talking about, do you? DNS standards. There is a DNS standard for IPv6, but he won't implement it. There are other things he doesn't do, either (check Qmail for some of the other examples) but IPv6 is the major one. Yes he writes the software and he can make it do whatever he wants, but it's software that implements standard services, and those services are expected to behave in certain ways and have certain features, a fact that DJB seems to conveniently ignore.
Like I wrote in the other thread, maybe we shouldn't be following the herd of "standards"
I had thought I wrote that IPv6 would involve
340,282,856,360,466,376,620,684,388,469,930,214,496 different numbers
IPv4 would only involve only 4,294,967,296 and could be further expanded to meet the needs of growing numbers of computers and servers with CIDR notation Classless addresses.
Why make the world more complicated than it already is?
Last edited by studpenguin; 02-02-2004 at 11:31 AM.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Why is IPv6 a good thing? Well for starters, the real benefit of CIDR is route aggregation to shrink the global routing tables. IPv6 doesn't change that, despite having more IPs (you can just aggregate bigger blocks, no difference to the routing table as far as number of entries). Also, NAT is a fairly necessary hack in order to leave a comfortable amount of IPv4 addresses to assign. NAT has the rather unfortunate effect of making IPSec frustrating and some times impossible to implement. With IPv6, you can use a lot more "real" IPs rather than NAT'ing, which makes it much more IPSec-friendly. Oh, speaking of IPSec, it's built into IPv6 rather than an extension like it is for IPv4.
Just think if your broadband ISP could no longer give you the BS of needing to pay for extra static IPs. Everyone could have 5 or 10 static IPs on IPv6 and there would be no noticable impact.
Really, all this information can be found on Google and in many mailing list archives. I would suggest that you start reading other material besides just the rantings of DJB. Anyone looks like a genius when no one is around to refute their points. If you start reading what other people have written, you'll soon see that many people do not agree with DJB's point of view.
Dan Bernstein is a security nut. Now that isn't a bad thing. Qmail is wonderful though it does need a few patches in order to be up to todays MTA standards.
I use DJB's daemon tools and Qmail. And I love the way both of them work. I also think it is just fine for him to release the software the way he does, because after all, it is his software. But I also think that if/when IPv6 becomes the standard most people go by djbdns is going to do one of two things a) implement IPv6, or b) become fairly useless.
Originally posted by jtshaw I am sorry, I thought he was using djbdns, but he apparently is using TinyDNS these days.
DnsCache and TinyDns are two of the packages (among others: daemontools) that MakeUp DJBDNS as a whole.
studpenguin you said:
Quote:
Does anyone know of a good web hosting company that uses DBJDNS?
I don't understand what your getting at here? Please explain.
Have you thought about joing the djbdns mailing list. If your serious about djbdns then I would seriously consider joing that list. I did and it helped tremendously. You'll get the best answers to your questions from very experienced friendly users.
Not to attract any Troll's but I think the djbdns package rocks. I use dnscache internally that all clients point too for dns lookups. I've set the cache to be at 4megs. I use tinydns internally to serve up internal namespace. So I can connect to anything by dnsname internally.... web, ftp, mail, ect. ect..
I don't have to depend on the ISP's dns servers and setting up the TinyDns content server was tooooo easy. Compaired to Bind that is. And I'm not a Bind basher. I just found Bind to be way to complicated.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.