Review request: DNS server implementation

simo idra at samba.org
Thu Oct 14 05:46:41 MDT 2010


On Thu, 2010-10-14 at 16:47 +1100, tridge at samba.org wrote:
> Hi Simo,
> 
>  > Although having an option in named would be nice, the env variable
>  > approach is not too terrible. But it would be nice, yes.
> 
> This is one of the things that bit Nadya at the AD plugfest. She
> thought she'd debug bind using gdb, but didn't know that she needed to
> do ". /etc/default/bind" before starting gdb. The resulting errors
> were not helpful :-)

Not really a bind fault ...

>  > Looks like a Ubuntu security policy bug. Bind has had kerberos support
>  > for a while, so they should test the configuration and fix the policy
>  > accordingly.
> 
> yep. Now multiply this by the number of Linux distros and versions of
> distros out there :-)

I can assure you it works on Fedora/RHEL with SELinux :-)

> I should make it clear again that I fully intend to keep going on our
> bind9 support. Many larger sites are too tied to bind for us not to
> support it I think. I'd just like a reliable, easy to configure
> alternative that is testable in the build farm. I'm hoping Kai's work
> might give us that!

My fear is that will make bind a second class citizen to the point it
will not work properly, plus we will have yet another daemon to care
about, security issues, bugs, etc... the whole package.
But as long as it is a compile option I guess I can't complain.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>



More information about the samba-technical mailing list