fbsdusers at fbsdusers at
Tue Feb 12 04:07:04 GMT 2002

On Sun, Feb 10, 2002 at 06:50:53PM +0000, Ceri Storey wrote:
> On Sun, Feb 10, 2002 at 12:00:18AM +0000, Rik wrote:
> > An example of an ftp to *not* use is DJB's publicfile.  I have a whole
> > rant about it, which I will send out, if people want.
> I'd certainly like to hear this. (Assuming i've not heard the whole
> story...)

Sit ye round, and look enthisiastic. Here floweth the diatribe:

Once upon a time, I decided BIND was crap. I'm sorry, but that's what I
think. I've helped run a few machines, and all of the breakins but one
were through BIND. The other was through wu-ftpd, in case anyone in
interested. Guess why I recommend you don't use that :)

So, I looked at my options: 
  BIND - Not exactly a great record, but acknowledged that does mean
  it's been reasonably well reviewed recently. It does, however take a
  lot of memory, and leaks it too, and crashes, and requires restarting.

  MaraDNS - THE SECURE CHOICE! ... And the day it had a major release,
  there were something like 4 entries on freshmeat with "Major Security
  Updates!". That inspired so much confidence.

  djbdns - It's written by DJB. We all know about DJB, and that he likes
  /service and various other nonstandard things, and that this annoys a
  lot of people. I'm not one of them.

I checked out djbdns. It chroots stuff, it runs as its own user for each
sub-service, and runs chrooted, where nothing can do any damage if it
goes wrong. It also takes very little memory. This is a good thing. It
also is supervised, so that if it dies, it's automagically restarted.
This is good too.

I went with djbdns. It works.

Alas, DJB strikes back. He doesn't distribute man pages or any form of
documentation with djbdns (obviously DOCUMENTASHION SI NOT SECUAR
ENUFF!1!?!>). It is, however, on his server, but to encourage you to
upgrade, only the most recent version is on the server.

Obviously, I need to go retrieve all the documentation for djbdns and
daemontools. Now, publicfile works as an HTTP server. It even seems to
work enough to be usable. It is, however also an FTP server, which is
far better (or so I thought) for retrieving a bunch of files. Just ftp
in, mget the lot.

Ha, but GLOBBING SI NTO SECUAR TWO!1?!! Processing user input would be
hard, so he's not done it. No globbing. Okay, so mget doesn't work. I'll
get the files by hand.

Login, cd pub, cd daem<tab>. Oh, of course. No globbing, to tab
completion won't work. Okay, I should have known that. Okay, cd in
manually, but since I'm getting mildly peeved (or more likely,something
interesting happening on TV. Hey I can touch type accurately enough when
tab completion works.) by now, I make a typo. I'll paste what happens.

rik at cleese:~% ftp
ftp> open
Connected to
220 Features: a p .
Name ( anonymous
230 Hi. No need to log in; I'm an anonymous ftp server.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd daemontoold
250 "/daemontoold" 
ftp> ls
227 =131,193,178,181,160,31
550 Sorry, I can't open that file: file does not exist.

I kid you not. If you CD to a directory that doesn't exist, it *DOES*
*NOT* *FAIL* until you try to do something else. What the *hell* is he

Okay, so I do a "cd ..". Another paste.

ftp> cd ..
250 "/daemontoold/.." 
ftp> ls
227 =131,193,178,181,160,92
550 Sorry, I can't open that file: file does not exist.

At this point, I started to question his sanity. Fortunately, cdup

I got to the daemontools directory. I type "ls", and I get back the
info. In RFC-compliant output. Here's an example:

+i0.105743,m951789708,r,s887,   envuidgid.html
+i0.432132,m994734981,/,        faq
+i0.485836,m994870287,/,        old
+i0.105750,m951789708,r,s1596,  tai64n.html
+i0.105748,m952207439,r,s1676,  tai64nlocal.html
+i0.105744,m994709585,r,s541,   fghack.html
+i0.105751,m994957185,r,s1005,  install.html
+i0.105754,m951789708,r,s585,   svok.html

You'll notice 2 things. Firstly, the output style. RFC-compliant, but
it's the only time I've ever seen it used. Secondly, it's not sorted at
all. It's in the order it comes off the disk. Note that "ls d*" won't
work to find the daemontools package, because of the lack of globbing.


Okay, so I decide to use mozilla instead, so I can get to the directory,
and pointy-clicky the files. That'll be more easy. Yeah. Except he's
broken that somehow. As a command, port works, but something else breaks
mozilla, or any other graphical client. Even can't cope.


Okay, so I have to do this by hand. I have to work out some way of
scripting it easily, and I hae to do it myself, because the guy has
broken everything most people have taken for granted, except for ls and

Enter zsh. I kid you not, I resorted to using zsh's zftp client. Why?
Client side globbing.

zmodload zftp
zftp open anonymous foo at 
zftp cd daemontools
for file in `zftp ls`; do
  zftp get $file > $file
zftp close

That whole fun adventure lasted half an hour. Still, I have the
documentation now, and I know also know zsh a bit better. The moral of
the story? Someone needs to write a good DNS server, but that this is a
hard problem, since the only person that seems to have accomplished it
likes to do weird things. This may also give us a surprisingly good
insight in to the DNS protocols.

I'm going to do a clean-room implementation of a DNS server (well, set
of servers, really), in the same style as djbdns, but with a better
interface, and a more understandable config file (DJB's config files are
not the easiest in the world. You can learn them, but they're not fun).
I don't know when, but I'm going to, just so people don't need to cope
with publicfile, and other DJB quirks. I have other projects to do first.

PGP Key: D2729A3F - Keyserver: - rich at rdrose dot org
Key fingerprint = 5EB1 4C63 9FAD D87B 854C  3DED 1408 ED77 D272 9A3F
Public key also encoded with outguess on

More information about the Ukfreebsd mailing list