Symlinks

Rik fbsdusers at rikrose.net
Tue Feb 12 11:10:12 GMT 2002 

On Tue, Feb 12, 2002 at 10:19:49AM +0000, Paul Civati wrote:
> fbsdusers at rikrose.net wrote:
> > <rant>
> > Once upon a time, I decided BIND was crap. I'm sorry, but that's what I
> > think. I've helped run a few machines, and all of the breakins but one
> > were through BIND.
> 
> Minus points for the sysadmins not keeping their applications up to
> date. 

True, though in my defense, one of the three was broken into before I
arrived at thæt company, and at least one of the others two was broken
into before the security announcement.

> Even the most well written pieces of software will become a
> security risk if you do not follow the release announcements and
> ensure your systems are up to date.

This is why I'm subscribed to freebsd-security-announce (amongst
others), and why I make an assessment before I install software too.
 
> I've only run smallish named's (v8), so I've not seen huge amounts of
> memory used, or memory leaks, or this requirement for restarts.  In
> fact I've found v8 to be reasonably good.  Maybe things get flakey
> when your named gets big?

Maybe. These were holding maybe 20 machines, and upto 4 zones though. I
found out about it when I got an email on the local system saying "Did
you know BIND was up to 48 meg used and has stopped responding to
queries?".
 
> >   djbdns - It's written by DJB. We all know about DJB, and that he likes
> >   /service and various other nonstandard things, and that this annoys a
> >   lot of people. I'm not one of them.
> 
> Apart from the following djbware rant. ;)

/service doesn't annoy me. That's what I meant. Admittedly, if I'd
designed it (see TODO at end or original e-mail), it would be
/usr/local/monitored or similar, but I don't foam at the mouth at the
very mention of /service, unlike some people I IRC with.
 
> [..snip rant..]  You've just convinced me never to try a piece of
> djbware again,

That wasn't the point of my rant, unfortunately. This is the very
problem with DJB. His software does work. In the case of qmail, it needs
patching a little[1], but my rant was about publicfile being a
not-so-pleasant FTP server.

> when I last played with qmail one of my big gripes
> was the poor documentation, scattered amongst many different files.

And the binaries in /var? Have you seen www.lifewithoutqmail.org ?
 
> But this documentation policy you mention is just insane for anyone
> wanting to run well maintained systems.

It's not condusive, but it's possible. A good sysadmin reads the
announcements and documentation, remember? :)
 
> > I went with djbdns. It works.
> 
> Obviously, like a hole in the head is good for your brains leaking out.

Being fair, a hole in the head *does* let your brains leak out. djbdns
does actually work, and it works well, and it fills my criteria (I never
said I knew enough about DNS to be *sure* it works well, but it seems to
from what I can tell). It's publicfile that annoys me.

rik

[1] Best said with a paste:
rik at cleese:/usr/ports/mail/qmail% grep -i patch Makefile | wc -l
      52

-- 
PGP Key: D2729A3F - Keyserver: wwwkeys.uk.pgp.net - rich at rdrose dot org
Key fingerprint = 5EB1 4C63 9FAD D87B 854C  3DED 1408 ED77 D272 9A3F
Public key also encoded with outguess on http://rikrose.net

More information about the Ukfreebsd mailing list