|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: dnscache [was Re: Protocol error with Hotmail server]
From: Bennett Todd (bet
rahul.net)Date: Fri Jun 09 2000 - 13:23:57 CDT
- Next message: Scott R. Every: "Re: [Mailman-Users] please help URGENT"
- Previous message: Liviu Daia: "Re: ANNOUNCE: perl extensions for postfix"
- In reply to: Rask Ingemann Lambertsen: "Re: Protocol error with Hotmail server"
- Next in thread: Rask Ingemann Lambertsen: "Re: dnscache"
- Reply: Bennett Todd: "dnscache [was Re: Protocol error with Hotmail server]"
- Reply: Rask Ingemann Lambertsen: "Re: dnscache"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
(Note: this is off-topic for the postfix list, but I just wanted to
correct a misunderstanding here).
2000-06-09-05:31:14 Rask Ingemann Lambertsen:
> No way. I noticed the bit in "fine print" where it says it
> doesn't support TCP. Even if qmail was the only piece of software
> performing DNS lookups on the whole Internet, I wouldn't find that
> acceptable. At least this time, Dan documents the defect. I was
> appalled to find a mail server that doesn't support DNS, and now
> there's a DNS server that doesn't support DNS. Please forgive me
> for not finding this a brilliant idea.
Whoa there. I believe you're confusing some separate issues.
Dnscache is a recursive resolver, intended to be listed in
/etc/resolv.conf's "nameserver" entry. Works terrific for that role,
and supports normal DNS queries via TCP just fine. It imposes
restrictions; that's why it was written. It will only return
authoritative data from authoritative servers, who were found via
chain of delegations from authoritative servers starting from the
configured-in roots. That's a security model; that's why it was
written; it prevents many of the cache-poisoning style attacks on
the current insecure DNS structure on the internet.
tinydns does authoritative nameserving only; it does not do
recursive nameserving. The only things that should ever end up
asking tinydns for the time of day recursive nameservers, ones that
might be listed in /etc/resolv.conf, like dnscache or bind. A
tinydns would not be an appropriate server to list in
/etc/resolv.conf. Tinydns works fine in that role, interoperating
properly with every recursive nameserver I know of, and supporting
all the standards needed to do so.
Neither dnscache nor tinydns support zone xfers, which djb
regards as a really blecherous hack and a horrible way to support
replication in the distributed DNS database. As a compatibility
shim, djb has provided axfrdns and axfr-get, server and client
respectively, which run under the control of his ucspi-tcp helpers
and provide zone xfer support over tcp. This suffices to provide
zone xfer interoperability with BIND, which is handy for conversion
and for supporting mixed environments.
Now, what exactly is the interoperability problem that djb's
nameserver suffers from that has you up in arms?
-Bennett
- application/pgp-signature attachment: stored
- Next message: Scott R. Every: "Re: [Mailman-Users] please help URGENT"
- Previous message: Liviu Daia: "Re: ANNOUNCE: perl extensions for postfix"
- In reply to: Rask Ingemann Lambertsen: "Re: Protocol error with Hotmail server"
- Next in thread: Rask Ingemann Lambertsen: "Re: dnscache"
- Reply: Bennett Todd: "dnscache [was Re: Protocol error with Hotmail server]"
- Reply: Rask Ingemann Lambertsen: "Re: dnscache"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]