Search Again: Re: BIND 9.2.4 From: Jody McAlister Date: Thursday, November 4, 2004 Time: 8:01:29 pm Chris, I would like a copy of that please. jodymac@iscweb.com On Thursday, November 4, 2004, at 07:48 PM, Men & Mice Support wrote: > At 8:18 PM -0600 11/4/04, Jerry Pasker wrote: >> First, a little background: >> >> I was migrating from QDNS 3.5.3 under Classic to QDNS+BIND (version >> of the day) under OS X. Running an ISP, I used QDNS Pro for zone >> serving (just over a hundred zones), and as a resolving DNS server >> for my dial/broadband customers. (thousands) Having DNS problems for >> me would not only bring my business to a halt, but would cause >> irreparable damage to my reputation as a reliable provider. It's not >> something I care to gamble with. >> >> Not trusting BIND any further than I could throw it, (years of >> experience with my Colo clients having their x86 Linux boxes Ow3d >> from BIND exploits) and being totally spoiled by a DNS server who's >> install was "drag over folder containing application & zone data >> folder, and optionally, move a preference file with it's serial >> number if moving to a new machine" I was hesitant to ever >> upgrade/change since a problem with DNS grinds my entire ISP to a >> halt. After years of putting up with QDNS 3.5.3's spotty stability, >> (a PATHETIC 99.956% up time) I decided the pain of change was less >> than the pain of status quo and decided to go down the path of BIND. >> >> I set up a test server, and let it run for a few days, serving only a >> vanity domain, and resolving only for my laptop as it's sole client. >> It was painfully slow doing lookups, but after the initially lookup >> would fail, or maybe succeed with a time of a few thousand >> milliseconds, re querying it would be a success, and it would be >> rather quick. (3-50ms) Digging, nslookup, or any type of host >> resolving would yeild the same results. >> >> Within a day of figuring this out, the posts started hitting the >> mailing list about all the unixy foo-foo that can be done to "fix" >> these problems. Lots of talk of "-4 options" (that would brake BIND) >> and then of compiling (beta) versions of BIND that used this >> "undocumented flag" These weren't fixes that inspired any sort of >> confidence, what so ever. I'm a Mac guy because I want tools that >> solve problems, not create them. That's why I based my ISP on on >> Macs when I started it 8 years ago. If I wanted to compile things, I >> would have chosen Linux years ago. >> >> Anyway.... >> >> I decided to migrate another test machine a few days ago, and I >> discovered a file in the /pub/quickdns directory on >> ftp.menandmice.com, called named.macosx.noipv6.gz. > > That was built for a customer by one of our staff. > >> The info on the FTP server shows it dated Friday October 29th, 2004. >> I gunzipped it, to find a single file, named. With all the talk of >> compiling (I'm a Mac guy, remember? I *DON'T* compile my software) >> I killed named, replaced my named (version 9.2.3) with this file, did >> a sudo chmod 755, rebooted and did a named -v and it returned BIND >> 9.2.4. > > It's 9.2.4 for Mac OS X with IPv6 support disabled. The list member > for whom it was compiled reported spotty results. > >> My lookups are now as fast as I'd expect. Everything worked so well, >> in fact, that I migrated all my DNS servers last night. It all >> tested out perfectly. I haven't heard a single complaint from my >> customer support department. Doing some research, I couldn't find >> any real information about BIND 9.2.4, including security holes (no >> news is good news, right?). If I shouldn't be using that file, I >> would appreciate a reply. >> >> This brings up a few questions: >> 1) Where did that file come from? I'm sure it was put there for a >> reason, so I used it. > > It was put there for testing by a customer who requested it. That > customer has since been given another version, 9.3.0, with the vanilla > compile options. He's now using it with the -4 option. > >> 2) If it appeared there on October 29th, it would appear that Men >> and Mice has an official solution to this OS X BIND problem. >> 2a) Why wasn't this mentioned to the list as something to try? > > See above. > >> 3) If it's just as simple as replacing named with a new named file >> downloaded from menandmice's ftp server, why is there so much talk of >> compiling BIND 9.3.0? > > Because we're not confident that this will solve the problem either. > We're putting out this information for the benefit of those users who > want to try it. > > If anyone else wants the 9.3.0 version compiled for Mac OS X 10.3, > contact me off-list. I'm also happy to compile for you with IPv6 > support disabled, so that (in theory) the -4 option should not be > necessary. > >> 4) If it really is just that simple, why isn't there a simple disk >> image with an installer that goes and replaces named with the new >> named? > > We'll consider doing that when we have a verified solution. Of course, > Apple may fix the network support in the kernel first, rendering an > update to the DNS service unnecessary. > > Chris Buxton > Men & Mice - Making DNS Easy > Customer Service and Sales Engineer >

Messages In This Thread: BIND 9.2.4 by Jerry Pasker on Nov 4, 2004 at 6:23:22 pm Re: BIND 9.2.4 by Scott Haneda on Nov 4, 2004 at 6:50:59 pm Re: BIND 9.2.4 by Men & Mice Support on Nov 4, 2004 at 7:50:33 pm Re: BIND 9.2.4 by Jody McAlister on Nov 4, 2004 at 8:01:29 pm Re: BIND 9.2.4 by John May on Nov 4, 2004 at 8:06:17 pm Re: BIND 9.2.4 by Men & Mice Support on Nov 4, 2004 at 9:21:17 pm Re: BIND 9.2.4 by ITG Lists on Nov 5, 2004 at 4:21:24 am Re: BIND 9.2.4 by Men & Mice Support on Nov 5, 2004 at 11:28:49 am