djbdns is abandonware
|
| Author | Content |
|---|---|
| tuxchick May 07, 2007 6:56 AM EDT |
I totally love any alternative to the bloaty, ridiculously-complex BIND, and used to deploy djbdns a lot. But there haven't been any updates in years, and DJB's silly re-distribution policy (patches may be distributed, but not modified code or binaries) assures that it will orphaned. There are a lot of nice BIND alternatives that are secure and well-maintained. MaraDNS and Dnsmasq are my two current faves. I use Dnsmasq everywhere now for a local caching resolver and LAN name services. |
| pat May 07, 2007 9:57 AM EDT |
Tuxchick, have the DNS specs changed in recent years? Just because the author has made the choice to decide what you can and cannot do with the source does not mean it is bad or "abandonware". I think your comment is pure FUD. |
| dthacker May 07, 2007 10:23 AM EDT |
Pat, Having been stuck with more than one abandoned utility in the last 15 years, I agree with TC. DT |
| tuxchick May 07, 2007 10:28 AM EDT |
You don't even know what FUD means. Try learning the difference between FUD, propaganda, and errors of fact. Check out the download site: http://cr.yp.to/djbdns/djbdns-1.05.tar.gz Are you claiming that this six-year old software is so perfect it doesn't need bug or security fixes, let alone updates and improvements? Back in the day, it was the only alternative to BIND. It was secure, efficient, and could handle a lot bigger loads than BIND. But that was then. You're welcome to trust your name services to antique, unmaintained, non-free software. I prefer the other options that have since become available. |
| pat May 07, 2007 10:52 AM EDT |
So, are you saying you made an error of fact? Fear: DJBDNS is abandonware Uncertainty: Hasn't been updated in years Doubt: DJB's silly re-distribution policy (patches may be distributed, but not modified code or binaries) assures that it will orphaned. FUD Tuxchick. The fact is this software is stable and secure. Just because you prefer other software is no reason criticize this one. To make my point more clear, I really don't like your negativity. |
| jimf May 07, 2007 11:08 AM EDT |
> I really don't like your negativity. Is that true, or do you 'really' not like that she made a good point? |
| jdixon May 07, 2007 11:17 AM EDT |
Pat: You might have more creditability if you actually demonstrated that TC was wrong about any of her points. Merely stating that she's wrong doesn't cut it. 1) DJBDNS is abandonware. How long has it been since DJBDNS was updated? TC claims six years. Since you don't contradict her, I guess we can assume that's accurate. That looks like abandonware to me. 2) Hasn't been updated in years. The last time I looked, six years counted as years. 3) DJB's silly re-distribution policy ... assures that it will orphaned. This is admittedly opinion, but you've failed to offer any evidence that it's incorrect, while the preponderance of historical evidence indicates that she's probably right. When choosing between a non-free, non-maintained piece of software and an free, maintained equivalent, guess which one I'm going to choose. |
| pat May 07, 2007 11:19 AM EDT |
She can say whatever she wants. Did she make a good point? No, she made a false point. I believe I made it clear that I think tuxchick is spreading FUD or has she calls it "errors of fact" and she is unfairly being negative towards a positive article. |
| jdixon May 07, 2007 11:23 AM EDT |
> I believe I made it clear that I think tuxchick is spreading FUD... Yes, you've made that quite clear. What you haven't done is given anyone a reason to agree with you. That's your prerogative, and on rare occasions I've done the same, but it does seem rather pointless. Added: It seems to me that a simple, yes your points are valid, but in spite of those flaws DJBDNS is still stable, secure, and best of breed software would be a far more effective position. |
| jimf May 07, 2007 11:33 AM EDT |
> No, she made a false point. And your argument is that your word is better than hers? I don't think anyone is buying that. > I made it clear that I think tuxchick is spreading FUD Yes you did pat, and now you better prove it. It's a serious thing to sling accusations of FUD at someone just cause you don't like what they're saying. |
| pat May 07, 2007 11:34 AM EDT |
Jdixon: I believe I did when I asked if the DNS specs have changed. The fact is they haven't, and by spreading the myth that djbdns is abandonware, she does a great dis-service to the fine people on the djbdns mailing list and to all those on http://www.tinydns.org who help support the software. About #3. Anyone is welcome to make a patch for the software and last thing I remember patches where a recommended way to update source with features it may be missing. Not being able to distribute patched source and/or binaries makes sure that you are getting clean original software and not the mess that some of the pre-packaged software has become (do you hear me Ubuntu and vmware-player). |
| pat May 07, 2007 11:49 AM EDT |
jimf: Yes you did pat, and now you better prove it. It's a serious thing to sling accusations of FUD at someone just cause you don't like what they're saying. And where is tuxchick's proof? Tuxchick obviously didn't bother checking out the mailing list nor search for any of the other support sites. So, is TeX abandonware too? "Since version 3, TeX has used an idiosyncratic version numbering system, where updates have been indicated by adding an extra digit at the end of the decimal, so that the version number asymptotically approaches π. This is a reflection of the fact that TeX is now very stable, and only minor updates are anticipated. The current version of TeX is 3.141592; it was last updated in December 2002." |
| jdixon May 07, 2007 11:57 AM EDT |
> ...she does a great dis-service to the fine people on the djbdns mailing list and to all those on [HYPERLINK@www.tinydns.org] who help support the software. They're not DJB, and AFAIK, he has not authorized their patches, authorized them as maintainers, or allowed access to those patches from his site. I have no doubt they do good work, but that does not refute the claim that DJBDNS is abandonware. > Not being able to distribute patched source and/or binaries makes sure that you are getting clean original software and not the mess that some of the pre-packaged software has become (do you hear me Ubuntu and vmware-player). Ubuntu I may be willing to grant. Do you have the source for VMware Player? If not, how do you know? Nonetheless, as I stated above, the historical evidence is that a free license works better than the license DJBDNS uses. Given that, you'll have to prove otherwise to get me to agree with you. It's a compliment to DJB's programming ability that he has two programs which prompt people to make that claim: DJBDNS and qmail. |
| pat May 07, 2007 12:07 PM EDT |
jdixon: They're not DJB, and AFAIK, he has not authorized their patches, authorized them as maintainers, or allowed access to those patches from his site. I have no doubt they do good work, but that does not refute the claim that DJBDNS is abandonware. http://cr.yp.to/softwarelaw.html "Once you've legally downloaded a program, you can compile it. You can run it. You can modify it. You can distribute your patches for other people to use. If you think you need a license from the copyright holder, you've been bamboozled by Microsoft. As long as you're not distributing the software, you have nothing to worry about." http://cr.yp.to/distributors.html "You hypocrites distributed Netscape Navigator for years without even being able to see the source code. And now you're lying to your users, telling them that I am not allowing you to incorporate my software into your system. Have you no shame?" jdixon: "Ubuntu I may be willing to grant. Do you have the source for VMware Player? If not, how do you know? Nonetheless, as I stated above, the historical evidence is that a free license works better than the license DJBDNS uses. Given that, you'll have to prove otherwise to get me to agree with you. It's a compliment to DJB's programming ability that he has two programs which prompt people to make that claim: DJBDNS and qmail." The only fights I've ever seen with using djbdns or qmail were between those who agree with djb and those who didn't read or understand what he had to say. I hope tuxchick follows those links and maybe that will clarify why I said her comment was FUD. |
| bigg May 07, 2007 12:08 PM EDT |
> So, is TeX abandonware too? No. You are free to write your own version, modify the existing version, or whatever you want. There is also LaTeX. TeX may not need to be updated, but it could be if there was a reason. You can do what you want with it as long as it's not called TeX (which is not unusual). |
| tuxchick May 07, 2007 12:19 PM EDT |
I have an 'ignore trolls' policy, so this is for readers who prefer actual information. djbdns does not natively support AAAA/A6 (IPv6) records, SRV, NAPTR, or RP (responsible person) records, or any number of the newer-style records. (Here is a nice page listing a lot of them http://www.ietf.org/IESG/Implementations/RFC1886-Implementat...) You can find patches for these from various sites around the Web, and then you can explain why you think patches that are subject only to random user review, and not reviewed by DJB or anyone else with standing or credibility, from random authors are acceptable. I was already uncomfortable with djbdns because of its reliance on daemontools, which also has not been updated since 2001. I could overlook daemontool's quirks, such as its non-standard filesystem structure. It creates a bunch of new top-level directories with no regard for any standard Linux filesystem conventions. But unmaintained code, especially for something as sensitive as name services? Not for me, thank you very much. It's a shame, because dnscache and tinydns were awesome in their day, and should have spurred a DNS server revolution. |
| jimf May 07, 2007 12:22 PM EDT |
> So, is TeX abandonware too? No, TeX is public domain (i.e. free) software. The source is not locked, and it has been worked on and adapted to current needs. see: http://en.wikipedia.org/wiki/TeX#License . Not like the distribution issues with DJB's. DJB may be supported in the short term, but really, how maintainable is an app with that kind of restriction? Sooner or later, it just isn't feasible. |
| pat May 07, 2007 12:42 PM EDT |
Tuxchick: Trolls usually don't use there real name to post. Nice ad hominem attack. BTW, the djbdns libraries are public domain also. I don't really care about the other records and it is trivial to generate the necessary lines in the tinydns data file anyway, so that makes it really a non-issue. Feel free to use them to write your own software. How you install daemontools is up to you. The configuration can be changed before you compile. I think the daemontools-installer source package in Debian is a good example of what you can do. |
| rht May 07, 2007 1:36 PM EDT |
This looks like a good flamefest so I think I will jump in. I *never* use anything authored by djb because of his cavalier disregard for standards that he doesn't agree with or finds inconvenient. Further, his malevolent dictatorship style of project leadership ensures that even when he does have a good idea it will never receive the argy-bargy, cut-and-thrust, input that is characteristic of true guru contribution to development. Apart from that, I thought TC's points were well made. |
| pat May 07, 2007 1:41 PM EDT |
RHT: It's catching: Subject: Re: PATCH: Zero-length MX records and reject_unknown_sender_domain From: wietse () porcupine ! org (Wietse Venema) Date: 2006-12-28 1:09:35 Message-ID: 20061228010935.6731DBC0A9 () spike ! porcupine ! org Todd A. Green: > Wietse Venema wrote: > >> Perhaps surprisingly, the MX result syntax check happens only when > >> the DNS lookup client actually asks for a result. > > Thank you Wietse. After patching I'm getting: > > 550 4.1.8 : Sender address rejected: Domain not found > > Given we did get a record back, could the error message be "Domain does > not handle email" or "Domain has Null MX record" or anything that would > let us differentiate null MX records in our logs from those who don't > have A/MX records? Fsck off. Wietse > Thanks again for the quick fix, > Todd > > |
| jdixon May 07, 2007 1:50 PM EDT |
> "Once you've legally downloaded a program, you can compile it. You can run it. You can modify it. You can distribute your patches for other people to use. If you think you need a license from the copyright holder, you've been bamboozled by Microsoft. As long as you're not distributing the software, you have nothing to worry about." Which has absolutely nothing to do with anything I said. I said, effectively, that support by unauthorized third parties does not mean a program isn't abandonware. > The only fights I've ever seen with using djbdns or qmail were between those who agree with djb and those who didn't read or understand what he had to say. Which also has nothing to do with anything I said, though I agree that a number of people don't agree with DJB. Whether that's because they don't understand him or not is for the reader to decide. So far, you've still done nothing to refute any of TC arguments. For the record, I'm willing to accept that DJBDNS is well written, stable, and secure software. I'm not willing to accept that it's currently supported or that it's the best choice to use in light of the available alternatives. |
| dinotrac May 07, 2007 1:57 PM EDT |
"Once you've legally downloaded a program, you can compile it. You can run it. You can modify it. You can distribute your patches for other people to use. If you think you need a license from the copyright holder, you've been bamboozled by Microsoft. As long as you're not distributing the software, you have nothing to worry about." It also has nothing to do with the law in the United States, now matter what the author says. Licenses are, indeed, enforceable because the control the terms under which you are allowed to use a piece of software. The weasel words are "legally downloaded". To legally download something, you must download it in accord with the rights granted by the copyright holder, unless, of course, that software is in the public domain. Linking to crap sites giving bad information is not a good way to support your credibility. |
| pat May 07, 2007 2:04 PM EDT |
Dinotrac: So are you saying that the copyright holder is wrong to tell you that if you downloaded the software legally, because he said you could, that what he says doesn't apply because you think he is giving you bad information? Did you actually read the link? Do you know that what he is giving you is not a license, but the freedom to download and use the software he wrote? Do you really think that if I buy a car, I can't do what I want with it? Why would software be any different? |
| bigg May 07, 2007 2:09 PM EDT |
> Do you really think that if I buy a car, I can't do what I want with it? Why would software be any different? LOL |
| hkwint May 07, 2007 2:16 PM EDT |
From WP:Quoting: There is an as-yet-unclaimed $500 prize (see External Links, below) for the first person to find a privilege escalation security hole in djbdns. From BSDFreaks.nl: Quoting:Deze dns server heeft tot op heden dag nog geen één security lek gehad dit in tegenstelling tot BIND die er veel heeft gehad[("This DNS-server didn't have any security breach till today, in contrast to BIND, which had many") From the OpenBSD FAQ: Quoting:Why isn't qmail or djbdns included? License, or lack of: the inability to distribute a modified version of this software keeps it from being considered So, to me it looks like djbdns is not proven to be insecure, but other developers than Bernstein are a bit afraid to co-develop djbdns and help to make it more secure because of copyright issues, simply because it isn't GPL and it's author is too recalcitrant to make it GPL. I found a djbdns-site which was lastly updated in 2006, and a patch for djbdns released in 2006. To me, the fact that several djbdns-websites are still online even 6 years after the last release shows it's not abandonware. The fact that djbdns.org doesn't exist anymore has another reason. Bug fixes don't have to do anything with security; apart from showing the program had its errors before the fixes. Look at the number of XP security fixes, and it's still not that secure. OpenBSD only fixed two remote flaws in about 10 years, which in the same reasoning could make OpenBSD look insecure, and if somebody didn't knew OpenBSD, could be used to show 'OpenBSD dev's don't give %^&* about remote holes'. The fact that 'djbdns' didn't have any (big) changes the last five years, in fact shows the current implementation / configuration / source code is tested in real life for six years, without big security issues showing up on the net. Can't say that about DNSMasq! To conclude, I'm still not sure, but I'll give djbdns the benefit of the doubt, and wouldn't be afraid to use it as my DNS-caching server. Please note, if djbdns was really that insecure, the OpenBSD team would have given a different reason for not supporting djbdns than 'licensing issues'. (Please don't mind mentioning OpenBSD more than once - since I don't know that much about security I choose to trust them) |
| dinotrac May 07, 2007 2:51 PM EDT |
>Dinotrac: So are you saying that the copyright holder is wrong to tell you that if you downloaded the software legally, because he said you could, that what he says doesn't apply because you think he is giving you bad information? Out of curiosity -- Is English a second language for you? I ask because you seem to be having a lot of trouble with it. I'm not sure how to make any clearer that, for material covered by copyright, your rights are limited to those granted by the copyright holder, with specific exceptions granted by law, known as fair use. However, thats' because English is my first (and, mostly, only) language. I may just be unaware of something odd in it's constructs. |
| pat May 07, 2007 3:25 PM EDT |
I think I was perfectly clear, dinotrac. You need to re-read what you wrote and then you will realize exactly why I constructed the sentence in a stream of conscious fashion. But I can make it clearer for you. You claimed that the software download was governed by the rights granted to you by the copy right holder, which is correct. You then said that "linking to crap sites giving bad information is not a good way to support my credibility", which is wrong. It is not a crap site with bad information. He is correct for many reasons. That crap site, why it is non-other than the site of the software author. It is he who is telling me that it is ok for me to download, patch and distribute software patches to my hearts content. How can I be any clearer? hkwint: Your bsdfreak.nl quote doesn't seem to be about djbdns, but it is hard to tell since no link was provided and the quote doesn't actually mention it by name. |
| dinotrac May 07, 2007 4:07 PM EDT |
pat - I claimed nothing. I stated the facts as they are. You are free to ignore reality to your heart's content. The software author is free to grant you all the rights he wishes to the software for which he holds the copyright. To the extent that he puts idiotic tripe on the site, it is a crap site. |
| jdixon May 07, 2007 4:54 PM EDT |
> Please note, if djbdns was really that insecure... Neither I nor TC have even insinuated that it's insecure. She's stated, and I've agreed, that it's abandonware. As I've noted above, support by third parties does not remove something from the abandonware category. > You then said that linking to crap sites giving bad information is not a good way to support my credibility, which is wrong. So, you think quoting sites with factually incorrect information supports your credibility? Interesting. > It is he who is telling me that it is ok for me to download, patch and distribute software patches to my hearts content. His software. Not all software uses his license (for which I can only give thanks). Some licenses specifically prohibit such activities. |
| jdixon May 07, 2007 5:06 PM EDT |
> It's catching: Which just goes to show that Venema's ego is a least within an order of magnitudes of DJB's. Notice that he can't be bothered to use the BSD or GPL licenses either. |
| hkwint May 08, 2007 1:18 PM EDT |
Quoting:hkwint: Your bsdfreak.nl quote doesn't seem to be about djbdns, Off course it is! But I assume Dutch is a second language to you ;) (darn Google localization, that's why for everything I search for Dutch sites show up, and I'm too lazy to type google.us) http://www.bsdfreaks.nl/index.php/front_howto/53/683 Quoting:Opzetten cacheing nameserver voor je netwerk () Which means "Setup cacheing nameserver for your network" Quoting:Als namserver wordt gebruik gemaakt van djbdns van DJ Bernstein (o.a. maker qmail) "As a namesrever, djbdns is used." Quoting:Deze dns server heeft tot op heden dag nog geen één security lek gehad "This dns server didn't have one security breach until today." |
| pat May 08, 2007 2:21 PM EDT |
I think the author is talking about bind with the security breech. Why would he/she be showing how to setup djbdns if it was insecure? If this was true and djbdns did have a security issue, I'm pretty sure it would be on the djbdns mailing list (which is for all dns software btw) and I can find nothing. Try again. |
| Sander_Marechal May 08, 2007 2:34 PM EDT |
pat, I think you're misreading the translation. A clearer translation would probably be:Quoting:Deze dns server heeft tot op heden dag nog geen één security lek gehad Quoting:This DNS server has not had any security breach yet |
| jdixon May 08, 2007 5:25 PM EDT |
> what would be the name of Microsoft Linux?... Or, more literally, "This DNS server has not had a security breach to this day." That's closer to the translation hkwink gave. |
| hkwint May 10, 2007 11:59 AM EDT |
Thanks sander and jdixon, I was just trying to show djbdns is secure, not the opposite. |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!