:: Re: [DNG] how to clear DNS cache
Top Page
Delete this message
Reply to this message
Author: Steve Litt
Date:  
To: dng
Subject: Re: [DNG] how to clear DNS cache
On Thu, 5 Jan 2017 13:47:14 -0800
Rick Moen <rick@???> wrote:

> Quoting Steve Litt (slitt@???):
>
> > Which of the preceding is best? I've always been partial to
> > dnscache/tinydns, but installing it is a long cumbersome procedure
> > giving Arch installation a run for its money. I've never heard of
> > Unbound, PowerDNS Recursor, or Deadwood.
>
> The question you ask is very debatable.
>
>
> As you probably know, BIND9 is of questionable architecture, being a
> single monolithic
> all-singing/all-dancing binary, slow, large, overfeatured. I would
> rule it out on grounds of being not _just_ a recursive nameserver.


I didn't like it for that same reason, but always wondered if it were
just a case of my drinking the djb kool aid.

>
>
> PowerDNS Recursor is the recursive-server matching element to PowerDNS
> Authoritative Server from the same folks. Both are back-ended into
> SQL databases (default MySQL).


Nix on that, for similar reasons as my keeping away from dbus-necessary
software.

[snip]

> Deadwood is by Sam Trenholme, author of MaraDNS, who is (fair
> disclosure) like you a friend of mine. He wrote it as the
> from-scratch replacement for the recursive-server daemon in the
> antecedent MaraDNS suite, i.e., if you install the
> currently-maintained MaraDNS 2.x suite, you get Deadwood as its
> recursive-server component rather than the original implementation --
> but Sam also decided to package Deadwood separately for people who
> want _just_ recursive functions. As noted in my
> http://linuxmafia.com/faq/Network_Other/dns-servers.html#deadwood
> writeup, in a comparative test by Sam of compiling stripped binaries
> with the same compiler optimisation, Deadwood weighed in as the
> second smallest binary. Advantage: has good security history.
> Disadvantage: maintained by just one guy, and part-time at that.


Sounds excellent. Maintained by one is less of a problem when there are
so many alternatives.

>
>
> Unbound was the second effort by the .nl TLD people, NL Labs, after
> they wrote NSD, an authoritative server so successful it's now used
> by many TLD nameservers and root nameservers. Advantages: clean
> design, extremely well maintained, good security history. And it Just
> Works.[tm] Disadvantages: can't think of any offhand.


Sounds excellent.

>
>
> To discuss dnscache (the recursive server from djbdns), you must
> discuss whose fork and with what patchsets, because DJB's version
> djbdns 1.06 codebase that was his final release cannot itself be
> recommended because of unpatched problems. Maintained forks:
>
> o zinq-djbdns by Mark Johnson
> o Debian djbdns/dbndns by Debian developer Gerrit Pape (both binary
> packages cited being built from single Debian source package
> djbdns).


As the author of runit, Gerrit Pape is my main man. If I continue using
djbdns, I'd certainly get his version, *if* I could get a source version
not tightly bound to Debian, and to dbus and systemd.

> o N-DJBDNS by Red Hat developer Prasad J. Pandit


Ain't no redhat in this shop.

>
> There used to be a fourth, by Joshua Small, named LolDNS, but he
> orphaned his effort soon after he started it in 2013. (If you're an
> optimist, you could say it's completed and mature rather than
> orphaned. You be the judge.)
>
> The big question about any update of the historic djbdns 1.06 codebase
> is whether the maintainer has applied _enough_ patches to fix its many
> documented problems. Also, quality of the patches applied is
> something you could judge if you wanted to make a hobby of this.
> Advantages: Patched dnscache from zinq-djbdns was the smallest
> compiled binary in Sam Trenholme's comparison.


If the others are small, this wouldn't be a priority with me.

> Security history is
> good. Disadvantage: Original coder (by one of the world's most
> contentious personalities in software)


Oh come on now, he's like you, he never argues with anyone!

> is famously eccentric in his
> coding style along with everything else, and what he writes is
> FHS-hostile by strong default tendency unless the package works at
> it.


You got something against /service and /command?

:-)

> According to djbware expert Jonathan de Boyne Pollard, some
> functionality problems remain even in patched dnscache compared to
> competitors, such as frequent failure to resolve Akamai and some
> other companies' DNS that do baroque delegations without glue records.


I don't find Jonathan de Boyne Pollard credible. From my viewpoint,
he's a systemd apologist with an overly featured init system that's
trying to be a systemd me-too, and he picks nits about simpler init
systems, concerning little corner cases that will happen only to very
few, that can easily be worked around. He seems to be a fan of
complexity. Unlike runit and s6, I never got nosh running, and perhaps
this reveals a personal deficiency, but I just don't care.

If JdBP finds problems with patched djbdns, I find that a reason to go
to those patched versions of djbdns.

>
> Fair disclosure: Author Daniel J. Bernstein (DJB) back around 1999
> adopted me as the official chief hate-object of his software cult,


I think we've all read those exchanges. I haven't read them in 4 years,
but if memory serves me the major beef among your several beefs about
djb software was the license. I enjoy it when two people who know what
they're talking about get into a knock-down, drag-out battle.

> which was very amusing, although I've subsequently been supplanted by
> Theo de Raadt. For a decade, I had the distinction of being the only
> person mentioned by name in a major software licence,


If that happened to me, I'd put it on my resume. As it is, I make sure
everyone knows I got my mouth duct taped shut on Debian-User, and on
#html.

> because Dan
> calls me an idiot on the Web page where he asserted the former
> proprietary non-licensing terms he specified for djbdns, qmail, etc.


Geez, only local people have called me an idiot. I'd love to have
Poettering call me an idiot.

SteveT

Steve Litt
December 2016 featured book: Rapid Learning for the 21st Century
http://www.troubleshooters.com/rl21