Re: axfr-clarify's fraudulent claims of consensus

> On Sat, Feb 15, 2003 at 05:10:46PM +1100, 
> Mark(_dot_)Andrews(_at_)isc(_dot_)org wrote:
> >     Your software (and BIND 8) causes operational problems by not
> >     preserving zone contents.
> [...]
> >     Senario 1.
> In order to understand your claim about the operational problems while
> using djbdns, could you tell us how Scenario 1 is accomplished with
> tinydns/axfrdns? Could you give us a URL pointing at a webpage that
> contains the output of your experiments?
>
> >     You update example.com adjusting
> >     its serial.  
> In particular, could you tell us what is the relevance of the serial
> number to tinydns's update procedures?
>
>
> >     Senario 2.
> [...]
>
> >     This is a common implemention error caused by trying to
> >     stuff all zones into a common database.  BIND 4 got it
> >     wrong.  BIND 8 got it wrong.
> >
> >     You want us all to keep repeating this mistake.
> But I thought djbdns did _not_ get it wrong.  Or if you think it did,
> could you show us the experiment that verifies the claim, that is, it
> accomplishes Scenario 2 with tinydns/axfrdns servers?
>
> Mate
>
> Mate Wierdl | Dept. of Math. Sciences | University of Memphis  
>
> --
> to unsubscribe send a message to 
> namedroppers-request(_at_)ops(_dot_)ietf(_dot_)org with
> the word 'unsubscribe' in a single line as the message text body.
> archive: <http://ops.ietf.org/lists/namedroppers/>
        It's easy enough to demonstate.  The master server is 10.53.0.2.
        10.53.0.1 is dbj's software.   I used the FreeBSD port system to
        install it.

djbdns-1.05_2       A collection of secure and reliable DNS tools

tcpclient 10.53.0.2 53 axfr-get child.example.net zone.child.example.net 
zone.child.example.net.tmp
tcpclient 10.53.0.2 53 axfr-get example.net zone.example.net 
zone.example.net.tmp
sort -u zone.* > data
make

        You will note that it actually *merges* the records.
        ns2.child.example.net doesn't exist due to a typo in
        child.example.net.  I was taking Dan's word that it
        took the child data.

        Merges are just as bad as taking data just from the child
        zone.  In both cases slaves off 10.53.0.1 will be left with
        data that was not in the original master files.

        I presume for a real world server that you would need to
        call tcpclient periodically and remake data if the zone
        files have changed.   It looks like they axfr-get is
        designed to be called independently of the database make.

        I suspect no-one would run tinydns in the senarios described.
        It's designed for a collection of servers that all serve a
        identical set of zones from a single master.  Trying to use
        it in any other configuration is just cumbersome.  There
        really is no incoming zone maintanence.  You have to roll
        your own from what I can see.  axfr-get will check the
        serial but that is far short of full zone maintenance.
        axfr-get get need to be called with the right periodicity.

        Mark

; <<>> DiG 9.3.0s20021115 <<>> axfr child.example.net @10.53.0.2
;; global options:  printcmd
child.example.net.      10      IN      SOA     . . 1 3600 1200 360000 10
child.example.net.      10      IN      NS      ns1.child.example.net.
child.example.net.      10      IN      NS      ns2.child.example.net.
ns1.child.example.net.  10      IN      A       10.53.0.1
ns1.child.example.net.  10      IN      A       10.53.0.2
child.example.net.      10      IN      SOA     . . 1 3600 1200 360000 10
;; Query time: 43 msec
;; SERVER: 10.53.0.2#53(10.53.0.2)
;; WHEN: Tue Feb 18 11:50:46 2003
;; XFR size: 7 records (messages 1)


; <<>> DiG 9.3.0s20021115 <<>> axfr child.example.net @10.53.0.1
;; global options:  printcmd
child.example.net.      10      IN      SOA     . . 1 3600 1200 360000 10
child.example.net.      10      IN      NS      ns1.child.example.net.
child.example.net.      10      IN      NS      ns2.child.example.net.
ns1.child.example.net.  10      IN      A       10.53.0.1
ns1.child.example.net.  10      IN      A       10.53.0.2
ns2.child.example.net.  10      IN      A       10.53.0.2
child.example.net.      10      IN      SOA     . . 1 3600 1200 360000 10
;; Query time: 5 msec
;; SERVER: 10.53.0.1#53(10.53.0.1)
;; WHEN: Tue Feb 18 11:51:02 2003
;; XFR size: 8 records (messages 7)

; <<>> DiG 9.3.0s20021115 <<>> axfr example.net @10.53.0.2
;; global options:  printcmd
example.net.            10      IN      SOA     . . 1 3600 1200 360000 10
example.net.            10      IN      NS      ns1.example.net.
example.net.            10      IN      NS      ns2.example.net.
child.example.net.      10      IN      NS      ns1.child.example.net.
child.example.net.      10      IN      NS      ns2.child.example.net.
ns1.child.example.net.  10      IN      A       10.53.0.1
ns2.child.example.net.  10      IN      A       10.53.0.2
ns1.example.net.        10      IN      A       10.53.0.1
ns2.example.net.        10      IN      A       10.53.0.2
example.net.            10      IN      SOA     . . 1 3600 1200 360000 10
;; Query time: 3 msec
;; SERVER: 10.53.0.2#53(10.53.0.2)
;; WHEN: Tue Feb 18 11:52:04 2003
;; XFR size: 11 records (messages 1)


; <<>> DiG 9.3.0s20021115 <<>> axfr example.net @10.53.0.1
;; global options:  printcmd
example.net.            10      IN      SOA     . . 1 3600 1200 360000 10
child.example.net.      10      IN      NS      ns1.child.example.net.
child.example.net.      10      IN      NS      ns2.child.example.net.
example.net.            10      IN      NS      ns1.example.net.
example.net.            10      IN      NS      ns2.example.net.
ns1.child.example.net.  10      IN      A       10.53.0.1
ns1.child.example.net.  10      IN      A       10.53.0.2
ns1.example.net.        10      IN      A       10.53.0.1
ns2.child.example.net.  10      IN      A       10.53.0.2
ns2.example.net.        10      IN      A       10.53.0.2
example.net.            10      IN      SOA     . . 1 3600 1200 360000 10
;; Query time: 5 msec
;; SERVER: 10.53.0.1#53(10.53.0.1)
;; WHEN: Tue Feb 18 11:51:30 2003
;; XFR size: 12 records (messages 11)

; <<>> DiG 9.3.0s20021115 <<>> ns child.example.net @10.53.0.1
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56624
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3

;; QUESTION SECTION:
;child.example.net.             IN      NS

;; ANSWER SECTION:
child.example.net.      10      IN      NS      ns1.child.example.net.
child.example.net.      10      IN      NS      ns2.child.example.net.

;; ADDITIONAL SECTION:
ns1.child.example.net.  10      IN      A       10.53.0.1
ns1.child.example.net.  10      IN      A       10.53.0.2
ns2.child.example.net.  10      IN      A       10.53.0.2

;; Query time: 1 msec
;; SERVER: 10.53.0.1#53(10.53.0.1)
;; WHEN: Tue Feb 18 12:11:45 2003
;; MSG SIZE  rcvd: 119


; <<>> DiG 9.3.0s20021115 <<>> ns child.example.net @10.53.0.2
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12751
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;child.example.net.             IN      NS

;; ANSWER SECTION:
child.example.net.      10      IN      NS      ns2.child.example.net.
child.example.net.      10      IN      NS      ns1.child.example.net.

;; ADDITIONAL SECTION:
ns1.child.example.net.  10      IN      A       10.53.0.1
ns1.child.example.net.  10      IN      A       10.53.0.2

;; Query time: 1 msec
;; SERVER: 10.53.0.2#53(10.53.0.2)
;; WHEN: Tue Feb 18 12:12:02 2003
;; MSG SIZE  rcvd: 103


--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: 
Mark(_dot_)Andrews(_at_)isc(_dot_)org