Re: axfr-clarify's fraudulent claims of consensus

[Mark.Andrews@isc.org]

> On Sat, Feb 15, 2003 at 05:10:46PM +1100, Mark.Andrews@isc.org wrote:
> > 	Your software (and BIND 8) causes operational problems by not
> > 	preserving zone contents.
> [...]
> > 	Senario 1.
> 
> In order to understand your claim about the operational problems while
> using djbdns, could you tell us how Scenario 1 is accomplished with
> tinydns/axfrdns? Could you give us a URL pointing at a webpage that
> contains the output of your experiments?
> 
> > 	You update example.com adjusting
> > 	its serial.  
> 
> In particular, could you tell us what is the relevance of the serial
> number to tinydns's update procedures?
> 
> 
> > 	Senario 2.
> 
> [...]
> 
> > 	This is a common implemention error caused by trying to
> > 	stuff all zones into a common database.  BIND 4 got it
> > 	wrong.  BIND 8 got it wrong.
> > 
> > 	You want us all to keep repeating this mistake.
> 
> But I thought djbdns did _not_ get it wrong.  Or if you think it did,
> could you show us the experiment that verifies the claim, that is, it
> accomplishes Scenario 2 with tinydns/axfrdns servers?
> 
> Mate
> 
> Mate Wierdl | Dept. of Math. Sciences | University of Memphis  
> 
> --
> to unsubscribe send a message to namedroppers-request@ops.ietf.org with
> the word 'unsubscribe' in a single line as the message text body.
> archive: <http://ops.ietf.org/lists/namedroppers/>

	It's easy enough to demonstate.  The master server is 10.53.0.2.
	10.53.0.1 is dbj's software.   I used the FreeBSD port system to
	install it.

djbdns-1.05_2       A collection of secure and reliable DNS tools

tcpclient 10.53.0.2 53 axfr-get child.example.net zone.child.example.net zone.child.example.net.tmp
tcpclient 10.53.0.2 53 axfr-get example.net zone.example.net zone.example.net.tmp
sort -u zone.* > data
make

	You will note that it actually *merges* the records.
	ns2.child.example.net doesn't exist due to a typo in
	child.example.net.  I was taking Dan's word that it
	took the child data.

	Merges are just as bad as taking data just from the child
	zone.  In both cases slaves off 10.53.0.1 will be left with
	data that was not in the original master files.

	I presume for a real world server that you would need to
	call tcpclient periodically and remake data if the zone
	files have changed.   It looks like they axfr-get is
	designed to be called independently of the database make.

	I suspect no-one would run tinydns in the senarios described.
	It's designed for a collection of servers that all serve a
	identical set of zones from a single master.  Trying to use
	it in any other configuration is just cumbersome.  There
	really is no incoming zone maintanence.  You have to roll
	your own from what I can see.  axfr-get will check the
	serial but that is far short of full zone maintenance.
	axfr-get get need to be called with the right periodicity.

	Mark

; <<>> DiG 9.3.0s20021115 <<>> axfr child.example.net @10.53.0.2
;; global options:  printcmd
child.example.net.	10	IN	SOA	. . 1 3600 1200 360000 10
child.example.net.	10	IN	NS	ns1.child.example.net.
child.example.net.	10	IN	NS	ns2.child.example.net.
ns1.child.example.net.	10	IN	A	10.53.0.1
ns1.child.example.net.	10	IN	A	10.53.0.2
child.example.net.	10	IN	SOA	. . 1 3600 1200 360000 10
;; Query time: 43 msec
;; SERVER: 10.53.0.2#53(10.53.0.2)
;; WHEN: Tue Feb 18 11:50:46 2003
;; XFR size: 7 records (messages 1)


; <<>> DiG 9.3.0s20021115 <<>> axfr child.example.net @10.53.0.1
;; global options:  printcmd
child.example.net.	10	IN	SOA	. . 1 3600 1200 360000 10
child.example.net.	10	IN	NS	ns1.child.example.net.
child.example.net.	10	IN	NS	ns2.child.example.net.
ns1.child.example.net.	10	IN	A	10.53.0.1
ns1.child.example.net.	10	IN	A	10.53.0.2
ns2.child.example.net.	10	IN	A	10.53.0.2
child.example.net.	10	IN	SOA	. . 1 3600 1200 360000 10
;; Query time: 5 msec
;; SERVER: 10.53.0.1#53(10.53.0.1)
;; WHEN: Tue Feb 18 11:51:02 2003
;; XFR size: 8 records (messages 7)

; <<>> DiG 9.3.0s20021115 <<>> axfr example.net @10.53.0.2
;; global options:  printcmd
example.net.		10	IN	SOA	. . 1 3600 1200 360000 10
example.net.		10	IN	NS	ns1.example.net.
example.net.		10	IN	NS	ns2.example.net.
child.example.net.	10	IN	NS	ns1.child.example.net.
child.example.net.	10	IN	NS	ns2.child.example.net.
ns1.child.example.net.	10	IN	A	10.53.0.1
ns2.child.example.net.	10	IN	A	10.53.0.2
ns1.example.net.	10	IN	A	10.53.0.1
ns2.example.net.	10	IN	A	10.53.0.2
example.net.		10	IN	SOA	. . 1 3600 1200 360000 10
;; Query time: 3 msec
;; SERVER: 10.53.0.2#53(10.53.0.2)
;; WHEN: Tue Feb 18 11:52:04 2003
;; XFR size: 11 records (messages 1)


; <<>> DiG 9.3.0s20021115 <<>> axfr example.net @10.53.0.1
;; global options:  printcmd
example.net.		10	IN	SOA	. . 1 3600 1200 360000 10
child.example.net.	10	IN	NS	ns1.child.example.net.
child.example.net.	10	IN	NS	ns2.child.example.net.
example.net.		10	IN	NS	ns1.example.net.
example.net.		10	IN	NS	ns2.example.net.
ns1.child.example.net.	10	IN	A	10.53.0.1
ns1.child.example.net.	10	IN	A	10.53.0.2
ns1.example.net.	10	IN	A	10.53.0.1
ns2.child.example.net.	10	IN	A	10.53.0.2
ns2.example.net.	10	IN	A	10.53.0.2
example.net.		10	IN	SOA	. . 1 3600 1200 360000 10
;; Query time: 5 msec
;; SERVER: 10.53.0.1#53(10.53.0.1)
;; WHEN: Tue Feb 18 11:51:30 2003
;; XFR size: 12 records (messages 11)

; <<>> DiG 9.3.0s20021115 <<>> ns child.example.net @10.53.0.1
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56624
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3

;; QUESTION SECTION:
;child.example.net.		IN	NS

;; ANSWER SECTION:
child.example.net.	10	IN	NS	ns1.child.example.net.
child.example.net.	10	IN	NS	ns2.child.example.net.

;; ADDITIONAL SECTION:
ns1.child.example.net.	10	IN	A	10.53.0.1
ns1.child.example.net.	10	IN	A	10.53.0.2
ns2.child.example.net.	10	IN	A	10.53.0.2

;; Query time: 1 msec
;; SERVER: 10.53.0.1#53(10.53.0.1)
;; WHEN: Tue Feb 18 12:11:45 2003
;; MSG SIZE  rcvd: 119


; <<>> DiG 9.3.0s20021115 <<>> ns child.example.net @10.53.0.2
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12751
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;child.example.net.		IN	NS

;; ANSWER SECTION:
child.example.net.	10	IN	NS	ns2.child.example.net.
child.example.net.	10	IN	NS	ns1.child.example.net.

;; ADDITIONAL SECTION:
ns1.child.example.net.	10	IN	A	10.53.0.1
ns1.child.example.net.	10	IN	A	10.53.0.2

;; Query time: 1 msec
;; SERVER: 10.53.0.2#53(10.53.0.2)
;; WHEN: Tue Feb 18 12:12:02 2003
;; MSG SIZE  rcvd: 103


--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews@isc.org