[dns-operations] New subscribers

Simon Lyall simon at darkmere.gen.nz
Wed Dec 29 19:03:15 UTC 2010


On Wed, 29 Dec 2010, William F. Maton Sotomayor wrote:
> On Wed, 29 Dec 2010, Roosenraad, Chris wrote:
>> As far as packaging goes, I'm with Elvind.  Compile myself, and then
>> package into my own RPMs.  But I realize that is a little out of the
>> ordinary...
> I will go on record that in some areas where I have worked, I've had people 
> look at me rather strangely when I direct them to build from sources instead 
> of using packaged versions.  This would usually be followed by a rather quick 
> tutotrial on what tar, configure and make are.

It's part of the way the job has evolved. 10 years ago package managers 
were not as common so you had to compile and build things yourself. I 
remember around 2000 building and rolling out by hand about ssh every few 
months when a new security problem hit. Same with kernels, you built 
them yourself and rolled them out every few months/weeks.

The main differences I would see between then and now:
- Number of packages on machines ( ~100 on minimal vs ~300 today )
- More layers of complexity in packages ( If you upgrade libssl then you
   have to worry about php-ssl, python-ssl apache-ssl )
- Greater automation of machines ( a dozen hand crafted servers are less
   common, instead people have 10s/100s/1000s of identical web servers )
- In 95% of cases the distribution version will do the trick
- In 4% of cases somebody will have already packaged a more uptodate
   version for RHEL, Ubuntu, Debian.
- The last 1% of cases you shouldn't have too many packages per
   environment.

Sure if I was running 100 DNS servers and after interesting features then 
I'd look at downloading, compiling, packaging and rolling out the latest 
and greatest bind. But I wouldn't be doing the same with ssh, sendmail, 
ssl, bash, kernel etc on the same box unless there was a good reason. 
Following and maintaining more than a dozen packages locally would start 
to have some overhead (I'm doing this with RHEL5 already and it's a pain).

Speaking of which. I notice that out of bind, unbound, powerdns and nsd 
only powerdns has packages (32bit and 64bit rpms) available on it's 
download site. Perhaps making packages available[1] will encourage more 
"point and click admins" to run more recent versions rather than waiting 
for packages to catchup[2].


[1] Scroll down to the bottom of this page to give you an idea what some 
software maintainers do - http://www.mondorescue.org/downloads.shtml

[2] - And plenty of people do things like run "one version behind RHEL" 
when these days means RHEL4 and is a good 5 years out of date.

-- 
Simon Lyall  |  Very Busy  |  Web: http://www.darkmere.gen.nz/
"To stay awake all night adds a day to your life" - Stilgar | eMT.




More information about the dns-operations mailing list