[dns-operations] New subscribers
simon at darkmere.gen.nz
Wed Dec 29 19:03:15 UTC 2010
On Wed, 29 Dec 2010, William F. Maton Sotomayor wrote:
> On Wed, 29 Dec 2010, Roosenraad, Chris wrote:
>> As far as packaging goes, I'm with Elvind. Compile myself, and then
>> package into my own RPMs. But I realize that is a little out of the
> I will go on record that in some areas where I have worked, I've had people
> look at me rather strangely when I direct them to build from sources instead
> of using packaged versions. This would usually be followed by a rather quick
> tutotrial on what tar, configure and make are.
It's part of the way the job has evolved. 10 years ago package managers
were not as common so you had to compile and build things yourself. I
remember around 2000 building and rolling out by hand about ssh every few
months when a new security problem hit. Same with kernels, you built
them yourself and rolled them out every few months/weeks.
The main differences I would see between then and now:
- Number of packages on machines ( ~100 on minimal vs ~300 today )
- More layers of complexity in packages ( If you upgrade libssl then you
have to worry about php-ssl, python-ssl apache-ssl )
- Greater automation of machines ( a dozen hand crafted servers are less
common, instead people have 10s/100s/1000s of identical web servers )
- In 95% of cases the distribution version will do the trick
- In 4% of cases somebody will have already packaged a more uptodate
version for RHEL, Ubuntu, Debian.
- The last 1% of cases you shouldn't have too many packages per
Sure if I was running 100 DNS servers and after interesting features then
I'd look at downloading, compiling, packaging and rolling out the latest
and greatest bind. But I wouldn't be doing the same with ssh, sendmail,
ssl, bash, kernel etc on the same box unless there was a good reason.
Following and maintaining more than a dozen packages locally would start
to have some overhead (I'm doing this with RHEL5 already and it's a pain).
Speaking of which. I notice that out of bind, unbound, powerdns and nsd
only powerdns has packages (32bit and 64bit rpms) available on it's
download site. Perhaps making packages available will encourage more
"point and click admins" to run more recent versions rather than waiting
for packages to catchup.
 Scroll down to the bottom of this page to give you an idea what some
software maintainers do - http://www.mondorescue.org/downloads.shtml
 - And plenty of people do things like run "one version behind RHEL"
when these days means RHEL4 and is a good 5 years out of date.
Simon Lyall | Very Busy | Web: http://www.darkmere.gen.nz/
"To stay awake all night adds a day to your life" - Stilgar | eMT.
More information about the dns-operations