djbdns: An alternative to BIND

Mon Apr 11 20:53:26 UTC 2005

On Mon, 11 Apr 2005, David Conrad wrote:

> As far as I know, BINDv9 complies with the AXFR protocol.  

Very, very technically, (and only due to the unresolved vagueness in the
AXFR RFC), this is true.  But it is isn't exactly honest.  Every 
implementation including BIND interpreted the "vague" section the same 
way, and now BIND9 wants it changed.  That isn't a clarification.

> Empirically, given BINDv9 interoperates with every DNS server that
> implements AXFR and IXFR that I'm aware of, it would seem assertions
> that "BIND9 is not compliant with AXFR standards" is simply pure crap.

"Empirically" is because BIND9 attempts to detect other BIND9 servers, and
if it thinks the other server isn't BIND9, then it uses the traditional
protocol. So it will work so long as no implementation can fool BIND9 into 
thinking the other server is BIND9, but then not implement the 
non-standard protocol.

However, if you were to capture the packets between two BIND9 servers, and
use that as your guide to reverse engineer AXFR protocol specification (or
more practically, just send it to another server verbatim), you will not
be able to communicate with other non-BIND9 servers.  

> There was an attempt to clarify various ambiguities found in the rather
> loose specification of the AXFR protocol by writing up the issues
> encountered and a solution to those issues, but that effort sunk in the
> IETF swamp.

Uhh, not exactly "sunk in the swamp", so much as overwhelming opposition 
from nearly every implementor who didn't want to alter their 
implementation.  As I said above, and as was pointed out by many on the 
DNSEXT WG, this isn't a clariification. Its a major change and it was 
rejected.

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000   