Looking for a Name Resolution solution

Wed Dec 20 21:42:29 MST 2006

On Thu, 2006-12-21 at 04:05 +0000, Dale Farnsworth wrote:
> Maybe, I'm just in a disagreeable mood... :)
----
OK - I can deal ;-)
----
> 
> Craig wrote:
> > I don't ever recommend djb stuff - using ISC's bind/dhcpd servers and
> > having dhcp clients register their names with dns is actually quite
> > simple.
> 
> It is simple, but I would argue that djbdns is as simple and more robust.
> To each his own.
----
probably true - it's a philosophical thing that I am dealing with. DJB's
restrictive license sort of flies in the face of all that is GPL/BSD
license - even though the software is indeed open source.
----
> 
> > Appliance devices that provide dhcp and dns are never going to work...
> > 1 - they don't provide dns, they provide proxy services to isp's dns
> 
> dnsmasq provides proxy services to the isp's dns, as you say.  But, it
> simultaneously will resolve queries machines listed in /etc/hosts.  It
> works quite well for a small network.
----
I was referring to appliance devices e.g. WRT54G - once you are talking
about dnsmasq, you have left the realm.
----
> 
> > 2 - they don't offer anything beyond the most basic dhcp service...an ip
> > address, gateway/router address and dns information
> 
> You can configure dnsmasq to provide any dhcp information you wish.
----
again, appliance was my reference, yours is computer system based
----
> 
> > 3 - they have very short leases and ip address leases do not 'stick' and
> > ip addresses will frequently jump around.
> 
> dnsmasq permits you to set whatever dhcp lease times you want and
> they will stick if you configure dnsmasq's leases file in non-volatile
> storage.
----
again, appliance was my reference, yours is computer based

It's probably easier to be disagreeable when comparing apples with
oranges but not necessarily effective.

>From my own perspective, I ALWAYS run a local mail server, even at home,
even when I am the only user because I can attach to it via any IMAP
client from any system (Linux/Mac/Windows), I can run server based rules
(sieve), I have spamassassin checking/tagging e-mail upon receipt, I
have clamav, etc. processing e-mail upon receipt.

Running local mail server means having local dns - real dns with mx
records and since I've been able to get BIND/DHCPd from ISC running
without much fuss, there's little need to even search out more
lightweight options. Heck, I run LDAP on my home network too.

I ended up buying a used server with dual Xeon P III's and 6 hard drives
for like $275 and it's handled all this like a champ with the benefit of
also keeping my unheated office warm on these cold winter nights ;-)

While I don't necessarily figure everyone has to go all the extra steps,
my own observation is that lighter weight services often fall short on
needed features, expected stability and are of lesser value to my
testing in preparation for other networks that need more features.

Lastly, and perhaps most important to my sanity...I have a repeatable
pattern:
- Postfix
- Cyrus-IMAPd
- MailScanner
- SQL Grey (greylisting), clamav (anti-virus), spamassassin
- BIND/DHCPd
- OpenLDAP
- Samba
- Netatalk (where Macintosh is used)
- Apache/MySQL/PHP/mod-AuthzLDAP
- Webmin (primarily used to manage LDAP user accounts and BIND)
- Horde/IMP/Kronolith/Ingo/Nag/Mnemo/Turba/Wicked - (shared e-mail,
public mailboxes, web based and user editable mail filtering including
vacation notices, shared calendars, shared task lists, shared notes and
a wiki system - all with a consistent permissions system)

all of which are pretty well integrated...All user accounts, e-mail
addresses and e-mail aliases are in LDAP, Windows/Macintosh/Linux users
all have their own shared $HOME, a single username/password combination
for each user for all services and only Netatalk is compiled from
tarball...all other packages are part of distribution and security
updates are provided by CentOS or RHEL (depending upon client). A user
can move from Macintosh to Linux to Windows and his files are simply
there in whatever the convention used by the OS to deliver their '$HOME'
directory, yet a user always uses the same login/password.

In short, it's a setup that is pretty low maintenance and I gather,
fairly high in features for an open source setup.

Craig