I like nic.cz because they are utilising dnscurve.
But when I try to compile knot it demands a lot more resources than compiling djbdns (tinydns), or nsd. A bit too much IMO.
There is some amusing djb-phobia in this thread. Reminds me of djb-bashing from years gone by. Always good for a laugh. Time has shown the wiser.
Despite many early detractors (for reasons unknown), his software is still going strong without major flaws while the popular alternatives (who are often grubbing for consulting bucks) have suffered embarassment after embarassment because of poor design and sloppy coding. Unlike the usual bloated crapware that needs to be fixed/upgraded umpteen times (how is this ever a sign of quality?), his stuff is rarely if ever updated. Because it does not need to be. It just works. And keeps on working. In recent years it seems to me his work (crypto-focused) is now gaining more widepsread popularity. Never thought I'd see it in something like OpenSSH.
I use djb programs daily, from qmail to daemontools to ucspi to sntpclock to cdb. All very reliable. I wish there were more authors who could do what djb does. a@kx is another one I admire, but k is not open source. I think my favorite aspect of djb software is how cleanly it compiles, no matter what system I've got. His more recent packages do not even use make!
Anyway, if the guys behind knot can get it to compile as cleanly and easily as tinydns (or even nsd), I'll give it another shot. But methinks I should not need GB's of RAM or some hugh swap space to compile a simple authoritative dns server. Simplicity is paramount. To me, anyways.
I may have to get one of these Turris routers. Nice work.
> I like CZ.NIC because they are utilising dnscurve.
we don't use dnscurve nor promote it. I am sorry, but we strongly believe in standards that are widely accepted among DNS community.
> But when I try to compile knot it demands a lot more resources than compiling djbdns (tinydns), or nsd. A bit too much IMO.
I don't know how about you, but compilation is one time event per version, but reading the zones can happen very often. So the memory used to compile zone parser doesn't worry me much.
Anyway to lower the compilation resources you can just pass --disable-fastparser to ./configure invocation (that will use -T0 instead of -G2 for ragel; see 5.11 Choosing a Generated Code Style in ragel PDF documentation).
Just as a remark - it makes me very sad when you and other people hijack the discussion with djbdns and it's old feuds. I have no idea how f.e. daemontools or ucspi are related to Knot DNS (unless... you can run knotd under daemontools if you want...)
Please accept my apolgies - I was mistaken. I was thinking of dnscurve.cz and extrapolated this to conclude that nic.cz was dnscurve-friendly. But we now know this is not the case. They do not view it as being worthy of adoption as a "standard". Sad.
But when I try to compile knot it demands a lot more resources than compiling djbdns (tinydns), or nsd. A bit too much IMO.
There is some amusing djb-phobia in this thread. Reminds me of djb-bashing from years gone by. Always good for a laugh. Time has shown the wiser.
Despite many early detractors (for reasons unknown), his software is still going strong without major flaws while the popular alternatives (who are often grubbing for consulting bucks) have suffered embarassment after embarassment because of poor design and sloppy coding. Unlike the usual bloated crapware that needs to be fixed/upgraded umpteen times (how is this ever a sign of quality?), his stuff is rarely if ever updated. Because it does not need to be. It just works. And keeps on working. In recent years it seems to me his work (crypto-focused) is now gaining more widepsread popularity. Never thought I'd see it in something like OpenSSH.
I use djb programs daily, from qmail to daemontools to ucspi to sntpclock to cdb. All very reliable. I wish there were more authors who could do what djb does. a@kx is another one I admire, but k is not open source. I think my favorite aspect of djb software is how cleanly it compiles, no matter what system I've got. His more recent packages do not even use make!
Anyway, if the guys behind knot can get it to compile as cleanly and easily as tinydns (or even nsd), I'll give it another shot. But methinks I should not need GB's of RAM or some hugh swap space to compile a simple authoritative dns server. Simplicity is paramount. To me, anyways.
I may have to get one of these Turris routers. Nice work.