Maintained by: NLnet Labs

[Unbound-users] Unbound release 1.4.12

Gábor Lénárt
Mon Jul 18 17:38:51 CEST 2011

On Mon, Jul 18, 2011 at 11:27:19AM -0400, Paul Wouters wrote:
> On Mon, 18 Jul 2011, Gábor Lénárt wrote:
> >I agree. I prefer installing packages on a server, but for a DNS server, I
> >prefer to compile the DNS server software itself, so it can be optimized etc
> >etc. But now I have to compile ldns as well, since the one in the latest
> >Ubuntu (LTS version) server is "not recent enough" :( I compiled now ldns,
> >but unbound links to libldns now runtime, which - I guess - is not optimal,
> >since as far as I know shared libraries are PIC code, which causes some
> >performance loss (especially on 32 bit architecture because there is not
> >so much registers on 32 bit x86 platform). So even another difficulty now:
> >try to figure out how I can make unbound to use libldns.a instead of .so ...
> >Now I've modified to have libldns.a as library_names but I guess
> >it's a very ugly solution and better way should exist ...
> IMHO, someone who knows how to manually hack .a files is in a much better
> position to do custom downloading/compiling then those who can barely run
> "./configure" and unknowingly end up with an older (possible insecure copy)
> of ldns.

Ok, no flame war please, I didn't want that either :) I am just thinking
that it's a bit odd explanation for me: it's about the situation that people
and distribution maintainers are confused that built-in version of ldns (in
unbound) is compiled, which can be confusing. Ok, that's a point. But it
should not be the default (I am not sure it was or not, I always specified
for the configure script), so then it's not so possible that someone using
the built-in copy of the ldns by mistake, since it must be asked from the
configure script to do so! So the real reason of my mail was only about
this question what made me thinking on the problem of this "confusing"
situation, which is not the case, at least in my opinion. Also, if unbound
ships ldns, it's not so possible to have an "old and buggy" ldns compiled in
by mistake, since if I upgrade unbound (by downloading and recompiling a
newer version) I will get a newer copy of ldns - at least I hope :) -. By
contrast, it's possible that the distribution ships an outdated version of
ldns (like in my case: the newest LTS version of Ubuntu contain ldns which
is too old) so I think this can cause the "false feeling of security" not
the opposite when unbound ships ldns source as well. Anyway ...

> Also, if speed is that much of an issue, I recommend upgrading that 32bit
> arch to some hardware available in the last what? five years?

If you give me money, I do :) Till that, I am trying to solve the
performance problem at the software side, even if it sounds odd. :(

> As was pointed out earlier, other libraries like libevent/libev are also
> not packaged with unbound, and might also be different versions compiled
> with compile flags not ideal to you. Are you recompiling libevent manually
> as well? Where do you draw the line?
> ldns is not the unbound dns code. ldns is its own dns library used by many
> other applications.

Ok, your point is clear, and valid, I have to admit. And please do not treat
my mails as a flame topic starter ones.  It's also clear that as an unbound
user I have to accept the decision of its developers, as I've already stated
in a previous mail of mine, too. Maybe I've already done some over-talking
on this topic, so I don't want to waste anyone's energy further here :)

Thanks for your answer.


- Gábor