|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re:BIND, djbdns, commercialization
>While the idea of another program to serve DNS isn't all that bad, >I think jumping ship just because of one new policy isn't necessarily >the most prudent thing to do. The new policy may not be the only reason; the bugs in BIND 4/BIND 8 are making everyone consider what to use as replacement: BIND 9, djbdns or something else. Both BIND 9 and djbdns have non-technical issues; BIND 9 licensing is good, but ISC sticks to security notification methods that are not. Licensing is a djbdns weakness. >WRT djbdns: I've had a moderate level of experience with it, and, >while it seems interesting to an extent, operationally I've had several >annoying encounters with it. >When challenged, I seem to get the reply of "maybe some time later >it will have that" or "that is insecure, djb doesn't support that". What operational issues are annoying and in what daemons (dnscache, tiny-dns, axfr-dns, wall-dns) ? Needs like authoritative servers and recursive resolvers are different, and may be a djbdns/BIND9 mix can perform better. >djbdns is also very infant - it's probably not popular enough for all >the skr1pt k1dd13s to have an interest in hacking at, because finding >a vulnerability in djbdns is about as useful to the "wreaker or havoc" >as finding a master door and ignition key to a '58 pinto -- there's >about 17 of them on the planet :-) djb himself seems not to be very popular; I bet that are many people out there trying to find bugs in his software just to make him look silly. Rubens Kuhl Jr.
|