North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: OT: Re: WANAL (Re: What could have been done differently?)
On Tue, Jan 28, 2003 at 08:53:59PM +0200, [email protected] said: [snip] > Hi Paul, > > What do you think of OpenBSD still installing BIND4 as part of the > default base system and recommended as secure by the OpenBSD FAQ ? > (See Section 6.8.3 in <http://www.openbsd.org/faq/faq6.html#DNS> ) OpenBSD ships a highly-audited, chrooted version of BIND4 that bears little resemblance to the original code (I'm sure Paul can correct me here if I'm off-base). The reasons for the team's decision are well-documented on various lists and FAQs. Given the choices at hand (use the exhaustively audited, chrooted BIND4 already in production; go with a newer BIND version that hasn't been through the wringer yet; write their own dns daemon; use tinydns (licensing issues); use some other less well-known dns software), I think they made the right one. I'm sure they'll move to a newer version when somebody on the team gets a chance to give it a thorough code audit, and run it through sufficient testing prior to release. -- -= Scott Francis || darkuncle (at) darkuncle (dot) net =- GPG key CB33CCA7 has been revoked; I am now 5537F527 illum oportet crescere me autem minui Attachment:
pgp00027.pgp
|