On Tue, 20 Feb 2001, Peter Cavender wrote:
> So why don't you run djbdns? We know vixie's record in the past, despite
> all the claims.
I just looked into djbdns, having never heard of it before. From what I see
on the website, I don't like it. It has a number of limitations. It does not
support TCP. It does not support NOTIFY. Its zone files are incomplete. It
does not seem to allow running cache and authoritative server on the same
system. Worst of all, it defeats the entire caching hierarchy that DNS is
designed around. Karl Runge thought using TCP was bad, but if everyone
suddenly switched to djbdns, the DNS would likely collapse.
As I read the documentation on djbdns, I really get the feeling the author
is implementing *his* version of what *he* wants the DNS to be. He may not
agree with the RFCs, but that does not give him the authority to override
them. I have to work in the real world.
(As an aside: Look at his proposal for nyms. The guy misses the *entire
point* of the DNS! Not a good sign.)
BIND has a serious history of buffer overflow problems, but it looks like
djbdns just trades one set of problems for another. :-( I think running BIND
unprivileged and chroot'ed gives you sufficient protection against attack.
> We know vixie's record in the past, despite all the claims. It is crap.
> They don't fix it.
BIND is one of those programs (like sendmail) that has been around since the
dark ages, from before Internet security was invented. Fixing it would likely
mean rewriting it. Nobody seems to want to undertake all the work a complete
rewrite and re-deployment of BIND. This is a Bad Thing, but it does appear to
be the way things are... :-(
--
Ben Scott <[EMAIL PROTECTED]>
Net Technologies, Inc. <http://www.ntisys.com>
Voice: (800)905-3049 x18 Fax: (978)499-7839
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
