On Fri, 15 Feb 2002, Dean Cunningham wrote: > Bind probably has a worse security history than MS DNS ...
While true, comparing the number of public nameservers running BIND vs the number running MS's DNS server yields a pretty drastic gap, too. ;-) The biggest problem with ISC BIND is that most Unix/Linux vendors ship it with a really stupid configuration (runs with unrestricted, system-level privileges). It is not hard to lock it down to an unprivileged account restricted to a single directory branch. Additionally, BIND V9 is supposed to be a total rewrite, done with security in mind. So far, so good. MS's DNS is not without problems. It reacts badly to various combinations of DNS features, and the Active Directory integration in Windows 2000 causes all sorts of weird things to happen "magically". I find MS's DNS works best for a Windows 2000 network's internal DNS -- that isn't too surprising. For a public nameserver, I'd go with BIND. -- Ben Scott <[EMAIL PROTECTED]> | The opinions expressed in this message are those of the author and do not | | necessarily represent the views or policy of any other person, entity or | | organization. All information is provided without warranty of any kind. | ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
