Re:BIND, djbdns, commercialization

[rkuhljr]

>While the idea of another program to serve DNS isn't all that bad,
>I think jumping ship just because of one new policy isn't necessarily
>the most prudent thing to do.

The new policy may not be the only reason; the bugs in BIND 4/BIND 8 are making everyone consider what to use as replacement: BIND 9, djbdns or something else.

Both BIND 9 and djbdns have non-technical issues; BIND 9 licensing is good, but ISC sticks to security notification methods that are not. Licensing is a djbdns weakness.

>WRT djbdns:  I've had a moderate level of experience with it, and,
>while it seems interesting to an extent, operationally I've had several
>annoying encounters with it.

>When challenged, I seem to get the reply of "maybe some time later
>it will have that" or "that is insecure, djb doesn't support that".

What operational issues are annoying and in what daemons (dnscache, tiny-dns, axfr-dns, wall-dns) ? Needs like authoritative servers and recursive resolvers are different, and may be a djbdns/BIND9 mix can perform better.

>djbdns is also very infant - it's probably not popular enough for all
>the skr1pt k1dd13s to have an interest in hacking at, because finding
>a vulnerability in djbdns is about as useful to the "wreaker or havoc"
>as finding a master door and ignition key to a '58 pinto -- there's
>about 17 of them on the planet :-)

djb himself seems not to be very popular; I bet that are many people out there trying to find bugs in his software just to make him look silly.




Rubens Kuhl Jr.