North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re:BIND, djbdns, commercialization
- From: rkuhljr
- Date: Sat Feb 03 16:48:32 2001
>While the idea of another program to serve DNS isn't all that bad,
>I think jumping ship just because of one new policy isn't necessarily
>the most prudent thing to do.
The new policy may not be the only reason; the bugs in BIND 4/BIND 8 are making everyone consider what to use as replacement: BIND 9, djbdns or something else.
Both BIND 9 and djbdns have non-technical issues; BIND 9 licensing is good, but ISC sticks to security notification methods that are not. Licensing is a djbdns weakness.
>WRT djbdns: I've had a moderate level of experience with it, and,
>while it seems interesting to an extent, operationally I've had several
>annoying encounters with it.
>When challenged, I seem to get the reply of "maybe some time later
>it will have that" or "that is insecure, djb doesn't support that".
What operational issues are annoying and in what daemons (dnscache, tiny-dns, axfr-dns, wall-dns) ? Needs like authoritative servers and recursive resolvers are different, and may be a djbdns/BIND9 mix can perform better.
>djbdns is also very infant - it's probably not popular enough for all
>the skr1pt k1dd13s to have an interest in hacking at, because finding
>a vulnerability in djbdns is about as useful to the "wreaker or havoc"
>as finding a master door and ignition key to a '58 pinto -- there's
>about 17 of them on the planet :-)
djb himself seems not to be very popular; I bet that are many people out there trying to find bugs in his software just to make him look silly.
Rubens Kuhl Jr.