[34341] in North American Network Operators' Group
Re:BIND, djbdns, commercialization
daemon@ATHENA.MIT.EDU (rkuhljr@uol.com.br)
Sat Feb 3 16:45:38 2001
Date: Sat, 3 Feb 2001 19:34:40 -0200 (UOL)
From: rkuhljr@uol.com.br
Message-Id: <200102032134.TAA09816@ludwing.uol.com.br>
Content-Type: text/plain
Content-Disposition: inline
Mime-Version: 1.0
To: jamie rishaw <jamie@arpa.com>
Cc: nanog@merit.edu
Reply-To: rkuhljr@uol.com.br
Errors-To: owner-nanog-outgoing@merit.edu
>While the idea of another program to serve DNS isn't all that bad,
>I think jumping ship just because of one new policy isn't necessarily
>the most prudent thing to do.
The new policy may not be the only reason; the bugs in BIND 4/BIND 8 are making everyone consider what to use as replacement: BIND 9, djbdns or something else.
Both BIND 9 and djbdns have non-technical issues; BIND 9 licensing is good, but ISC sticks to security notification methods that are not. Licensing is a djbdns weakness.
>WRT djbdns: I've had a moderate level of experience with it, and,
>while it seems interesting to an extent, operationally I've had several
>annoying encounters with it.
>When challenged, I seem to get the reply of "maybe some time later
>it will have that" or "that is insecure, djb doesn't support that".
What operational issues are annoying and in what daemons (dnscache, tiny-dns, axfr-dns, wall-dns) ? Needs like authoritative servers and recursive resolvers are different, and may be a djbdns/BIND9 mix can perform better.
>djbdns is also very infant - it's probably not popular enough for all
>the skr1pt k1dd13s to have an interest in hacking at, because finding
>a vulnerability in djbdns is about as useful to the "wreaker or havoc"
>as finding a master door and ignition key to a '58 pinto -- there's
>about 17 of them on the planet :-)
djb himself seems not to be very popular; I bet that are many people out there trying to find bugs in his software just to make him look silly.
Rubens Kuhl Jr.
