[55420] in North American Network Operators' Group
Re: OT: Re: WANAL (Re: What could have been done differently?)
daemon@ATHENA.MIT.EDU (Scott Francis)
Tue Jan 28 21:11:01 2003
Date: Tue, 28 Jan 2003 18:06:47 -0800
From: Scott Francis <darkuncle@darkuncle.net>
To: Rafi Sadowsky <rafi-nanog@meron.openu.ac.il>
Cc: nanog@merit.edu
Mail-Followup-To: Scott Francis <darkuncle@darkuncle.net>,
Rafi Sadowsky <rafi-nanog@meron.openu.ac.il>, nanog@merit.edu
In-Reply-To: <Pine.GSO.4.21.0301282028370.21274-100000@meron.openu.ac.il>
Errors-To: owner-nanog-outgoing@merit.edu
--ylS2wUBXLOxYXZFQ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Jan 28, 2003 at 08:53:59PM +0200, rafi-nanog@meron.openu.ac.il said:
[snip]
> Hi Paul,
>=20
> What do you think of OpenBSD still installing BIND4 as part of the
> default base system and recommended as secure by the OpenBSD FAQ ?
> (See Section 6.8.3 in <http://www.openbsd.org/faq/faq6.html#DNS> )
OpenBSD ships a highly-audited, chrooted version of BIND4 that bears little
resemblance to the original code (I'm sure Paul can correct me here if I'm
off-base). The reasons for the team's decision are well-documented on vario=
us
lists and FAQs. Given the choices at hand (use the exhaustively audited,
chrooted BIND4 already in production; go with a newer BIND version that
hasn't been through the wringer yet; write their own dns daemon; use tinydns
(licensing issues); use some other less well-known dns software), I think
they made the right one. I'm sure they'll move to a newer version when
somebody on the team gets a chance to give it a thorough code audit, and run
it through sufficient testing prior to release.
--=20
-=3D Scott Francis || darkuncle (at) darkuncle (dot) net =3D-
GPG key CB33CCA7 has been revoked; I am now 5537F527
illum oportet crescere me autem minui
--ylS2wUBXLOxYXZFQ
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)
iD8DBQE+Nzc3WaB7jFU39ScRAiSNAJ9vfYWVJ0mrCUfAgZPKaxTjOdXg3QCfdkh2
05KuzQJ8BaIayjj4ZcCLZkg=
=uuiI
-----END PGP SIGNATURE-----
--ylS2wUBXLOxYXZFQ--
