lördagen den 23 november 2002 01.48 skrev Ben Reser: > On Thu, Nov 14, 2002 at 03:17:55PM -0700, Vincent Danen wrote: > > No opinion on how good they are as I haven't tried them. But any of > > them will be better than BIND on a security and ethical standpoint. > > Well I took some time to look at some of them today. > > Dents: > - Hasn't been updated since July 11th, 1999. > - Has 2 support requests sitting in the queue that have never been > responsed too (Both are over a year old). > - Mailing list archives show about 5 messages a year. > - Doesn't provide a cryptographic signature or even an md5 sum for their > package. > - Documentation is missing in the package. Points you to the website: > http://www.dents.org/, which fails to load for me. > - The MaraDNS site has a list of DNS programs... it says this one is > abandoned. From the looks of it I'd agree.
Ben..., this is terrible!!! Thank you for the research, it's very appreciated. > > MaraDNS: > - Has documentation. > - Has cryptographic signatures, but the key they are signed with isn't > on wwwkeys.pgp.net, but the key is included in package. But not putting > their key in the keyserver doesn't give me a whole lot of confidence in > the signature. So I imported the key that was in the package. It is > only a self signed key. Not very useful to prove that it's real. So > much for a security focused DNS server. > - Doesn't support multiple views. > - Doesn't support separate ACLs for each zone. > - Doesn't support acting as a secondary server as far as I can tell. > - Doesn't support round robin setups e.g. CNAME for www.domain.com > points to multiple ips that get returned in a rotating fashion. It only > returns the first ip. > - Doesn't handle MX's and wildcard listsings properly. > - Has an absolutely horrid zone file format. > - Doesn't appear to support the LOC record. At least I didn't see any > explanation of how to make one in their file format. Huh? What _does_ it do? > > MyDNS: > - Runs out of MySQL (I'm not terribly fond of this idea, so I didn't > spend a lot of time on it). > - Does not do recursive name service. > - Once again doesn't have any cryprtographic signatures for the files. > (though one is an rpm, they didn't sign it). Or for that matter > md5sums. mydns-0.9.3-1mdk has been in contribs since Thu Sep 19 2002 (if it's the same as MyDNS?) Please do try it. > > Posadis: > - No recursion > - No cryptographic sig. Even the rpm download isn't signed. They do > provide md5sum's... but we already know how useful these are for > security, they aren't! > - Supports standard zone file format that BIND uses (wahoo). > - supports DNS notify. > - Doesn't handle LOC records. > - Limited access controls. > > Which leaves me with two functional servers, that can handle my needs: > djbdns > bind > > I haven't really looked at djbdns all that much. I don't really care > to. But considering that it too is missing a cryptographic signature I > find it hard to take his concern about security seriously. > > The above is my evaluation of the software. Based upon my needs. > Others may find the other DNS servers more than effective for their > needs. Especially if they aren't wanting recursive or authoritative > zone hosting (I need to do both). Especially if they have much simpler > requirements... Hmm..., this is what I suspected, there's not that many alternatives after all... Thanks again Ben. -- Regards // Oden Eriksson, Deserve-IT Networks Check the "Modules For Apache2" status page at: http://www.deserve-it.com/modules_for_apache2.html
