On Monday 31 December 2001 01:29, Michael D. Schleif wrote: <...> > It is always amazing to me how *intelligent* people try to make their > point by taking other people's words out of context . . . <...> > > http://cr.yp.to/djbdns/faq/axfrdns.html#what i added the URL so i that everyone could look it up. the WHOLE text.
i added another quote from that URL.. > Notice, that bind, current or not, has no answers to djb's concerns, as > expressed in his complete paragraph ;> "There has been some work on improving the zone-transfer protocol: a NOTIFY mechanism that wakes up the slaves (after a delay, and without a failure notice when something goes wrong); an experimental IXFR mechanism for incremental zone transfers (although the BIND implementation doesn't work for zone files modified by hand or by external tools); and several proposed security mechanisms, notably TSIG. BIND's May 2001 IXFR and TSIG implementations are supposedly free of the bugs that caused crashes, data corruption, and root exploits in previous versions of BIND. The BIND company occasionally mumbles about imaginary tools to handle new zones and client differentiation. By combining all these tools, you can finally approach the functionality of a trivial rsync script. Wow." Wow. May 2001.....it is 30.12.2001 now and BIND 9.2.0 is out. http://www.isc.org/products/BIND/bind9.html DNS Security DNSSEC (signed zones) TSIG (signed DNS requests) IP version 6 Answers DNS queries on IPv6 sockets IPv6 resource records (A6, DNAME, etc.) Bitstring Labels Experimental IPv6 Resolver Library DNS Protocol Enhancements IXFR, DDNS, Notify, EDNS0 Improved standards conformance Views One server process can provide multiple "views" of the DNS namespace, e.g. an "inside" view to certain clients, and an "outside" view to others. Multiprocessor Support Improved Portability Architecture - djb should update his security concerned pages. --