--On Tuesday, April 08, 2003 5:42 PM +0200 Thomas Lamy <[EMAIL PROTECTED]> wrote:
PowerDNS seems to be pretty decent.
BIND is more sendmail then apache (3-5 years ago): most used DNS server software, bloated code (IMHO), and a remote exploit every now and then. Just because most of the internet uses it, it may (is) not the best software around.
On the other hand, it does a lot and you don't need 99 other little pieces with it.
If you use something like bind-dlz and run named in a chroot jail, the security risk is fairly minimal.
Your data will be in a whatever database you select and named can't change it. Data for authoritative answers is not cached, so there's no risk of poisoning.
The chroot jail keeps an exploit from trashing the server.
Is it perfect? No, but none of the alternatives are perfect either. Pick what you like. :-)
I don't think DJB will change his mind in this life, so I choose _free_ software with open development.
Most of the issues with djb software boil down to philosophy or personality.
They can do the job and work well.
As for licenses - yes, his license is "restrictive." But then your definition of "free" is restrictive too since it won't allow qmail to be part of Debian. And the problem is only with binary packages, so it really doesn't involve "open source" concepts. It involves packaging.
But I see your point and we'll leave it at that.
things I look at when it comes to missin critical software). Note that mydns is _not_ a caching server, but there are other free packages that do this job.
Like dnscache? :-)
