Håkon Alstadheim wrote:
Crayon Shin Chan wrote:
On Friday 11 May 2007 18:48, [EMAIL PROTECTED] wrote:
Poor security of bind is imho similar superstition as it is
for sendmail: once in the past this software had some problem,
so now a lot of people think they should forever avoid using it...
If the OP doesn't need any bind-specific feature then why not use djbdns
which has a better security track record. djb software are built from the
ground up to be secure (as is possible), he also splits the "program"
into smaller executables, each having a specific job thus making each of
them secure a simpler task. Whilst bind and sendmail have made
substantial efforts to be more secure, they are still built on legacy and
bloated monolithic code.
Just to fill in the picture a bit, the djb* software also has a long
"flip-the-bird-at-any-rfc-you-don't-like" track-record.
I generally agree with Håkon on this. :-).
The other issue is that djb likes to abandon his software after it's
"done". Things like DNSSEC and dynamic updates don't exist in djbdns and
aren't planned. They don't matter so much if you're just doing
authoritative DNS, but if you're doing interesting thing on your network
Bind is pretty much required.
kashani
--
[EMAIL PROTECTED] mailing list
