Direction of BIND development in regard to NT.

Jim Reid jim at rfc1035.com
Thu Dec 28 21:08:28 UTC 2000


>>>>> "Ted" == Ted Watson <t405405 at hotmail.com> writes:

    Ted> I'm upgrading name servers for a large government agency.  In
    Ted> the past we've deployed name servers in a hybrid Unix/NT
    Ted> mix. At one time the NT nameservers were shut down remotely
    Ted> by a denial of service attack. During this upgrade we would
    Ted> like to plan for the future and rethink the mix of servers.

I would hope that this DoS attack plays a significant factor in your
future decisions. :-)

    Ted> Apparently BIND9 is available only on Unix.  Can
    Ted> anyone here doing BIND development speak about NT vs Unix
    Ted> issues. Should we expect BIND to always be developed first on
    Ted> Unix and ported to NT?

Yes. Given that a large part of the funding for BIND development has
come from UNIX vendors and nothing has come from Microsoft, who have
their own DNS product, you can draw the obvious conclusion. Disclaimer:
this is not an official statement of any sort from Nominum. I'm not
authorised to make them.

    Ted> I'd like my primary to be a unix box
    Ted> but have a group of administrators who are intimidated by any
    Ted> non-Windows platform.

Hmmm. Why not train these people or get administrators who aren't
hampered by a point-and-click GUI?

    Ted> I've explored the Webmin DNS interface
    Ted> and it seems to work very well( and can be secured with X509
    Ted> certificates ).

Having just read "Secrets and Lies", I don't think you should be
placing any confidence in X.509 certificates, let alone believing they
secure anything. Doesn't an X.509 certificate only verify something's
identity - for some definition of "verify" and "identity"?



More information about the bind-users mailing list