BIND vs DNS Commander

D. J. Bernstein 75628121832146-bind at sublist.cr.yp.to
Tue Apr 17 04:24:52 UTC 2001


Brad Knowles writes:
> I don't really want to get into a flamewar here, but Dan's stuff
> violates the standard, and can't handle things like a split-horizon 
> DNS, IPv6, IPSEC, TSIG, or much of anything else.

You are making false statements, Brad, in reckless disregard of the
truth. That's libel. It's against the law. Please cut it out.

Unlike every version of BIND that I've checked, djbdns complies with the
required DNS standards. It can easily handle split-horizon DNS. It has
no trouble with IPv6 records. It works transparently with IPSEC.

The one correct part of your statement is that djbdns doesn't support
TSIG. But TSIG is pointless in a world of ssh and IPSEC.

On the flip side, djbdns has many advantages over BIND for sysadmins,
users, and programmers. See http://cr.yp.to/djbdns/ad.html.

> Moreover, I do not believe that you can just arbitrarily decide 
> to ignore certain parts of the standard if you feel that you don't 
> like them, and this is precisely what Dan has done.

Brad, where did you acquire your awful habit of inventing quotes and
opinions and decisions from other people? Do you not understand that
you're lying?

> Finally, I do not believe that you should be trusting your systems to
> code that Dan defines to be secure simply because he says so,

Brad, have you read http://cr.yp.to/djbdns/ad/security.html and
http://cr.yp.to/djbdns/guarantee.html? You would have to be insane to
summarize these pages as ``simply because he says so.''

> and whenever someone identifies a flaw in one of his programs he 
> says things like "works as designed", or otherwise does whatever it 
> takes to avoid calling that flaw a "bug".

When you were a child, Brad, did you have a painful experience with
honesty? There must be some explanation for your behavior.

---Dan


More information about the bind-users mailing list