NS record question

Bill Manning bmanning at ISI.EDU
Tue Mar 27 20:20:43 UTC 2001

Not to irritate anyone -BUT- Bind 4 & 8 are roughly from the same code
base and the folks doing work on that code base are pretty much off
on other projects. But the code and its structures are pretty well known
and its fairly "light", e.g. less than 2 million lines of code.

The folks that did Bind 9 are still actively working on enhancing it
and (heavily) promoting it as the best/brightest code yet. The claim is
that it is "from scratch", although I expect that since some of the developers
also touched the previous code base(s) that it might not pass rigorous 
examination. Still, it looks pretty good and is nothing to sneaze at.
It is pretty "heavy" with lots of new features and untested interactions.

There are other varient of DNS, some from commercial vendors, some from
other sources with various levels of internal support.

All have their weaknesses and strengths. Social engineering aside, (such 
as insinuations about the veracity of other code) the KEY point is that
the domain name SYSTEM, which includes all the operational varients, should
be robust and resiliant in the face of attack.  Monoculture has known
problems, hence my desire to foster and encourage diversity within the 
deployed base.


More information about the bind-users mailing list