NS record question

Roy Arends Roy.Arends at nominum.com
Tue Mar 27 23:58:17 UTC 2001


On Tue, 27 Mar 2001, Bill Manning wrote:

> 
> % I can see your concerns. But I still rather see a team of professionals
> % responsible for implementing a standard, than some historic piece of code
> % created in an ancient lab by undergrads, by the grace of god picked up by
> % a professional who actually made it work and done something good with
> % it.
> % 
> % Regards,
> % 
> % Roy Arends
> % Nominum
> 
> 	roy,
> 	There is this little bit of wisdom from the security community.

Ah, as a former chair of a national CERT I can relate to that.

> 	small, simple bits of code that have had lots of public scrutiny
> 	tend to be more secure (not to mention faster) than large 
> 	chunks of new code, with new features and unknown/untested
> 	interactions. even when they were created in "ancient labs"
> 	by undergrads (kind of like IP.. no? :) and much respect to
> 	Paul, but there were/are many professionals who made v8 work
> 	in an open, sharing environment.

This was not exactly what I mean, though I agree with this point. Its
a snapshot in time. It would be fair to view both releases next to each
other in a few years. ie the frozen 8 code-base and the 9 code-base. Then
my point holds. Ofcourse this is not the case right now, but IMHO the
9 code-base is much better, let alone having a better start.

> 	For that reason alone, Bind 8 has -LOTS- of credibility in 
> 	the operational market. 

A little bit wisdom from the security community: They want a safer
dns. I'm talking about the protocol. Thats why there is DNSSEC, no matter
how you look at it, I only know of one implementation that follows
standards.

>       Its also true that the v9 release 
> 	schedule is enough to make one fondly remember the good ol
> 	days when cisco would do IOS releases about every 12 hours.
> 	When we get a release of v9 that lasts more than 4 weeks,
> 	we can talk about stability.  

Define stable. My version of stable is: Does what is supposed to do. Does
not fall over. No security bugs. No ad-hoc crashes. With that in mind Bind
9 is just (if not more) as stable as Bind 8. Stability is not measured in
release date deltas, nor defined by upgrade-hassles, but defined by
operational satisfaction.

Okay, so I lied, not the end of discussion for me.

Regards,

Roy Arends
Nominum



More information about the bind-users mailing list