Don't provide promiscuous proxy DNS service

D. J. Bernstein 75628121832146-bind at sublist.cr.yp.to
Thu Sep 6 05:16:28 UTC 2001


Kevin Darcy writes:
> it appears that you're trying to use this terminology shift to prove
> that djbdns's structure (in which the so-called "proxy server"
> component is separated from the so-called "content server" component)
> is superior to BIND's.

As for terminology: The djbdns documentation uses ``DNS client'' and
``DNS cache'' and ``DNS server.'' RFC 1035, one of the DNS standards,
has a clear picture of these three different pieces on page 6.

As for superiority: The DNS-and-BIND book, in the ``Securing Your Name
Server'' section, specifically recommends keeping caches separate from
servers, for the same reasons that they're separate in djbdns.

---Dan


More information about the bind-users mailing list