Free, secure alternative to bind?
Will Yardley
william-nospam-newdream-net at no.spam.veggiechinese.net
Wed Mar 20 01:29:11 UTC 2002
In article <a78o27$8v8 at pub3.rc.vix.com>, omegatron wrote:
>
> I'm looking for a secure name server daemon that will run on Linux or
> FreeBSD, but doesn't have the overhead of bind. There have also been
> rumors (admittedly, these are probably unfounded) about a remote bind
> 9.x exploits.
well there are other nameservers (i won't mention their names), but
talking about them here will probably get you flamed.
i'd suggest asking about this in a different forum, as this forum is for
discussion of bind.
you might ask on a non-bind related dns newsgroup or mailing list.
> Initially, I do not plan on hosting any records for domains. I simply
> want to have a local name server that I can throw into
> /etc/resolv.conf. There is no need to have it answer queries from the
> outside. Perhaps bind is suitable for this, but I still want to know
> what alternatives are out there.
well if you only listen on the loopback interface (or only on your local
network), a remote exploit would be difficult, no?
running bind chrooted and as an unprivileged user is a good idea as
well. if you use common sense and follow documentation about securing
bind that's widely available, you shouldn't have any problems.
> Let me just say I don't want to get into an argument about how secure
> bind is, I'm just looking for alternatives and was wondering what else
> is being used out there. That's all.
some people like djbdns and / or maradns:
http://www.maradns.org/
http://cr.yp.to/djbdns.html
many people here do *not* like djbdns and / or djb himself. i am
personally not a fan (to put it mildly), but dnscache (the caching part
of djbdns) may be just what you're looking for.
--
No copies, please.
To reply privately, simply reply; don't remove anything.
More information about the bind-users
mailing list