bmanning at karoshi.com
Mon Jan 5 22:45:27 UTC 2004
> In article <btc9o7$1bti$1 at sf1.isc.org>, Isaac Grover wrote:
> > djbdns. Djbdns claims to be more secure and more stable than bind,
> AFAIK there are no known exploits of djbdns. BIND 9 was a complete
> rewrite, and AFAIK the same is true of BIND 9. Don't let unsubstantiated
> claims of better security sway you. Find out exactly what they mean.
no -published- exploits.
> It is true that older versions of BIND have a poor history of security
> I ran djbdns for a long time. I am not aware of it ever having crashed.
> I have switched (in some places, am switching) to BIND, and I have not
> seen it crash either.
I've seen dropped queries on a TinyDNS server.
> > and also claims to be widely used on high-traffic open-source
> I don't think djbdns is nearly so widely-used as BIND, and for good
> reason. One thing Prof. Bernstein is not likely to mention is that his
> server suite is not standards-compliant. If you research his complaints
> against BIND, it seems that many of them are complaints against the
> standards, which BIND implemented, and djbdns did not. ISC has never
> seen "throw out the standards and make some up" as a viable option.
TinyDNS is used on some "high profile" delegations.
Recent analysis of .COM, .DE, and .ARPA trees shows TinyDNS
runs on ~4% of the servers and BIND varients run on ~80% of
the servers. Software distribution matricies by TLD should
be ready for the upcoming RIPE mtg.
More information about the bind-users