bill bmanning at
Mon Jan 5 22:45:27 UTC 2004

> In article <btc9o7$1bti$1 at>, Isaac Grover wrote:
> > djbdns.  Djbdns claims to be more secure and more stable than bind,
> AFAIK there are no known exploits of djbdns. BIND 9 was a complete
> rewrite, and AFAIK the same is true of BIND 9. Don't let unsubstantiated
> claims of better security sway you. Find out exactly what they mean.

	no -published- exploits.

> It is true that older versions of BIND have a poor history of security
> issues.

	True enough.

> I ran djbdns for a long time. I am not aware of it ever having crashed.
> I have switched (in some places, am switching) to BIND, and I have not
> seen it crash either.

	I've seen dropped queries on a TinyDNS server.

> > and also claims to be widely used on high-traffic open-source
> I don't think djbdns is nearly so widely-used as BIND, and for good
> reason. One thing Prof. Bernstein is not likely to mention is that his
> server suite is not standards-compliant. If you research his complaints
> against BIND, it seems that many of them are complaints against the
> standards, which BIND implemented, and djbdns did not. ISC has never
> seen "throw out the standards and make some up" as a viable option.

	TinyDNS is used on some "high profile" delegations.
	Recent analysis of .COM, .DE, and .ARPA trees shows TinyDNS
	runs on ~4% of the servers and BIND varients run on ~80% of
	the servers.  Software distribution matricies by TLD should
	be ready for the upcoming RIPE mtg.


More information about the bind-users mailing list