From: Florian Weimer <fw@deneb.enyo.de>
Subject: Re: BIND
Date: Sun, 25 Apr 2004 23:43:08 +0200
Date: 2004-04-25T23:43:08+02:00 [thread overview]
Message-ID: <87brlfhgyb.fsf@deneb.enyo.de> (raw)
In-Reply-To: 87llkjhm4o.fsf@insalien.org
Ludovic Brenta <ludovic.brenta@insalien.org> writes:
> Bugs in BIND that nobody cares to fix because of design problems or
> source code that is too difficult to read and debug.
The BIND 9 source code isn't too bad, actaully.
> Common knowledge that BIND is so insecure that nobody but the most
> inexperienced sysadmins will run it outside a chroot jail.
BIND 9 is quite okay. Keep in mind that so far, no buffer overflow
bug has been discovered in the BIND 9 proper. Compare that to the
GNAT run-time library. 8-/
> Concerns with the long-term security threats posed by BIND's
> inherent problems, as well as the monoculture associated with BIND.
There isn't quite a monoculture, BIND 8 and 9 are very different
beasts. However, you really shouldn't run BIND 8.
You can use RIPE nsd for authoritative servers, if you want. It's
also much smaller and aims at bug-for-bug compatibility with BIND 8.
BIND 9 on full resolvers is very hard to replace with anything else,
though.
> Heck, I don't even _need_ a reason why I should write a program, if
> it's free software and if I do it on my spare time. My reason is:
> Just to have fun, okay?
Writing a BIND replacement is not fun. Maybe writing a DNS server,
but certainly not a BIND replacement.
> 60 kSLOC is not large, and it can be done by a single person (BIND was
> indeed written mostly by a single person)
Which one of the BINDs? BIND 9 had a team of several developers
working full time on it, IIRC.
I'd rather see a industry-strength Ada implementation of TLS and
X.509. Right now, the OpenSSL monoculture worries me far more than
BIND.
--
Current mail filters: many dial-up/DSL/cable modem hosts, and the
following domains: atlas.cz, bigpond.com, di-ve.com, netscape.net,
postino.it, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr.
next prev parent reply other threads:[~2004-04-25 21:43 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-04-21 20:34 BIND Andrew Carroll
2004-04-23 11:22 ` BIND Craig Carey
2004-04-25 16:03 ` BIND Alexei Polkhanov
2004-04-25 16:38 ` BIND Alexei Polkhanov
2004-04-25 17:59 ` BIND Lutz Donnerhacke
2004-04-25 19:51 ` BIND Ludovic Brenta
2004-04-25 21:43 ` Florian Weimer [this message]
2004-04-25 21:38 ` BIND Florian Weimer
2004-04-26 0:34 ` BIND Wes Groleau
2004-04-26 8:31 ` BIND Björn Persson
[not found] <20040428100019.6CFF34C4094@lovelace.ada-france.org>
2004-04-28 18:53 ` BIND Andrew Carroll
[not found] <20040425224751.C907A4C4136@lovelace.ada-france.org>
2004-04-26 5:50 ` BIND Andrew Carroll
2004-04-26 16:36 ` BIND chris
2004-04-26 17:14 ` BIND Warren W. Gay VE3WWG
2004-04-26 19:36 ` BIND Lutz Donnerhacke
2004-04-26 22:58 ` BIND Alexei Polkhanov
2004-04-27 7:53 ` BIND Georg Bauhaus
2004-04-27 9:08 ` BIND Lutz Donnerhacke
2004-04-28 2:34 ` BIND David Starner
2004-04-28 4:41 ` BIND Alexei Polkhanov
2004-04-28 11:46 ` BIND Marius Amado Alves
[not found] <20040417180041.E2BC84C412A@lovelace.ada-france.org>
2004-04-17 20:26 ` BIND Andrew Carroll
2004-04-17 23:40 ` BIND Jeffrey Carter
2004-04-17 23:45 ` BIND Jeffrey Carter
2004-04-21 17:01 ` BIND Warren W. Gay VE3WWG
[not found] <20040417013014.C95C44C40C2@lovelace.ada-france.org>
2004-04-17 18:43 ` BIND Andrew Carroll
2004-04-17 19:07 ` BIND Ludovic Brenta
2004-04-18 11:58 ` BIND Lutz Donnerhacke
[not found] <20040414085518.06CE34C40D0@lovelace.ada-france.org>
2004-04-16 21:34 ` BIND Andrew Carroll
2004-04-16 23:16 ` BIND Ludovic Brenta
2004-04-17 2:19 ` BIND Lutz Donnerhacke
2004-04-17 22:26 ` BIND those who know me have no need of my name
2004-04-18 12:01 ` BIND Lutz Donnerhacke
2004-04-21 17:00 ` BIND Warren W. Gay VE3WWG
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox