Re: BIND is Crying Out for Ada95

["Tarjei T. Jensen" <tarjei.jensen@kvaerner.com>]

Florian Weimer wrote in message <87u264ap6p.fsf@deneb.enyo.de>...
>"Warren W. Gay VE3WWG" <ve3wwg@home.com> writes:
>
>> If someone has the time, here is a perfect chance to put Ada95
>> into the forefront, with a well written Ada95 version of BIND,
>> with fewer weekly exploits. It provides an essential service
>> for just about ALL networked systems today (what an opportunity ;-)
>
>Ada wouldn't help here. Even if your DNS name server is more reliable,
>DNS will still be subject to all kinds of attacks, because not only
>BIND is insecure, the DNS protocol is inadequate, too.

Actually, I think Ada would help because the current bind is a bit bloated and
they may have problems getting a decent structure to the software. With a
modular aproach to developing the software, it should be possible to go far.
Especially since Ada has many of the features that is required for this sort of
software.

The nice thing about doing the server it that you can design your own resolver
routines for the clients. That means that the current problems with the
protocol can be fixed. You will of course have to support the old way for quite
some time.

On many modern Unixes the resolver routines queries the local nsd services
which again determines wheter to send a query to the DNS server or use a cached
result. This means that it is possible to change the query protocol without
requiring the software to be re-compiled.

For an alternative aproach to a DNS server you could try
http://cr.yp.to/djbdns.html. DJB is not known for his modesty or diplomatic
language, but he is not exactly stupid. His other software is at
http://cr.yp.to/software.html.


Greetings,