From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,3339c21cad84e30c X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2001-02-09 02:34:49 PST Path: supernews.google.com!sn-xit-02!supernews.com!news.tele.dk!134.222.94.5!npeer.kpnqwest.net!newsfeed.esat.net!tank.news.pipex.net!pipex!warm.news.pipex.net!pipex!news.kvaerner.com!news@kvaerner.com From: "Tarjei T. Jensen" Newsgroups: comp.lang.ada Subject: Re: BIND is Crying Out for Ada95 Date: Fri, 9 Feb 2001 10:16:57 +0100 Organization: Kvaerner Group IT Message-ID: <960cia$f54@news.kvaerner.com> References: <3A82D822.E93A2152@home.com> <87u264ap6p.fsf@deneb.enyo.de> NNTP-Posting-Host: 155.209.159.120 Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Newsreader: Microsoft Outlook Express 4.72.2120.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2120.0 Xref: supernews.google.com comp.lang.ada:5050 Date: 2001-02-09T10:16:57+01:00 List-Id: Florian Weimer wrote in message <87u264ap6p.fsf@deneb.enyo.de>... >"Warren W. Gay VE3WWG" writes: > >> If someone has the time, here is a perfect chance to put Ada95 >> into the forefront, with a well written Ada95 version of BIND, >> with fewer weekly exploits. It provides an essential service >> for just about ALL networked systems today (what an opportunity ;-) > >Ada wouldn't help here. Even if your DNS name server is more reliable, >DNS will still be subject to all kinds of attacks, because not only >BIND is insecure, the DNS protocol is inadequate, too. Actually, I think Ada would help because the current bind is a bit bloated and they may have problems getting a decent structure to the software. With a modular aproach to developing the software, it should be possible to go far. Especially since Ada has many of the features that is required for this sort of software. The nice thing about doing the server it that you can design your own resolver routines for the clients. That means that the current problems with the protocol can be fixed. You will of course have to support the old way for quite some time. On many modern Unixes the resolver routines queries the local nsd services which again determines wheter to send a query to the DNS server or use a cached result. This means that it is possible to change the query protocol without requiring the software to be re-compiled. For an alternative aproach to a DNS server you could try http://cr.yp.to/djbdns.html. DJB is not known for his modesty or diplomatic language, but he is not exactly stupid. His other software is at http://cr.yp.to/software.html. Greetings,