bind sucks! (was: Re: [LUG] secure ftp?)

To: list@xxxxxxxxxxxx
Subject: bind sucks! (was: Re: [LUG] secure ftp?)
From: Theo Zourzouvillys <theo@xxxxxxxxxxxxxxxx>
Date: Wed, 10 Apr 2002 18:57:05 +0100
Reply-to: list@xxxxxxxxxxxx

On Wednesday 10 April 2002 4:26 pm, Simon Waters wrote:

Urm - given the history 500% is ridiculous

BIND 8 last exploit was Jan 2001, BIND 9 has had no exploits.


exactly :p that leaves a whole 8 months for someone to find something!  I'll 
bet you £20 publicly that bind will have at least one exploit or major bug 
before 1/1/03 ? ;)

prividing that is, we are told about it - last i heard, bind security stuff 
was going to be discussed in a closed area where only members who pay and 
sign a NDA would be allowed ot access, and only peopel who need to (liek the 
isc, etc) would get access [1].  Though maybe i'm seeing only the bad side 
because i hate bind ;)

Root exploit from a program running as named, in a chroot
environment?


Sorry, i didn't mean remote *root* exploit, don't know why i typed that (apart 
from i was busy and typed it fast, as you can probably tell by my spelling 
:p) what i mean however, was a remote exploit minus the root bit ;).

And the pain involved to configure DJBDNS to conform to the
RFC's....


What pain is there to configure tinydns/dnscache to conform to the rfc's?

There are things tinydns does not support, but never anyhting that i, or i 
think any of you need ot support - nor the dns root servers for that matter.

Last benchmark I saw BIND 8 lookups are faster than the DJB
cache, because DJB opens a new socket everytime.


bind may be on par with response times and qps, but hwo much cpu time to both 
use in the process (both with logging off, or on) - i think you'll find 
tinydns beats the pants off bind 8 and 9 any day.

DJB serving component is faster, but hey if speed is the thing,
then MS DNS kicks ass and I don't think you'd want to run that.


If i trusted any core component of a business in microsoft, then id ask 
someone to come here and shoot me ;)

~ theo, still the bind hater ;)

[1] - <http://lwn.net/2001/0208/security.php3>

-- 

Theo Zourzouvillys
Research and Development
Notnet Limited

Tell the truth or trump--but get the trick.
               -- Mark Twain, "Pudd'nhead Wilson's Calendar"


--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe.

Re: bind sucks! (was: Re: [LUG] secure ftp?)
- From: Simon Waters

References:
- Re: [LUG] secure ftp?
  - From: Jon Still
- Re: [LUG] secure ftp?
  - From: Theo Zourzouvillys
- Re: [LUG] secure ftp?
  - From: Simon Waters

Prev by Date: Re: RE:[LUG] Can't stop printing
Next by Date: [LUG] Mandrake 8.2
Previous by thread: Re: [LUG] secure ftp?
Next by thread: Re: bind sucks! (was: Re: [LUG] secure ftp?)
Index(es):
- Date
- Thread

Lynx friendly