I personally, would not recommend changing to djbdns just because it is deemed secure. I don't believe djb's software is as secure as he strives to make us believe it is. I would rather invite all those Hackers to build a list of possible attack avenues and test BIND thoroughly to make it even secure. Although DJBDNS has some better design (may i say "protocol handling"?) when it comes to security, on the other hand, it lacks a lot of features, yet again the paradigm of features vs. security is put up, but what if we can get security and features and easy-of-use at once? don't you agree this would be better for us all?

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/125/17210#17210