There is an alternative to this insanity. It's called djbdns, and it is
proven secure, and proven reliable. I've been using it in production for a
year now, and performance has been flawless. Thousands of other
administrators will offer the same assessment. BIND is a security mess -
that's an empirical fact that can't be denied by anyone who has been on
the net any appreciable amount of time.
Why worry about timelines for advisories or patches or updates concerning
this core service of the internet? Far easier to use software that has been
proven to be secure and reliable from concept to execution (pun intended).
http://cr.yp.to/djbdns.html
MODERATORS: considering the 100% 'meta' quality of the post i'm replying
to, i certainly hope that you'll post this 'advisory'. People need to be
aware that there are alternatives to BIND. It's a disservice to the
community to *not* allow through a pointer to software that could save tens
of thousands of administrators this endlessly repeating headache of systems
being vulnerable to exploit via one of the single most crucial parts of th
internet infrastructure - DNS. all you need to do is look at the history of
exploits for bind, and compare it to djbdns - even if you throw out all the
years of data for BIND from before djbdns's release.
At 06:41 AM 11/14/2002, Olaf Kirch wrote:
>The whole thing was a mess. Timelines for the publication of _anything_,
>from advisories to patches to updates, were either non-existing or
>shifting all the time.
Paul Theodoropoulos
http://www.anastrophe.com
http://folding.stanford.edu
The Nicest Misanthrope on the Net
There is an alternative to this insanity. It's called djbdns, and it is
proven secure, and proven reliable. I've been using it in production for a
year now, and performance has been flawless. Thousands of other
administrators will offer the same assessment. BIND is a security mess -
that's an empirical fact that can't be denied by anyone who has been on
the net any appreciable amount of time.
Why worry about timelines for advisories or patches or updates concerning
this core service of the internet? Far easier to use software that has been
proven to be secure and reliable from concept to execution (pun intended).
http://cr.yp.to/djbdns.html
MODERATORS: considering the 100% 'meta' quality of the post i'm replying
to, i certainly hope that you'll post this 'advisory'. People need to be
aware that there are alternatives to BIND. It's a disservice to the
community to *not* allow through a pointer to software that could save tens
of thousands of administrators this endlessly repeating headache of systems
being vulnerable to exploit via one of the single most crucial parts of th
internet infrastructure - DNS. all you need to do is look at the history of
exploits for bind, and compare it to djbdns - even if you throw out all the
years of data for BIND from before djbdns's release.
At 06:41 AM 11/14/2002, Olaf Kirch wrote:
>The whole thing was a mess. Timelines for the publication of _anything_,
>from advisories to patches to updates, were either non-existing or
>shifting all the time.
Paul Theodoropoulos
http://www.anastrophe.com
http://folding.stanford.edu
The Nicest Misanthrope on the Net
[ reply ]