On Fri, Jul 16, 2004 at 05:26:58AM -0700, Scott Robinson wrote: > [This list is migthy verbose, so please respond both to the list and myself > directly.] > > I'm about to transition the DNS server from one Debian stable machine to > another. The current configuration is a chroot hack on top of the normal > bind package. > > I'm thinking this transition would be a great time to investigate the > alternative to bind. Bind, as I understand it, is notoriously buggy and > insecure. (thus the chroot) > > A few apt-cache searches later, and I turn up the following alternatives: > > maradns - A simple DNS server, aimed to be secure (http://www.maradns.org/) > djbdns-installer - Source only package for building djbdns (http://cr.yp.to/djbdns.html) > > I am a bit suprised. I expected a plethora of choices. :-\ > > maradns appears to be several versions behind (stable: 0.9.15-1) and after > surfing its homepage I wonder about its feature completeness and production > readiness. In short, maradns makes me nervous. > > djbdns seems like a great alternative, except it's not DFSG compliant. > Normally, this doesn't phase me. However, for our DNS server I would like > the peace of mind to know the software can and will be supported in the > future. Supposedly there have been no security bugs found thus far - but > offering a reward seems to me would discourage rather than encourage takers. > In short, djbdns makes me nervous too. > > Are there any other options I'm missing? Is there a reason for a lack of DNS > servers in the open source world? At the very least, I'm suprised no one has > started a project to implement one in a managed language. BIND 9, unlike previous version, is actually quite stable and secure. I'd recommend transitioning to that rather than to other DNS servers, because (AFAIK) it is much more full-featured than any other OSS DNS server. -- -- Skylar Thompson (skylar@cs.earlham.edu) -- http://www.cs.earlham.edu/~skylar/
Attachment:
pgpPuDJZQM0cd.pgp
Description: PGP signature