[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: which dns server to use ?


On Tue, Apr 08, 2003 at 12:14:50PM -0700, Splash Tekalal wrote:

> At 03:17 PM 4/8/2003 +0200, you wrote:
> >Hi,
> >
> >On Tue, Apr 08, 2003 at 01:36:56PM +0200, Stephane Bortzmeyer wrote:
> >
> >> >      BIND     ( http://www.isc.org/products/BIND/ )
> >>
> >> Why not? The Apache of the DNS servers, feature-rich and very
> >> configurable.
> >
> >Apache is more elegant. The only thing that can equal BIND in terms of
> >bloat, root exploits and general ugliness is perhaps sendmail.
> Now, maybe I'm just ignorant, but are there any root exploits on Bind9? 
> (specifically 9.x, not anything older.. we know 8.x was unstable =P)

Well, maybe I'm just a bit cynical, but I don't think that any piece of
software can evolve to gain a more inherently secure design. Frankly, no
amount of partial rewrites would make me trust BIND.

Even if it would have been rewritten from scratch, I'd have some trouble
believing that it took them till 2001, but that now, finally, the ISC
understands that you shouldn't trust user input, that you should free
your mallocs, and, most importantly, that you should check if a string
fits before you copy it somewhere.

Some people think C makes these things hard, but I think that you can
only have as trouble as the ISC's been having with it if you have a
fundamentally broken programming style.

All IMHO, of course.



E-Advies - Emile van Bergen           emile@e-advies.nl      
tel. +31 (0)70 3906153           http://www.e-advies.nl    

Attachment: pgpASexfHdXnx.pgp
Description: PGP signature

Reply to: