[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
Theo Zourzouvillys wrote:
bind9 users report it crashing on portscans, and writing over zone files.
I've never seen a BIND 9 crash - I know from changelogs that assertion failures are possible, but I regard that as a design decision, and I've never seen it.
Based on binds expoit history, the chances of their being a remote root exploit in it within any one year is somethign silly like 500% ;)
Urm - given the history 500% is ridiculous BIND 8 last exploit was Jan 2001, BIND 9 has had no exploits. Root exploit from a program running as named, in a chroot environment?
How many lines of code are their in bind 9? how mnay are there in bind 8? how many are there in djbdns? how much memory does 12.5k records take up once loaded into memory with bind and djbdns? djb also offers a $500 dollar to someone who finds an explot in djbdns, something which still has not been claimed a few years later. It's never had a security problem.
I agree BIND 9 is big, it also implements all the current DNS standards that is a reference implementations job.
Yeah, djb is a tosser [1] and i really don't like what i know of him or the attitude he shows, but one good thing about him is the code he writes, it's some of the best around, certianly very secure, compact, and maintainable. The only other thing about djbdns is it's license, which is a bit odd, though not a problem to anyone running it, just distributing it/changes.
And the pain involved to configure DJBDNS to conform to the RFC's....
Can anyone claim that for bind?
The root name servers are doing okay ;) I don't routinely manage any DNS servers that busy, but my testing of BIND 9 showed no major issues.
Its still only using 2mb ram a year later. one copy of tinydns i'm running is using under 2 mb of ram for 11,543 records. it's also a lot faster/non-cpu-intensive than BIND - how mnay lookups per second can BIND handle, and how many secs CPU does it use for that?
Last benchmark I saw BIND 8 lookups are faster than the DJB cache, because DJB opens a new socket everytime. DJB serving component is faster, but hey if speed is the thing, then MS DNS kicks ass and I don't think you'd want to run that. -- "Don't get me started on intuitive. You know what's intuitive? Fear of heights. Everything else we call intuitive, such as walking or using a pencil took years of practice." - Don Norman -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.