D&C Lug - Home Page
Devon & Cornwall Linux Users' Group

[ Date Index ][ Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]

bind sucks! (was: Re: [LUG] secure ftp?)



On Wednesday 10 April 2002 4:26 pm, Simon Waters wrote:

Urm - given the history 500% is ridiculous

BIND 8 last exploit was Jan 2001, BIND 9 has had no exploits.

exactly :p that leaves a whole 8 months for someone to find something!  I'll 
bet you £20 publicly that bind will have at least one exploit or major bug 
before 1/1/03 ? ;)

prividing that is, we are told about it - last i heard, bind security stuff 
was going to be discussed in a closed area where only members who pay and 
sign a NDA would be allowed ot access, and only peopel who need to (liek the 
isc, etc) would get access [1].  Though maybe i'm seeing only the bad side 
because i hate bind ;)

Root exploit from a program running as named, in a chroot
environment?

Sorry, i didn't mean remote *root* exploit, don't know why i typed that (apart 
from i was busy and typed it fast, as you can probably tell by my spelling 
:p) what i mean however, was a remote exploit minus the root bit ;).

And the pain involved to configure DJBDNS to conform to the
RFC's....

What pain is there to configure tinydns/dnscache to conform to the rfc's?

There are things tinydns does not support, but never anyhting that i, or i 
think any of you need ot support - nor the dns root servers for that matter.

Last benchmark I saw BIND 8 lookups are faster than the DJB
cache, because DJB opens a new socket everytime.

bind may be on par with response times and qps, but hwo much cpu time to both 
use in the process (both with logging off, or on) - i think you'll find 
tinydns beats the pants off bind 8 and 9 any day.

DJB serving component is faster, but hey if speed is the thing,
then MS DNS kicks ass and I don't think you'd want to run that.

If i trusted any core component of a business in microsoft, then id ask 
someone to come here and shoot me ;)

~ theo, still the bind hater ;)

[1] - <http://lwn.net/2001/0208/security.php3>

-- 

Theo Zourzouvillys
Research and Development
Notnet Limited

Tell the truth or trump--but get the trick.
               -- Mark Twain, "Pudd'nhead Wilson's Calendar"


--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe.


Lynx friendly