On Thu, Jul 04, 2002 at 11:45 +0200, andre wrote:
>
> i guess i like & understand bind, the same reason why i don't replace
> sendmail with qmail (also from dan), but will have to start looking
> at other app's.

Well, things are a little different, don't mix them this easily.

The sendmail software doesn't deserve the reputation it still is
said to have (it has been cleaned up and has been showing quite
a good security track for the past few years). And some people
seem to have an urgent need for the latest functionality and
therefor cannot move to "dead" software (denying the POV that
one could as well call it "proven to stably run unchanged for
several years since the base is there and works flawlessly" :).

BIND is a totally different beast. It's bloated and complicated
just to provide features which very few people really need. As
long as you merely have to serve IPv4 zones (forward and reverse),
run a DNS cache and do a little AXFR there's absolutely *no*
technical reason to use anything else but djbdns. It has been
designed for ease and clarity, ran chrooted and with dropped
privileges from day zero, is reasonably fast and hums along on
low resources. On top you can get "bouncers" for private IP
addresses (to eliminate useless timeouts), load balancers or
split view databases, and RBL functionality should you want to.
You don't have to HUP or stop/start the server for updates and
it's right there after you start it. What else would you want
or even expect a DNS server to do or act like?

If you are sick of your quarterly BIND upgrade or cleaning up
after a compromise -- or the even better motivation: want to
actually know why you refuse to switch to djbdns -- I strongly
suggest you look at http://cr.yp.to/djbdns.html yourself (you
don't mindlessly repeat the "all the world is BIND" mumble, do
you?). Feel free to compare the two programs. Feel free to
return to BIND should you desperately miss one of its features.
But I really doubt this. "I haven't known something else until
now" is not a very convincing reason to take the pain any
longer. While you definitely get a huge gain from switching
to djbdns without any regression in your every day work.

virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76
Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittiggmx.net

-- 
     If you don't understand or are scared by any of the above
             ask your parents or an adult to help you.
-- 
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]