Re:BIND, djbdns, commercialization

[rkuhljr () uol com br]

> While the idea of another program to serve DNS isn't all that bad,
> I think jumping ship just because of one new policy isn't necessarily
> the most prudent thing to do.

The new policy may not be the only reason; the bugs in BIND 4/BIND 8 are making everyone consider what to use as 
replacement: BIND 9, djbdns or something else.

Both BIND 9 and djbdns have non-technical issues; BIND 9 licensing is good, but ISC sticks to security notification 
methods that are not. Licensing is a djbdns weakness.

> WRT djbdns:  I've had a moderate level of experience with it, and,
> while it seems interesting to an extent, operationally I've had several
> annoying encounters with it.

> When challenged, I seem to get the reply of "maybe some time later
> it will have that" or "that is insecure, djb doesn't support that".

What operational issues are annoying and in what daemons (dnscache, tiny-dns, axfr-dns, wall-dns) ? Needs like 
authoritative servers and recursive resolvers are different, and may be a djbdns/BIND9 mix can perform better.

> djbdns is also very infant - it's probably not popular enough for all
> the skr1pt k1dd13s to have an interest in hacking at, because finding
> a vulnerability in djbdns is about as useful to the "wreaker or havoc"
> as finding a master door and ignition key to a '58 pinto -- there's
> about 17 of them on the planet :-)

djb himself seems not to be very popular; I bet that are many people out there trying to find bugs in his software just 
to make him look silly.




Rubens Kuhl Jr.