SV: BIND 9.1.2 and TinyDNS???
Kevin Darcy
kcd at daimlerchrysler.com
Wed Jun 20 01:45:54 UTC 2001
Matt Simerson wrote:
> Folks will argue that you need to add more RAM
> to your name server but that's a lame excuse for BIND's lack of memory
> management. You can't stuff in enough RAM to cache the entire dns and thus
> you cannot have enough RAM to prevent BIND from being subject to DoS attacks
> by simply issuing valid queries to it.
Yet another good argument for only serving one's own authoritative zones, or at
least denying recursion to, external and/or untrusted clients.
I think your criticisms of BIND 9's memory management are a little premature,
since graceful-handling-of-out-of-resource-conditions is on the
upcoming-feature list. When it's done, you may find that it is actually
comparable to or superior to that of tinydns.
- Kevin
More information about the bind-users
mailing list