cTLD and DNS upgrade
Stephane Bortzmeyer
bortzmeyer at nic.fr
Thu Jul 7 09:09:25 UTC 2005
On Wed, Jul 06, 2005 at 10:24:04AM +1000,
Mark Andrews <Mark_Andrews at isc.org> wrote
a message of 55 lines which said:
> That doesn't require a configure option. I just requires a
> little reading.
I know these options and I'm fairly certain that the other
participants in that discussion know them too. I may not be able to
rewrite BIND from scratch but I can read the ARM.
The issue is security: as long as the code is there, in the running
instance of BIND, a cracker may find a way to exploit it. If the code
is not even there, it cannot be exploited. That's why a run-time
option is not a substitute for a compile-time option. That's why
authoritative-only name servers like nsd are nice, security-speaking:
they have much less code.
More information about the bind-users
mailing list