bind vs djbdns
Jim Reid
jim at rfc1035.com
Tue Sep 5 08:46:04 UTC 2000
>>>>> "Dan" == D J Bernstein <75628121832146-bind at sublist.cr.yp.to> writes:
Dan> Brief answers to your other questions: DNS over TCP, IXFR,
Dan> NOTIFY, and BIND's pathetic anti-forgery mechanisms have
Dan> already been discussed.
...and your server doesn't implement or support them. You have
repeatedly failed to give straight answers to straight questions on
these topics. Your evasiveness and bluster speaks volumes. That hardly
consitututes a discussion. It's possibly a dialogue with the deaf, but
it's not been a discussion. And once again, you deliberately confuse
implementation with protocol standards. DNSSEC and TSIG - what I
presume you mean by "pathetic anti-forgery mechanisms" - are official
IETF-approved standards. [BTW, what's "pathetic" about using
high-grade crypto and hash algorithms to digitally sign DNS packets?]
BIND happens to implement those open and interoperable standards. Your
code doesn't. If you think the protocols are broken, why do
persistently smear BIND instead of criticising those protocols
directly? Oh, and if you believe that TSIG and DNSSEC are defective,
why don't you work with the IETF to improve them or replace them with
something better?
It's a great pity that you can't or won't use your talent to improve
open and interoperable protocol standards for the benefit of everyone.
More information about the bind-users
mailing list