SV: BIND 9.1.2 and TinyDNS???
Matt Simerson
mpsimerson at hostpro.com
Thu Jun 21 20:48:56 UTC 2001
> -----Original Message-----
> From: Kevin Darcy [mailto:kcd at daimlerchrysler.com]
> Sent: Tuesday, June 19, 2001 6:46 PM
> To: 'bind-users at isc.org'
> Subject: Re: SV: BIND 9.1.2 and TinyDNS???
>
> Matt Simerson wrote:
>
> > Folks will argue that you need to add more RAM
> > to your name server but that's a lame excuse for BIND's lack of memory
> > management. You can't stuff in enough RAM to cache the entire dns and
thus
> > you cannot have enough RAM to prevent BIND from being subject to DoS
attacks
> > by simply issuing valid queries to it.
>
> Yet another good argument for only serving one's own authoritative zones,
or at
> least denying recursion to, external and/or untrusted clients.
Yup. I agree 100%.
> I think your criticisms of BIND 9's memory management are a little
premature,
> since graceful-handling-of-out-of-resource-conditions is on the
upcoming-feature
> list. When it's done, you may find that it is actually comparable to or
superior
> to that of tinydns.
>
> - Kevin
I don't think it's premature at all. I did lots of testing over the last
couple months and BIND 9 crashes in exactly the same way as BIND 8 does when
I run it out of memory. Having it on the feature list doesn't make it work
any better today and that's the state I can test against. If the BIND 9 code
was bearing (as it should) designations like version 9.0.0b38 then that
argument could certainly be understandable. However, it's bearing release
numbers and I don't think it's unfair or premature to treat it as such.
Matt
More information about the bind-users
mailing list