Free, secure alternative to bind?
Danny Mayer
mayer at gis.net
Wed Mar 20 02:00:46 UTC 2002
At 07:55 PM 3/19/02, omegatron wrote:
>Hi.
>
>I'm looking for a secure name server daemon that will run on Linux or
>FreeBSD, but doesn't have the overhead of bind. There have also been
>rumors (admittedly, these are probably unfounded) about a remote bind
>9.x exploits.
Any remote BIND exploits are fixed and released right away. Mere
rumors are of no value. What did you hear and did you check the CHANGES
file to see if they were fixed?
>Initially, I do not plan on hosting any records for domains. I simply
>want to have a local name server that I can throw into
>/etc/resolv.conf. There is no need to have it answer queries from the
>outside. Perhaps bind is suitable for this, but I still want to know
>what alternatives are out there.
>
>Are there any free (even for commerical use), secure name server
>daemons out there that will suit my needs? I may want to host records
>in the future, but I won't have thousands of zones or complex
>configurations.
It's most unlikely that there are any free ones that are also secure (depending
on your meaning of secure). Nominum does sell a high performance DNS
server (not based on BIND) and will probably fit your definition of secure.
See http://www.nominum.com/services/gns/index.html for details.
>Also, if anyone can recommend a cheap and highly secure out-sourced
>DNS service, please let me know. I might consider paying a few bucks
>annually for a highly-available service. Especially since I can't
>afford to run more than one name server given my hosting costs.
Nominum also runs a hosting service if you wish to outsource this to them.
See above.
>Let me just say I don't want to get into an argument about how secure
>bind is, I'm just looking for alternatives and was wondering what else
>is being used out there. That's all.
There are very few non-BIND implementations of DNS, never mind secure.
Danny
More information about the bind-users
mailing list