Is Bind still broken?
dns
dns at aniota.com
Fri Nov 15 01:30:09 UTC 2002
... first , let me say i run bind:
i've read the comments regarding this question. most of the answers
share a similar odor to m$ vs. linux debates.
broken , it seems , taken in its most static meaning. the argument
that the internet "couldn't work if it was" relies on it, AND would fail
without that assumption. to my mind , an evolving set of 'serious'
security vulnerabilities does not sound all that 'fixed'. if bind
compared to , say , djbdns , then perhaps 'broken' takes on a more
realistic, and workable meaning.
all that aside , what troubles me more , is the reported way in
which bind's creators have chosen to address this latest security
problem. as i recall, isc knew a week before the initial 'public'
disclosure that a problem existed. that in and of itself , not all that
extraordinary. what is, is isc's providing their 'paying' customers with
fixes during that period.
if that state of affairs defines their attitude toward the 'great
unwashed' , i think it something "ALL" users of 'bind' need to consider
when choosing a dns solution ...
More information about the bind-users
mailing list