BIND 9 vs BIND 8 speed
Simon Waters
Simon at wretched.demon.co.uk
Tue Oct 1 14:38:12 UTC 2002
Saad Kadhi wrote:
>
> so apart from features that are not yet implemented in BIND 9 (such as
> rrset-order...at least in 9.2.1), why would one use BIND 8 ?
Apathy....
BIND 9 appears to be more secure, most of the problems so far
have been DoS like, and the chroot set up is so much easier than
8.
However the stricter standard implementation does mean it isn't
always a drop in change, and some people seem to have a real
problem automating changes to a large number of zones.
No doubt others have built tools and environments around BIND 8,
and made their own bespoke migration headaches.
One of the big hold ups is the lack of backward compatibility,
vendors like SUN and HP can be slow to adopt these kind of
changes, and you have to wait till a major OS revision, and even
then some customers will expect the old configuration files to
work, or at least have an automated migration tool so they don't
have to think.
Other than the security angle, it isn't a compelling upgrade,
and we all know how much computer security motivates people to
make changes, heck IIS market share improved during the month of
Code Red! No doubt some of those who found BIND 8 security
problems a compelling reason to change went to DJBDNS, and they
will have no compelling reason to change again unless DNSSEC
becomes established, and in many of their eyes BIND 9 suffers by
association.
More information about the bind-users
mailing list