John J. Trammell writes: > BIND is buggy: I'm a member of the "all software sucks" camp, so this > would have to be backed up with numbers for me to find it particularly > damning. There are some numbers on this page: http://cr.yp.to/djbdns/blurb/unbind.html The code base of BIND 9 is about twenty five times larger than that of djbdns. Sure, it has a few worthless extras that djbdns does not have, but none of them matter now in real world usage. I'll admit that I've never looked at the code to BIND, but I would be willing to bet money that the code to djbdns is of much higher quality. > When I look at the ISC BIND page, I see it's been about 6 > months since the last CERT advisory, and that was for BIND8. BIND 9 has had bugs that cause it to crash simply by sending it a DNS query. While DNS service (or any internet service) is vulnerable to serious denial of service attacks, this allows anyone to take down the server anonymously with any amount of bandwidth. That doesn't indicate quality. > But (as > has been said before) there have also been bugtraq entries for Apache, > SSH, and the Linux kernel. There must be *some* reason people > continue to use them. :-) People use Linux because it has marketing and momentum. It's also a kernel, which puts it in a completely different category from applications. I'm sure that all UNIX kernels have had security holes. Perhaps that is inevitable due to the complexity involved. Even the OpenBSD kernel has security holes and it omits features such as SMP in the name of security. There is not a good free alternative to OpenSSH. If there were, perhaps people would use it. Apache sucks, but at the moment it is the best thing available for free for users that need certain features such as PHP support. Zeus is (apparently) secure and a much better web server overall. But most people can't justify the cost, so they have to use Apache. I hope to change this soon by providing a free replacement for Apache that doesn't suck. > BIND is bloated: I have no problem running BIND on a 486SX with 32MB > RAM. Bloated compared to other DNS systems? Perhaps. Does this > cause problems on modern systems? No. Try serving thousands or hundreds of thousands of domains. BIND will get huge. tinydns and MyDNS won't. > BIND is difficult to administer: This is an opinion, one with which I > would disagree. Are other DNS systems easier to administer? Perhaps, > but that's another discussion. This page gives a nice comparison: http://cr.yp.to/djbdns/blurb/easeofuse.html I've run BIND, djbdns and MyDNS. djbdns and MyDNS are much easier to use. MyDNS is very easy to setup. The QUICKSTART file that comes with it has seven steps, which include creating the MySQL database and user. After that, you can use the included web interface for everything. Check out the manual if you'd like to see how easy it is to use: http://mydns.bboy.net/doc/html/ > As an aside, David, I appreciate the zeal with which you share your > knowledge and opinions. You might want to check out the Linux > Advocacy mini-HOWTO for ideas on other ways to go about it: I advocate the use of the best tool for the job. That is why I like qmail, djbdns, MyDNS, FreeBSD, Zeus, etc. I think it's silly for political issues to blind you from excellent software. Linux is good for some things, FreeBSD is better for others. But in the case of sendmail vs. qmail or BIND vs. djbdns, there is always a clear winner. -- David Phillips <david at acz.org> http://david.acz.org/ _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list