John J. Trammell writes:
> BIND is buggy: I'm a member of the "all software sucks" camp, so this
> would have to be backed up with numbers for me to find it particularly
> damning.

There are some numbers on this page:

http://cr.yp.to/djbdns/blurb/unbind.html

The code base of BIND 9 is about twenty five times larger than that of
djbdns.  Sure, it has a few worthless extras that djbdns does not have, but
none of them matter now in real world usage.  I'll admit that I've never
looked at the code to BIND, but I would be willing to bet money that the
code to djbdns is of much higher quality.

> When I look at the ISC BIND page, I see it's been about 6
> months since the last CERT advisory, and that was for BIND8.

BIND 9 has had bugs that cause it to crash simply by sending it a DNS query.
While DNS service (or any internet service) is vulnerable to serious denial
of service attacks, this allows anyone to take down the server anonymously
with any amount of bandwidth.  That doesn't indicate quality.

> But (as
> has been said before) there have also been bugtraq entries for Apache,
> SSH, and the Linux kernel.  There must be *some* reason people
> continue to use them.  :-)

People use Linux because it has marketing and momentum.  It's also a kernel,
which puts it in a completely different category from applications.  I'm
sure that all UNIX kernels have had security holes.  Perhaps that is
inevitable due to the complexity involved.  Even the OpenBSD kernel has
security holes and it omits features such as SMP in the name of security.

There is not a good free alternative to OpenSSH.  If there were, perhaps
people would use it.

Apache sucks, but at the moment it is the best thing available for free for
users that need certain features such as PHP support.  Zeus is (apparently)
secure and a much better web server overall.  But most people can't justify
the cost, so they have to use Apache.  I hope to change this soon by
providing a free replacement for Apache that doesn't suck.

> BIND is bloated: I have no problem running BIND on a 486SX with 32MB
> RAM.  Bloated compared to other DNS systems?  Perhaps.  Does this
> cause problems on modern systems?  No.

Try serving thousands or hundreds of thousands of domains.  BIND will get
huge.  tinydns and MyDNS won't.

> BIND is difficult to administer: This is an opinion, one with which I
> would disagree.  Are other DNS systems easier to administer?  Perhaps,
> but that's another discussion.

This page gives a nice comparison:

http://cr.yp.to/djbdns/blurb/easeofuse.html

I've run BIND, djbdns and MyDNS.  djbdns and MyDNS are much easier to use.

MyDNS is very easy to setup.  The QUICKSTART file that comes with it has
seven steps, which include creating the MySQL database and user.  After
that, you can use the included web interface for everything.  Check out the
manual if you'd like to see how easy it is to use:

http://mydns.bboy.net/doc/html/

> As an aside, David, I appreciate the zeal with which you share your
> knowledge and opinions.  You might want to check out the Linux
> Advocacy mini-HOWTO for ideas on other ways to go about it:

I advocate the use of the best tool for the job.  That is why I like qmail,
djbdns, MyDNS, FreeBSD, Zeus, etc.  I think it's silly for political issues
to blind you from excellent software.

Linux is good for some things, FreeBSD is better for others.  But in the
case of sendmail vs. qmail or BIND vs. djbdns, there is always a clear
winner.

--
David Phillips <david at acz.org>
http://david.acz.org/


_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list