Re: My criticisms of DjbDNS

To:	Sam Trenholme <sam+djbdns@chaosring.org>
Subject:	Re: My criticisms of DjbDNS
From:	Cory Wright <cwright@standblue.net>
Date:	Thu, 15 Mar 2007 00:34:24 -0500
Cc:	dns@list.cr.yp.to
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	gmail-djbdns@securepoint.com
Delivered-to:	sp.com.list@gmail.com
Delivered-to:	mailing list dns@list.cr.yp.to
In-reply-to:	<20070315001818.772F8D7510C@mail.literati.org>
Mailing-list:	contact dns-help@list.cr.yp.to; run by ezmlm
References:	<20070315001818.772F8D7510C@mail.literati.org>


On Mar 14, 2007, at 7:18 PM, Sam Trenholme wrote:

This goes back to the djbdns license; the person who blamed theuser for
a djbdns problem really had no other choice. He could not patch djbdns
and distribute a modified djbdns to fix the issue.

This is an often cited issue, but I am a little curious about who allthese people are that have the need to distribute modified versionsof djbdns. If you need to distribute custom packages internallyamong your own systems it isn't really a problem. Maybe it is aproblem for distributors such as Red Hat and Novell, but Debian andUbuntu have found ways around the licensing issue and still providepackages (although they are source builds). Who are all these peoplewho are anxious to distribute modified versions of djbdns?

The only issue I have here is that DJB has not applied simple updatesto djbdns, such as the /etc/dnsroots.global patch for the currentroot servers, thus causing a somewhat misconfigured system out of thebox. I know it is simple to update/patch, but it seems it would bejust as easy for DJB to update the source as well. Same for theerrno.h change to conf-cc.

Djbdns was the best DNS option available when it came out. That was
over five years ago. Since then, the internet has changed anddjbdns has
not kept up.

Although the Internet has changed over the last five years, I do notbelieve there have been any significant changes to DNS in that time.djbdns is just as good a choice today as it was when it was released(or better, as it now has a 5+ year reliability record).

Now that BIND9 and MaraDNS have a proven security record,

As someone who has run a large BIND system in the past, I can saythat it's security issues are only one part of the problem. Thestartup time on systems with over 300k domains is simplyunacceptable, even on massive hardware. This alone was reason enoughto switch to tinydns.

I would personally like to see an updated "DNS Server Survey" to seewhat level of adoption djbdns (particularly tinydns) has these days.The most recent survey I can find is from 2004, although DJB's ownsurvey is even older.


Cory

--
Cory Wright
http://ants.wynand.com/

<Prev in Thread]	Current Thread	[Next in Thread>
My criticisms of DjbDNS, Sam Trenholme Re: My criticisms of DjbDNS, Jeremy Kister Re: My criticisms of DjbDNS, John Levine Re: My criticisms of DjbDNS, Daryl Tester Re: My criticisms of DjbDNS, Amitai Schlair Re: My criticisms of DjbDNS, Fernando Milovich Re: My criticisms of DjbDNS, Andy Bradford Re: My criticisms of DjbDNS, Seth Kurtzberg Re: My criticisms of DjbDNS, Andy Bradford Re: My criticisms of DjbDNS, Lars Hansson Re: My criticisms of DjbDNS, Cory Wright <= Re: My criticisms of DjbDNS, Felix von Leitner Re: My criticisms of DjbDNS, Pete Ehlke Re: My criticisms of DjbDNS, Lars Hansson Re: My criticisms of DjbDNS, Faried Nawaz Re: My criticisms of DjbDNS, Jakob Hirsch Re: My criticisms of DjbDNS, Richard Letts Re: My criticisms of DjbDNS, W.D.McKinney

Previous by Date:	SRV no need to patch?, jepoy
Next by Date:	Re: SRV no need to patch?, Lars Hansson
Previous by Thread:	Re: My criticisms of DjbDNS, Lars Hansson
Next by Thread:	Re: My criticisms of DjbDNS, Felix von Leitner
Indexes:	[Date] [Thread] [Top] [All Lists]