From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.62) (envelope-from ) id 1HmZaz-0002hX-Cs for garchives@archives.gentoo.org; Fri, 11 May 2007 18:12:02 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l4BIAm5e004294; Fri, 11 May 2007 18:10:48 GMT Received: from www01.badapple.net (www01.badapple.net [64.79.219.163]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l4BI6TeR032038 for ; Fri, 11 May 2007 18:06:30 GMT Received: from [10.72.229.31] (unknown [207.126.230.232]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: ramin@badapple.net) by www01.badapple.net (Postfix) with ESMTP id EBAC879680A0 for ; Fri, 11 May 2007 11:06:28 -0700 (PDT) Message-ID: <4644B0A4.2090806@badapple.net> Date: Fri, 11 May 2007 11:06:28 -0700 From: kashani User-Agent: Thunderbird 2.0.0.0 (Windows/20070326) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] {OT} web/mail server as nameserver References: <49bf44f10705101329l2b0a207cif8c2399ed99623ea@mail.gmail.com> <200705111428.46547.crayon.shin.chan.uk@gmail.com> <20070511104800.8660@gmx.net> <200705112107.59206.crayon.shin.chan.uk@gmail.com> <4644A32C.7060104@alstadheim.priv.no> In-Reply-To: <4644A32C.7060104@alstadheim.priv.no> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by robin.gentoo.org id l4BIAm5u004294 X-Archives-Salt: a97f6850-040a-4c7c-b091-1b51a2b2907f X-Archives-Hash: fc23a292118a6fee3ee472f00e2fdcda H=E5kon Alstadheim wrote: > Crayon Shin Chan wrote: >> On Friday 11 May 2007 18:48, jarry@gmx.net wrote: >>=20 >>> Poor security of bind is imho similar superstition as it is >>> for sendmail: once in the past this software had some problem, >>> so now a lot of people think they should forever avoid using it... >>> =20 >> If the OP doesn't need any bind-specific feature then why not use djbd= ns=20 >> which has a better security track record. djb software are built from = the=20 >> ground up to be secure (as is possible), he also splits the "program"=20 >> into smaller executables, each having a specific job thus making each = of=20 >> them secure a simpler task. Whilst bind and sendmail have made=20 >> substantial efforts to be more secure, they are still built on legacy = and=20 >> bloated monolithic code. >> >> =20 > Just to fill in the picture a bit, the djb* software also has a long > "flip-the-bird-at-any-rfc-you-don't-like" track-record. >=20 I generally agree with H=E5kon on this. :-). The other issue is that djb likes to abandon his software after it's=20 "done". Things like DNSSEC and dynamic updates don't exist in djbdns and=20 aren't planned. They don't matter so much if you're just doing=20 authoritative DNS, but if you're doing interesting thing on your network=20 Bind is pretty much required. kashani --=20 gentoo-user@gentoo.org mailing list