[NTLUG:Discuss] Bind, Apache and Webmin...
Aaron Goldblatt
aaron at goldblatt.net
Thu Nov 8 20:11:55 CST 2001
> Unfortunately Danial's egotism also means incompatability with many
> things. djbdns will interoperate with other DNS's and tools for most
> stuff... but I believe there are some issues, especially with the
> newer security and ddns features. Of course Danial's implementation
It kind of depends on what you want. Personally, I'm paranoid about
Bind's security holes (which continue to pop up regularly enough that I
don't want to mess with it). It's been a while since Sendmail had a
system-blowing hole, but Bind's last couple were early this year.
And I'm also paranoid about abuse of DDNS. The LAST thing I need is
someone screwing with my authoritative name server mucking around with my
A records. Between that and Bind's habit of chewing up all available
memory for the cache, I'll take a pass.
Yes. Dr. Bernstein is a dick. Yes, you sometimes have to jump oddball
hoops to get his stuff working, and the people on his mailing lists are
remarkably intolorant of repetative questions and poorly written emails
that don't contain enough information. Even so, I've found qmail, djbdns,
ucspi and daemontools to be rock solid in terms of reliability, and there
hasn't been an exploit on one of them in years.
That's more important to me than DDNS. (Why would somebody need to
resolve a client managed with DHCP anyway? Servers should be assigned
statically to begin with!)
ag
More information about the Discuss
mailing list