[NTLUG:Discuss] Bind, Apache and Webmin...

[Aaron Goldblatt]

> Unfortunately Danial's egotism also means incompatability with many
> things.  djbdns will interoperate with other DNS's and tools for most
> stuff... but I believe there are some issues, especially with the
> newer security and ddns features.  Of course Danial's implementation

It kind of depends on what you want.  Personally, I'm paranoid about 
Bind's security holes (which continue to pop up regularly enough that I 
don't want to mess with it).  It's been a while since Sendmail had a 
system-blowing hole, but Bind's last couple were early this year.

And I'm also paranoid about abuse of DDNS.  The LAST thing I need is 
someone screwing with my authoritative name server mucking around with my 
A records.  Between that and Bind's habit of chewing up all available 
memory for the cache, I'll take a pass.

Yes. Dr. Bernstein is a dick.  Yes, you sometimes have to jump oddball 
hoops to get his stuff working, and the people on his mailing lists are 
remarkably intolorant of repetative questions and poorly written emails 
that don't contain enough information.  Even so, I've found qmail, djbdns, 
ucspi and daemontools to be rock solid in terms of reliability, and there 
hasn't been an exploit on one of them in years.

That's more important to me than DDNS.  (Why would somebody need to 
resolve a client managed with DHCP anyway?  Servers should be assigned 
statically to begin with!)

ag