On Mon, 4 Oct 2004, James Couzens wrote:
DNS is bloated with feature creep especially BIND9. And given BIND's
security record I most certainly hope you aren't referring to it.
A DNSCBV implementation would probably not have much in common with
existing DNS implementations.
Re: security of the code, I've got several friends who work within the
security community and I've already requested an audit which I can
obtain freely from multiple parties upon request when the time is
appropriate.
I'm more concerned about security of the protocol. Is there a
specification?
Re: the other features you mention, why they are just that, "features",
and not "functions". The service simply has to answer a request,
nothing more nothing less. Even adding the caching is questionable, and
is not compiled in by default. I think its more prudent to leave
caching to where it belongs, by the DNS servers which already do this
caching.
Cacheing is less important at the server end than at the client end. This
is in order to reduce the number of queries that the server must deal with
and improve the system's scalability. If the protocol isn't based on the
DNS it can't benefit from DNS cacheing.
Why reinvent the wheel?
Exactly.
Tony.
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
FAIR ISLE: WEST BACKING SOUTHWEST 6 TO GALE 8, BECOMING CYCLONIC LATER. RAIN
THEN SHOWERS. MODERATE BECOMING GOOD.