spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: re: djbdns is not free

2004-12-03 09:21:52
from [Jeroen Massar] [Permanent Link] 
On Fri, 2004-12-03 at 07:49 -0800, James Couzens wrote:

On Thu, 2004-12-02 at 16:47 -0800, william(at)elan.net wrote: 

Having had the pleasure of seeing these kind of debates on other lists 
several times (which made those lists unusable for at least a week) can
I ask that participants please do not engage in the following debates:



 1. BIND vs DJBDNS


There is no need for a debate when the answer is so clear:


The clear answer to any of these debates, may they be computer related
or not, is:

 "Use what you understand, what you want to use, and where it is
applicable for use"

If one doesn't want to upgrade and doesn't need features and does want
to take some time figuring out how djb-products work, then do so. If you
have been taught to write bind zone files use that. If you want a
clickety-click interface, use the bloody Windows DNS server.*

(* = or the many other frontends for eg bind,djbdns,powerdns,nsd etc)

Greets,
 Jeroen

--


============ ROUND 1: BIND vs DJBDNS ==================================

How many LoC (w/out comments) in DJBDNS?     :   9,932 lines
How many LoC (w/out comments) in BIND 9.2.2? : 204,970 lines


They are at 9.2.4 already btw ;)


Security Guarantee in DJBDNS? : Yes, $500 USD (unclaimed)
Security Guarantee in BIND?   : No.


Without features you can't have much bugs now can you ? :)

There are always people complaining about bind, that it is fat, has bugs
etc, but they always forget that most of the time they where the folks
asking for all the features. For that matter, if you want to have
something simple as IPv6 support, you will need to go to a third party
for djbdns. Not even thinking about stuff like dnssec, updates and the
many other things that make life easier.

Then again depends on what you want to use something for ;)

Special SPF records in qmail? You will have to patch it yourself if you
want to make it work ;)

<SNIP>


  2002:
  -----
    --> http://www.cert.org/advisories/CA-2002-15.html (1)


"Domain Name System (DNS) servers running ISC BIND 9 prior to 9.2.1"

This was the last bug, that was 2 years ago.. wheee!
Even OpenSSH had to be updated more than that.


    --> http://www.cert.org/advisories/CA-2002-19.html (2)


Not BIND and this includes glibc, guess what djb uses :)


    --> http://www.cert.org/advisories/CA-2002-31.html (4)


"Systems running various versions of BIND 4 and BIND 8"

that is not BIND9


  2003:
  -----
    --> http://www.cert.org/advisories/CA-2003-01.html (1)


CERT® Advisory CA-2003-01 Buffer Overflows in ISC DHCPD Minires Library

DHCP != BIND ;)


  - This was probably one of the single largest exploits (as regards
     vendor** impact and potential damage) the Internet has ever seen.
     In plain English, it was f*****g HUGE.

  - libraries affected (_HINT_ DJBDNS is _NOT_ in this list)?
    - ISC BIND DNS resolver library (libbind)
    - BSD DNS resolver library (libc)
    - GNU DNS resolver library (glibc)


DJBDNS isn't a resolver now is it, also check who shares source where.
  

  May 21, 1998 - BIND gets a SPECIAL CERT notice its so problematic:
    - http://www.cert.org/summaries/CS-98.04.html

  May 28, 1998 - BIND gets ANOTHER special notice, more exploits!
    - http://www.cert.org/summaries/CS-98.05.html


6 years ago, and version 8, come on are you going to compare Win95 with
Redhat Fedora Core Turbo Pro next ? :)
Or comparing an iPod (apple) to a hmmm why the peep is there no company
called 'pear'? :) There is PHP's PEAR of course but that is not related,
oh that is what comparing apple's and pears is about.


  Compare BIND vs DJBDNS with respect to 'ease of use':
  - http://cr.yp.to/djbdns/blurb/easeofuse.html

  Read up about DJBDNS security:
  - http://cr.yp.to/djbdns/blurb/security.html


2 nice feature rants by djb ;)

I have to admit that the code that is there works and is of great
quality, but without features and only basic support it is not much of
use in most situations now is it...

Sorry but your list does not make sense in the computer world.

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Read the whitepaper!  http://spf.pobox.com/whitepaper.pdf
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

Attachment: signature.asc
Description: This is a digitally signed message part

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  re: djbdns is not free, James Couzens
Next by Date:  Re: News on other anti-spam methods -- update, jpinkerton
Previous by Thread:  re: djbdns is not free, James Couzens
Next by Thread:  Re: re: djbdns is not free, James Couzens
Indexes:  [Date] [Thread] [Top] [All Lists]