From: Daniel Pittman <daniel@rimspace.net>
Subject: Re: Quimby Upgrade
Date: 16 Apr 2001 22:11:05 +1000 [thread overview]
Message-ID: <878zl111uu.fsf@inanna.rimspace.net> (raw)
In-Reply-To: <hvg0fcac23.fsf@spip.ws.nextra.no> =?iso-8859-1?q?("Bj=F8rn?= Mork"'s message of "13 Apr 2001 21:07:03 +0200")
On 13 Apr 2001, Bjørn Mork wrote:
> Daniel Pittman <daniel@rimspace.net> writes:
>> On 12 Apr 2001, Bjørn Mork wrote:
>> > Daniel Pittman <daniel@rimspace.net> writes:
>> >> On Wed, 11 Apr 2001, Robin S. Socha wrote:
>> >>
>> >> > At least OpenBSD ships with BIND 4.
>> >>
>> >> Which has it's bonus points... and it's own suckages. Admittedly,
>> >> though, it's not /nearly/ as bad as Bind 8 (on 9, given the number
>> >> of bug reports I have seen so far).
>>
>> Ahem. That should have been /or/ 9. :)
>
> I kind of guessed that, hence my comment below :-)
Fair enough. :)
>> > You should probably get an appointment with an eye specialist.
>>
>> Unless it's the typo which, admittedly, looks silly... Bind4 seems to
>> have less day-to-day breakages than 8 or 9. It lacks *many* newer
>> features, though, which some sites need.
>>
>> I don't quite follow what you meant, though.
>> Daniel
>
> I just couldn't see why you included bind 9 in this.
The way that I saw a half-dozen failed assertion reports from fairly
standard use in a friendly network environment. Not my reports, not
people I know well, so it /could/ be local breakage.
Anyway, those bugs are undoubtedly fixed, but there will be plenty of
bugs, security related and otherwise, left.
> Bind 9 is a completely new DNS package which has only the name in
> common with earlier bind versions. There hasn't been a single
> security related bug in bind 9 yet, has there?
Not that I know of, although IIRC some of the reports were trivial DoS
attacks. Define that as you will.
[...]
> Stating that bind 4 isn't nearly as bad as bind 9 just doesn't make
> any sense at all. Bind 4 is as bad as bind 8, and that's *really* bad.
>From a reliability point of view, BIND 9 seems as flawed *today* as BIND
8 *in my eyes*.
>From a security point of view, it's almost certainly better. Reliable
and skilled people have asserted so and, while I have not audited the
code myself, I trust them. :)
Security, though, is not the be-all and end-all of network servers. If
it were, I would happily ditch BIND * it in favour of DJB-DNS.
Daniel
--
The young do not know enough to be prudent, and therefore they attempt
the impossible, and achieve it, generation after generation.
-- Pearl S. Buck
next prev parent reply other threads:[~2001-04-16 12:11 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-04-04 16:30 Lars Magne Ingebrigtsen
2001-04-04 17:10 ` Harry Putnam
2001-04-04 18:35 ` Robin S. Socha
2001-04-04 20:35 ` Matthias Wiehl
2001-04-04 20:52 ` Josh Huber
2001-04-05 1:06 ` Lars Magne Ingebrigtsen
2001-04-05 1:17 ` Colin Marquardt
2001-04-07 5:58 ` Manoj Srivastava
2001-04-05 5:11 ` Colin Walters
2001-04-05 5:54 ` Robin S. Socha
2001-04-05 13:29 ` Lars Magne Ingebrigtsen
2001-04-05 15:10 ` Robin S. Socha
2001-04-05 15:37 ` Oyvind Moll
2001-04-06 0:56 ` Stephen Zander
2001-04-06 0:58 ` Stephen Zander
2001-04-07 23:02 ` Arcady Genkin
2001-04-08 0:19 ` Colin Walters
2001-04-08 1:54 ` Arcady Genkin
[not found] ` <87elv4i3q9.fsf@pooh.honeypot>
2001-04-08 1:52 ` Arcady Genkin
2001-04-05 15:38 ` Lars Magne Ingebrigtsen
2001-04-05 15:41 ` Florian Weimer
2001-04-07 5:49 ` Manoj Srivastava
2001-04-05 17:26 ` Alex Schroeder
2001-04-07 5:55 ` Manoj Srivastava
2001-04-10 16:28 ` Jason R. Mastaler
2001-04-11 5:52 ` Daniel Pittman
2001-04-11 9:23 ` Robin S. Socha
2001-04-11 13:48 ` Gunnar Evermann
2001-04-11 14:12 ` Robin S. Socha
2001-04-11 14:04 ` Colin Walters
2001-04-11 14:58 ` Wes Hardaker
2001-04-11 16:58 ` Harry Putnam
2001-04-11 18:38 ` Robin S. Socha
2001-04-12 3:48 ` Harry Putnam
2001-04-12 21:43 ` jason-dated-321e0a263c46f421
2001-04-12 22:09 ` Florian Weimer
2001-04-12 23:02 ` Kai Großjohann
2001-04-12 23:24 ` Harry Putnam
2001-04-23 19:33 ` my 'dated' address (was Re: Quimby Upgrade) Jason R. Mastaler
2001-04-23 20:08 ` Kai Großjohann
2001-04-23 23:17 ` Jason R. Mastaler
2001-04-23 23:37 ` Stainless Steel Rat
2001-04-27 19:34 ` Robin S. Socha
2001-04-27 19:50 ` Stainless Steel Rat
2001-04-27 20:02 ` Robin S. Socha
2001-04-27 21:07 ` Stainless Steel Rat
2001-04-27 21:24 ` Paul Jarc
2001-04-27 21:38 ` Stainless Steel Rat
2001-04-27 21:51 ` Robin S. Socha
2001-04-28 1:05 ` Paul Jarc
2001-04-28 2:22 ` Stainless Steel Rat
2001-04-28 3:01 ` Russ Allbery
2001-04-29 13:26 ` Kai Großjohann
2001-04-29 14:13 ` Robin S. Socha
2001-04-29 14:53 ` Stainless Steel Rat
2001-04-29 14:18 ` Amos Gouaux
2001-04-29 14:55 ` Andreas Fuchs
2001-04-29 19:50 ` Jason R. Mastaler
2001-04-29 15:46 ` Florian Weimer
2001-04-29 19:54 ` Jason R. Mastaler
2001-04-27 21:24 ` Robin S. Socha
2001-04-27 21:48 ` Steven E. Harris
2001-04-28 1:28 ` Jason R. Mastaler
2001-04-28 1:30 ` Jason R. Mastaler
2001-04-24 13:29 ` Florian Weimer
2001-04-11 21:17 ` Quimby Upgrade Kai Großjohann
2001-04-11 23:20 ` Eric Jacoboni
2001-04-12 14:53 ` Harry Putnam
2001-04-12 15:20 ` Alan Shutko
2001-04-12 15:58 ` Kai Großjohann
2001-04-12 18:07 ` Harry Putnam
2001-04-12 20:36 ` Florian Weimer
2001-04-12 20:56 ` Arcady Genkin
2001-04-12 4:32 ` Daniel Pittman
2001-04-12 20:22 ` Bjørn Mork
2001-04-13 1:17 ` Daniel Pittman
2001-04-13 19:07 ` Bjørn Mork
2001-04-16 12:11 ` Daniel Pittman [this message]
2003-09-11 22:47 Quimby upgrade Lars Magne Ingebrigtsen
2003-09-12 0:49 ` Lars Magne Ingebrigtsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=878zl111uu.fsf@inanna.rimspace.net \
--to=daniel@rimspace.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).