From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/35849
Path: main.gmane.org!not-for-mail
From: Daniel Pittman <daniel@rimspace.net>
Newsgroups: gmane.emacs.gnus.general
Subject: Re: Quimby Upgrade
Date: 16 Apr 2001 22:11:05 +1000
Organization: Not today, thank you, Mother.
Message-ID: <878zl111uu.fsf@inanna.rimspace.net>
References: <m33dbovd9t.fsf@quimbies.gnus.org>
	<deathsquad.m3zodwy0lq.fsf@socha.net>
	<m3u244tasf.fsf@quimbies.gnus.org>
	<20010410162812.7343.qmail@nightshade.la.mastaler.com>
	<87g0fg56fb.fsf@inanna.rimspace.net> <20010411052354.D46053@kens.com>
	<87g0fepwkn.fsf@inanna.rimspace.net>
	<hvg0feaxj7.fsf@spip.ws.nextra.no>
	<87puehegxr.fsf@inanna.rimspace.net>
	<hvg0fcac23.fsf@spip.ws.nextra.no>
NNTP-Posting-Host: coloc-standby.netfonds.no
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-Trace: main.gmane.org 1035171533 5272 80.91.224.250 (21 Oct 2002 03:38:53 GMT)
X-Complaints-To: usenet@main.gmane.org
NNTP-Posting-Date: Mon, 21 Oct 2002 03:38:53 +0000 (UTC)
Keywords: bind,daniel,though,security,reports,apr
Return-Path: <owner-ding@gnus.org>
Original-Received: (qmail 9834 invoked by alias); 16 Apr 2001 12:11:21 -0000
Original-Received: (qmail 9829 invoked from network); 16 Apr 2001 12:11:20 -0000
Original-Received: from melancholia.rimspace.net (HELO melancholia.danann.net) (203.36.211.210)
  by gnus.org with SMTP; 16 Apr 2001 12:11:20 -0000
Original-Received: from localhost (melancholia.danann.net [203.36.211.210])
	by melancholia.danann.net (Postfix) with ESMTP id 51ABB2A81C
	for <ding@gnus.org>; Mon, 16 Apr 2001 22:11:08 +1000 (EST)
Original-Received: by localhost (Postfix, from userid 1000)
	id 4B81E820EC; Mon, 16 Apr 2001 22:11:05 +1000 (EST)
Original-To: ding@gnus.org
In-Reply-To: <hvg0fcac23.fsf@spip.ws.nextra.no> =?iso-8859-1?q?("Bj=F8rn?=
  Mork"'s message of "13 Apr 2001 21:07:03 +0200")
X-Homepage: http://danann.net/
X-spies: constitution smuggle FSF COSCO class struggle Noriega colonel NORAD ECHELON South Africa Ft. Knox terrorist Area 51 KGB North Korea 
User-Agent: Gnus/5.090001 (Oort Gnus v0.01) XEmacs/21.2 (Urania)
Original-Lines: 64
Xref: main.gmane.org gmane.emacs.gnus.general:35849
X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:35849

On 13 Apr 2001, Bj=F8rn Mork wrote:
> Daniel Pittman <daniel@rimspace.net> writes:
>> On 12 Apr 2001, Bj=F8rn Mork wrote:
>> > Daniel Pittman <daniel@rimspace.net> writes:
>> >> On Wed, 11 Apr 2001, Robin S. Socha wrote:
>> >>=20
>> >> > At least OpenBSD ships with BIND 4.
>> >>=20
>> >> Which has it's bonus points... and it's own suckages. Admittedly,
>> >> though, it's not /nearly/ as bad as Bind 8 (on 9, given the number
>> >> of bug reports I have seen so far).
>>=20
>> Ahem. That should have been /or/ 9. :)
>=20
> I kind of guessed that, hence my comment below :-)

Fair enough. :)

>> > You should probably get an appointment with an eye specialist.
>>=20
>> Unless it's the typo which, admittedly, looks silly... Bind4 seems to
>> have less day-to-day breakages than 8 or 9. It lacks *many* newer
>> features, though, which some sites need.
>>=20
>> I don't quite follow what you meant, though.
>>         Daniel
>=20
> I just couldn't see why you included bind 9 in this.

The way that I saw a half-dozen failed assertion reports from fairly
standard use in a friendly network environment. Not my reports, not
people I know well, so it /could/ be local breakage.

Anyway, those bugs are undoubtedly fixed, but there will be plenty of
bugs, security related and otherwise, left.

> Bind 9 is a completely new DNS package which has only the name in
> common with earlier bind versions.  There hasn't been a single
> security related bug in bind 9 yet, has there?=20

Not that I know of, although IIRC some of the reports were trivial DoS
attacks. Define that as you will.

[...]

> Stating that bind 4 isn't nearly as bad as bind 9 just doesn't make
> any sense at all. Bind 4 is as bad as bind 8, and that's *really* bad.

>>From a reliability point of view, BIND 9 seems as flawed *today* as BIND
8 *in my eyes*.

>>From a security point of view, it's almost certainly better. Reliable
and skilled people have asserted so and, while I have not audited the
code myself, I trust them. :)

Security, though, is not the be-all and end-all of network servers. If
it were, I would happily ditch BIND * it in favour of DJB-DNS.

        Daniel

--=20
The young do not know enough to be prudent, and therefore they attempt
the impossible, and achieve it, generation after generation.
        -- Pearl S. Buck