[svlug] Bind Vulnerabilities

[Dagmar d'Surreal]

On Sun, 25 Mar 2001, Rick Moen wrote:

> Sorry, as a general alternative to BIND, it basically just _isn't there_:
> Bernstein deliberately omits support for quite a lot of protocols
> required by the relevant RFCs.  It seems he doesn't like those standards
> (e.g., http://cr.yp.to/djbdns/faq/axfrdns.html), so he ignores them.

Saints preserve me for somehow winding up in the curious position of
_defending_ DJB, but he _has_ mentioned that his implementation is
targeted at replacing caching-only daemons and single standalone daemons
that serve only a few zones (which covers at least half of the nameservers
out there, so I'd say it's a valid niche).  In _that_ capacity I have to
say it's probably preferable to BIND, simply because all that other code
that wouldn't be getting used simply isn't there.  At the moment I can't
seem to find where the heck he said it (it might have been in one of the
READMEs?) but I remember reading it somewhere.