paul at xciv.org
Tue Feb 12 10:19:49 GMT 2002
fbsdusers at rikrose.net wrote:
> Once upon a time, I decided BIND was crap. I'm sorry, but that's what I
> think. I've helped run a few machines, and all of the breakins but one
> were through BIND.
Minus points for the sysadmins not keeping their applications up to
date. Even the most well written pieces of software will become a
security risk if you do not follow the release announcements and
ensure your systems are up to date.
> So, I looked at my options:
> BIND - Not exactly a great record, but acknowledged that does mean
> it's been reasonably well reviewed recently. It does, however take a
> lot of memory, and leaks it too, and crashes, and requires restarting.
I've only run smallish named's (v8), so I've not seen huge amounts of
memory used, or memory leaks, or this requirement for restarts. In
fact I've found v8 to be reasonably good. Maybe things get flakey
when your named gets big?
> djbdns - It's written by DJB. We all know about DJB, and that he likes
> /service and various other nonstandard things, and that this annoys a
> lot of people. I'm not one of them.
Apart from the following djbware rant. ;)
> I checked out djbdns. It chroots stuff, it runs as its own user for each
> sub-service, and runs chrooted, where nothing can do any damage if it
> goes wrong. It also takes very little memory. This is a good thing. It
> also is supervised, so that if it dies, it's automagically restarted.
> This is good too.
[..snip rant..] You've just convinced me never to try a piece of
djbware again, when I last played with qmail one of my big gripes
was the poor documentation, scattered amongst many different files.
But this documentation policy you mention is just insane for anyone
wanting to run well maintained systems.
> I went with djbdns. It works.
Obviously, like a hole in the head is good for your brains leaking out.
More information about the Ukfreebsd