On Fri, 8 Apr 2005, Vicky Rode wrote:
Just wondering how many have transitioned to djbdns from bind and if so any feedback.
DJBDNS is just about the best cache there is. The nameserver is also good. Security is a good reason to switch to djbdns. Good performance is another. But switching isn't just about the 'goodness' of the new server. You need to consider the 'badness' of the old server. And where both servers are headed. Several previous security vulnerabilities in BIND is one strike against. These might be fixed. There might still be others. Violation of trust on other projects is another. e.g. Exactis V. MAPS, Several MAPS employees working for well-known spammer Scott Richter described in Spam Kings by Brian McWilliams. But what pushed me was that BIND9 is not compliant with AXFR standards. There is more to the story than can be explained shortly. However, Vixie and crew tried to ramrod a change to AXFR a while ago to make BIND9 compliant. And asking _every_ other implemenation to change in the process. That effort failed. So far as I know, ISC has not made any effort to either tell people that BIND9 isn't compliant, nor alter BIND9 to be compliant. At present, BIND9 attempts to detect whether it is transferring from another BIND9 server to determine with to use the standard protocol or to use the non-standard BIND9 protocol. Its not a real big problem, though the BIND9 detection might be dicey. An implmentation that pretends to be BIND (but not using the proprietary protocol) might have a problem. But so far as I know, there are no such implemenations at present, so its not a big problem, at least, not right now, anyway. It could be a problem later, if someone introduces a server that pretends to be BIND9, but isn't. Its more of a proprietary "lock-in" issue. -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000