[dns-operations] Best Practices in DNS security

Geo. geoincidents at nls.net
Fri Mar 17 23:25:12 UTC 2006


> Apropos, we dont have enough different DNS-servers. Bind is close to a
> monopoly. djbdns can do everything by fly or read the manual. I think
> it is good for experimenting and for develloping your own nameserver but
> it is not meant for production. Nevertheless there exist other
> nameservers or do you think ".com" is running on Bind?

There exist other mail servers than Exchange, but until MS fixed exchange so
it installed with relay disabled it was a major problem. People didn't
simply switch because there were other or even better mail servers did they?

That's all I'm saying here, lots of people use MSdns and they are going to
continue to use it regardless of what we do to solve this dns flooding
attack vector. We need to stop saying "well bind9 can do it" and face the
reality that people run other dns server software than bind. We need a
solution that works for everyone not just bind users. Solutions that require
running dual dns servers on the same physical machine don't meet that
requirement.

Geo.




More information about the dns-operations mailing list