[dns-operations] i've got a conflict of interest, can a non-implementor answer this?
manos at cc.gatech.edu
Wed Jan 14 02:38:46 UTC 2009
On Tue, Jan 13, 2009 at 11:34:18PM +0000, Paul Vixie wrote:
> in http://gcn.com/articles/2009/01/12/dns-requires-a-layered-approach.aspx we
> see the following exchange:
> "GCN: BIND, which is the most widely used DNS server, is open
> source. How safe are the latest versions of it?
> TOVAR: For a lot of environments, it is perfectly suitable. But in
> any mission-critical network in the government sector, any
> financial institution, anything that has the specter of identity
> theft or impact on national security, I think using open source is
> just folly."
Sometime people need to realize that "scripta manet". Making a living
from DNS security and at the same time contributing to the effort of
improving the security of DNS with statements like:
"... I think using open source is just folly."
is just disappointing. It would be very interested to see which
vulnerabilities in the list of open source DNS software we have
overlooked as researchers, operators, developers, and make them
so unfitted for the mission-critical networks. I went quickly over
Nominum site and I couldn't find any reports or white papers relevant
to this. Maybe I've overlooked something.
More information about the dns-operations