[linux-elitists] WashPost article (was Re: sobig.f: Microsoft Windows virus, not computer virus)
Mon Aug 25 16:41:20 PDT 2003
Quoting Karsten Self (email@example.com):
> My objections to Sendmail are based on M4 and the sendmail config file.
> When was the last 'sploit on Sendmail? IIRC it's been clean since
> 1997-1998, if not earlier.
> BIND is in far worse shape....
BIND9 is slow and questionably architected, but otherwise executes
> ...and the alternatives are far fewer.
Excerpt from http://linuxmafia.com/~rick/linux-info/dns-servers follows.
MaraDNS is a general-purpose, fast authoritative, caching forwarder, and
recursive resolver server, fully supporting zone transfers, which runs
unprivileged, performs its own chroot, and includes its own
buffer-overflow-resistant string library:
pdnsd is a small caching forwarder server with a disk-based cache,
suitable for small networks and workstations:
Apply patches by Paul Rombouts, who is effectively the new maintainer:
dproxy is a small caching forwarder server with a disk-based cache,
suitable for small networks and workstations:
Dnsmasq is a small authoritative and caching forwarder server (no
recursive service -- iterative queries only) for a group of NATted /
IPmasqued machines (optionally pulling names from DHCP leases):
DNRD is a small caching-only server for NAT / IPmasq networks:
It may be unmaintained: E-mail to maintainer Brad Garcia's e-mail
address of record (firstname.lastname@example.org) isn't going through (May 2003), and
so his approval of new subscription requests for the development mailing
list is unavailable.
MyDNS is a MySQL-based authoritative and caching forwarder server
(no recursive service -- iterative queries only) suitable for very
large sites. In such roles, it's faster and more responsive than BIND9,
even though the latter uses a RAM-based cache:
ldapdns is an LDAP database-based authoritative and caching server (no
recursive service -- iterative queries only). Despite use of a
database, it's much faster than BIND9:
GnuDIP is an authoritative server for Dynamic DNS (supporting the RFC
2136/3147 DNS Dynamic Update protocol):
NSD is a high-performance authoritative-only daemon:
PowerDNS (open source as of 2002-11-25) is an authoritative and
recursive resolver server with modular structure supporting various
back-end information stores such as SQL databases (MySQL, PostgreSQL,
Oracle 8i, Oracle 9i, IBM DB2, and others via ODBC), BIND zonefiles
and other file formats, and LDAP directories. Supports AXFR zone transfers.
CustomDNS is a authoritative-only daemon, based on dnsjava, for both
static addresses and its variant form of dynamic DNS. Discontinued?
dnsjava is a minimal, authoritative-only server, a resolver library, and
a set of DNS utilities, all written in Java:
lbnamed is a authoritative-only daemon for static and dynamic
information, with a load-balancing multi-machine architecture:
Posadis is a fast authoritative and recursive resolver daemon, written in C++:
dents is an authoritative, caching forwarder, and recursive resolver
server, fully supporting zone transfers, but is perenially unfinished,
and is probably dead, at this point:
Pliant DNS Server is an authoritative and caching forwarder server:
Yaku-NS is a small, fast authoritative, caching forwarder, and recursive
resolver server, fully supporting zone transfers, aimed at embedded use.
Does internal chroot, and attempts to prevent stack-smashing. Discontinued?
Twisted Names is an authoritative, caching forwarder, and recursive
resolver server, written in Python:
Oak DNS Server is an authoritative and recursive resolver server,
supporting dynamic DNS updates and AAAA records. It's written in Python,
and doesn't need to run privileged:
Eddieware Enhanced DNS Server is a load-balancer for DNS.
moodns was meant to be a authoritative and recursive resolver server,
but never passed alpha state. Discontinued.
FireDNS is a resolver library with emphasis on speed and
asynchronous processing. Written in C, and has low-timeout blocking
functions. Can be used to relace standard libc resolver library
functions like getbyhostname with much faster equivalent code:
GNU adns is a resolver library for C (and C++) programs, and a
collection of useful resolver utilities:
Ares is an asynchronous resolver library in C.
Net::DNS is a resolver library in Perl.
Poslib is a resolver libarary and authoritative-server library in C++.
Proprietary packages include:
Authoritative Name Server (Nominum, Inc.)
BINDPlus (Information Network Eng. Gruup, Inc.)
Caching Name Server (Nominum, Inc.)
Cisco Network Registrar (Cisco Systems, Inc.) -
djbdns/tinydns - http://cr.yp.to/djbdns.html
Global Name Service (Nominum, Inc.)
NeDNS (Neteka, Inc.)
sqldjbdns/sqldns/pgsqldns - http://untroubled.org/sqldjbdns/
UltraDNS (UltraDNS Corporation) - http://ultradns.com/
VitalQIP (Lucent Technologies, Inc.) - http://www.qip.lucent.com/
Cheers, Before enlightenment, caffeine.
Rick Moen After enlightenment, caffeine.
More information about the linux-elitists