At 09:54 AM 6/28/02, Roylance, Stephen D. wrote:
>Hello,
>I would like to use BIND 9 for a new project, but find that I need to defend
>my choice to the information security team here. They are aware of BIND's
>past failings and are recommending djbdns. I feel BIND is a more mature,
>robust solution, and djbdns lacks important features.
>
>Can anyone here point me towards information on the web comparing the two?
>I'd love to find an article in a trade magazine that compared available DNS
>implementations, but anything would help.
>
>Thanks in advance,
>Steve Roylance
Since you are dealing with the information security team, you can point
out that BIND 9 inplements DNSSEC while djbdns does not, follows all
of the standards (being the reference implementation) while djbdns only
follows whatever standards that djb thinks is important. For BIND 9,
you will get good turnaround on bugs, security advisories, etc. Since BIND
has something like 90% of the market for DNS servers, is free and
open-source, why go with an unknown? I don't know what past failings
they are aware of, but are they aware of djbdns's past failings, or is it that
they haven't heard anything since not many people use it?
Danny
|
