Weekly Edition
Return to the Development page
| |||||||||||
Unbound 1.0 released
Some projects send out an email to announce a release; others opt for press
releases. Here is the
press release for Unbound 1.0, a new, BSD-licensed domain name
server intended to compete with Bind. "Although BIND has been the de
facto choice for DNS servers since the 1980s, a desire to seek an
alternative server that excels in security, performance and ease of use
prompted an effort to develop an open source DNS implementation. Unbound is
the result of that effort."
(Log in to post comments)
Unbound 1.0 released Posted May 21, 2008 14:39 UTC (Wed) by nix (subscriber, #2304) [Link] Example of press-release-speak meaning the exact opposite of what they hoped: the mention that its security algorithms are 'complex', presumably because to sufficiently clueless managers 'complex' automatically equals 'good' (probably the same managers who think 'proprietary' equals 'good' and for much the same reason: the fictional vision of bulging brains in some mad scientist's basement lab Thinking Thoughts That Nobody Else Can Think). Complexity is the enemy of security, guys...
Unbound 1.0 released Posted May 21, 2008 14:55 UTC (Wed) by i3839 (subscriber, #31386) [Link] As it's a VeriSign person saying that, I guess he's hinting at DNSSEC. Not much more reassuring though, but still. > "Although simplicity and performance have always been primary goals for > Unbound, we have placed extra attention on security features, particularly > since DNSSEC is not yet deployed widely," Is what the devs say. No security is of course faster and simpler than implementing some security.
Unbound 1.0 released Posted May 21, 2008 15:58 UTC (Wed) by nix (subscriber, #2304) [Link] It would be nice to have DNSSEC. But, oh, look, the roots aren't signed, and whose court has that ball been in for ten years or so now? :/
Unbound 1.0 released Posted May 23, 2008 14:10 UTC (Fri) by job (subscriber, #670) [Link] Yeah, but if you're in a signed TLD it's still useful.
Unbound 1.0 released Posted May 21, 2008 14:59 UTC (Wed) by johnkarp (subscriber, #39285) [Link] That was just one comment, and they did not elaborate. They also said they "kept the overall design straightforward and clean" and "we have worked hard to produce well documented, readable and elegant code. With that we try to make the barrier for security audit and code review as low as possible." Perhaps DNSSEC is inherently messy, but they did their best? Of course, it would be best not to take their word, and look at their code instead. (I wasn't able to access their code repository for whatever reason.)
Unbound 1.0 released Posted May 21, 2008 15:59 UTC (Wed) by nix (subscriber, #2304) [Link] DNSSEC being messy is certainly true enough. I guess 'announcement by press release' just rubbed me up the wrong way...
Unbound 1.0 released Posted May 21, 2008 17:41 UTC (Wed) by allesfresser (subscriber, #216) [Link] A lyric comes to mind with your mention of proprietary mad scientists: "We are the priests of the temples of syrinx Our great computers fill the hallowed halls We are the priests of the temples of syrinx All the gifts of life are held within our walls" I have this lyric written with marker over a Microsoft ad, displayed on the wall of my cubicle, courtesy of a puckish coworker.
Unbound 1.0 released Posted May 21, 2008 20:45 UTC (Wed) by nix (subscriber, #2304) [Link] I was thinking of _Girl Genius_, but that Rush song counts too, yes. :)
Alternatives to bind Posted May 21, 2008 15:44 UTC (Wed) by tzafrir (subscriber, #11501) [Link] OK, so let's accept their assertion that Bind is bad ;-) What other alternatives are there? A quick search brings up djbdns, maradns, powerdns (pdnsd) .
Alternatives to bind Posted May 21, 2008 17:33 UTC (Wed) by rfunk (subscriber, #4054) [Link] I currently use maradns for some low-traffic subdomains, and dnsmasq for dns on internal LANs. But it looks to me like nsd may be the best answer for replacing bind as an authoritative name server, so that's what I'm planning for the future. (djbdns is cool and all, but then you have to deal with the weirditudes of DJB's worldview.)
Alternatives to bind Posted May 22, 2008 2:55 UTC (Thu) by bronson (subscriber, #4806) [Link] FWIW, here's my DNS history over the last two years. Starting with... Bind compiled from upstream, which worked for a few months until idiotic security issues convinced me to move on so I decided to try mydns which is neat and super easy to configure (if you're familiar with SQL) but development kind of fell apart so I went back to Bind installed by the distro because, shoot, that should insulate me from all the idiotic security issues but when I found myself writing scripts to try to wrestle with the mess of creepy config files I bounced to MaraDNS. Love it. If Mara didn't make me happy, I was going to try NSD and PowerDNS in that order. But, so far, Mara has been making me happy.
Unbound 1.0 released Posted May 21, 2008 18:43 UTC (Wed) by jwb (guest, #15467) [Link] It's cute, but it doesn't pass its own test suite on an ordinary 32-bit x86 Debian machine. It's nice to see that it does have a test suite, though.
DJBDNS forever Posted May 24, 2008 16:43 UTC (Sat) by roskegg (subscriber, #105) [Link] A couple years ago I switched to djbdns. It is easy to configure and set up. I haven't stress tested it, but I am told it can handle the highest of loads. djbdns syntax is simple, and does things in the True Unix Way.
|
|||||||||||