Bind DNS resolver purged of critical DoS bug Makers of the internet's most widely used domain name resolution software have patched a vulnerability that allowed attackers to crash many systems that run the program. By querying a domain with large resource record sets (or RRsets) and trying to negatively cache a response, attackers can cause the Bind server to crash. The …
He said "one of" the buggiest. But since you've mentioned it, yes, sendmail had a poor reputation. Then people got fed up and started writing alternatives. They were better, and now sendmail is better too. That doesn't seem to have happened with BIND, which is odd, because DNS is *much* simpler than SMTP.
have you ever read the specs for these protocols or implemented them?
an existence proof: telnet to port 25 and deliver an email message. now telnet to port 53 and do a dns query/response transaction.
oh, let's not forget the mind boggling complexity of secure dns or internationalised domain names. these are probably the most complex network protocols paris hilton has invented for us.
On the server and cache side a whole lot of people are using DJB and PowerDNS instead. Not so much sure about client resolvers, then again, most clients are Windows computers on the Internet.
The ISC makes big bloated software with odd data formats. Big + Complex = security flaws.
> a whole lot of people are using DJB and PowerDNS instead
Depends on your definition of "a whole lot". These two implementations have a *tiny* installed base and handle an insignificant percentage of the world's DNS queries.
See http://dns.measurement-factory.com/surveys/201010
This survey suggests that there were 30-100 times as many BIND installations as DJBDNS, depending on how you measure things. I'm guessing that PowerDNS had a footprint that was too small to be observed for one of their sampling exercises.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
