On Wed, May 07, 2003 at 09:51:53PM -0500, David Phillips wrote: [snip] > Next, you need an authoritative DNS server for your machine. You mentioned > you installed BIND. I strongly recommend you uninstall that immediately. > BIND is buggy, bloated, difficult to administer and has been historically > insecure. There are better alternatives. I think David might be drawing a less-than-clear line between his facts and opinions here, so I'll try to clarify: BIND is buggy: I'm a member of the "all software sucks" camp, so this would have to be backed up with numbers for me to find it particularly damning. When I look at the ISC BIND page, I see it's been about 6 months since the last CERT advisory, and that was for BIND8. But (as has been said before) there have also been bugtraq entries for Apache, SSH, and the Linux kernel. There must be *some* reason people continue to use them. :-) BIND is bloated: I have no problem running BIND on a 486SX with 32MB RAM. Bloated compared to other DNS systems? Perhaps. Does this cause problems on modern systems? No. BIND is difficult to administer: This is an opinion, one with which I would disagree. Are other DNS systems easier to administer? Perhaps, but that's another discussion. BIND has been historically insecure: true. On the positive side, one very good thing BIND has is a large and helpful user and documentation base. As an aside, David, I appreciate the zeal with which you share your knowledge and opinions. You might want to check out the Linux Advocacy mini-HOWTO for ideas on other ways to go about it: http://www.google.com/search?q=linux+advocacy+howto Regards, John _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list