From owner-freebsd-questions@FreeBSD.ORG  Fri May 23 12:23:09 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A98811065680
	for <freebsd-questions@freebsd.org>;
	Fri, 23 May 2008 12:23:09 +0000 (UTC)
	(envelope-from iaccounts@ibctech.ca)
Received: from pearl.ibctech.ca (pearl.ibctech.ca [208.70.104.210])
	by mx1.freebsd.org (Postfix) with ESMTP id 44EA08FC24
	for <freebsd-questions@freebsd.org>;
	Fri, 23 May 2008 12:23:09 +0000 (UTC)
	(envelope-from iaccounts@ibctech.ca)
Received: (qmail 21269 invoked by uid 1002); 23 May 2008 12:23:08 -0000
Received: from iaccounts@ibctech.ca by pearl.ibctech.ca by uid 89 with
	qmail-scanner-1.22 
	(spamassassin: 2.64.  Clear:RC:1(208.70.104.100):. 
	Processed in 0.068697 secs); 23 May 2008 12:23:08 -0000
Received: from unknown (HELO ?192.168.30.110?)
	(steve@ibctech.ca@208.70.104.100)
	by pearl.ibctech.ca with (DHE-RSA-AES256-SHA encrypted) SMTP;
	23 May 2008 12:23:08 -0000
Message-ID: <4836B6BA.4090706@ibctech.ca>
Date: Fri, 23 May 2008 08:21:14 -0400
From: Steve Bertrand <iaccounts@ibctech.ca>
User-Agent: Thunderbird 2.0.0.14 (Windows/20080421)
MIME-Version: 1.0
To: Chuck Swiger <cswiger@mac.com>
References: <48345138.8080507@ibctech.ca>	<4834599A.1090108@infracaninophile.co.uk>	<4834A7B4.9030302@ibctech.ca>	<20080521232319.GA57359@osiris.chen.org.nz>	<4834B7EE.3000002@ibctech.ca>	<20080522020619.GA69543@osiris.chen.org.nz>	<4834D891.6050707@ibctech.ca>	<20080522035913.GA78449@osiris.chen.org.nz>	<483503AD.60801@infracaninophile.co.uk>	<4835634F.6060107@ibctech.ca>	<20080522203932.GA74897@osiris.chen.org.nz>
	<76B8A6DC-8CB4-46A4-9588-A6941080A942@mac.com>
In-Reply-To: <76B8A6DC-8CB4-46A4-9588-A6941080A942@mac.com>
X-Enigmail-Version: 0.95.6
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: FreeBSD Questions <freebsd-questions@freebsd.org>,
	Jonathan Chen <jonc@chen.org.nz>
Subject: Re: Multiple instances of BIND at startup
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 23 May 2008 12:23:09 -0000

> Well, BIND is up to 28 published security advisories:
> 
>   http://www.isc.org/sw/bind/bind-security.php#matrix
> 
> ...which not only have included cache poisoning (2003-0914), but many of 
> them allowed for arbitrary code execution, often as root.

Ok, then I'll ask the obvious...

For those who are, or have been network ops within an Internet Service 
Provider environment, what DNS server do you recommend for reliability, 
functionality, and most importantly, ease of use so the helpdesk can 
make slight changes to client domains when required (hopefully without 
having to su to root).

The latter point is why I went from BIND to TinyDNS (VegaDNS) in the 
first place, but it's seriously lacking with IPv6 support.

Steve