Date: Tue, 6 Feb 2001 03:28:44 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: brett@lariat.org (Brett Glass) Cc: rsidd@physics.iisc.ernet.in (Rahul Siddharthan), freebsd-chat@FreeBSD.ORG Subject: Re: UNIX-like approach to software and system architecture Message-ID: <200102060328.UAA08814@usr08.primenet.com> In-Reply-To: <4.3.2.7.2.20010204080917.049ecca0@localhost> from "Brett Glass" at Feb 04, 2001 08:14:38 AM
next in thread | previous in thread | raw e-mail | index | archive | help
> Interestingly, Theo De Raadt also seems to agree that djb's approach to > DNS daemons is more sensible and secure than ISC's. In his own words: I have to say that I understand Paul Vixie's decision inre: a closed mailing list, with subscription revenue. I think it's a good idea, from the perspecdtive that BIND has taken a huge amount of flack recently, not the least of which is the DNS outage at Microsoft, and unrelated to the BIND software. For large players, who rely on security through obscurity and have large deployment latencies, it makes sense to charge them for a seperate channel, that is unlikely to have the people who are causing the problems listening in for new cookbook fodder. Actually, SCO had a fix for this a long time ago, where they had the ability to permit particular programs to do things, like bind reserved ports, as an attribute of the program (VMS did this too, with its concept of "installed images"), and not require that such programs run as root. Adding this feature to FreeBSD would go a long way toward resolving the "root exploit" problem. As far as DJB's DNS: I have a fundamental disagreement with his model, in that I believe that all data modifications should be done via a protocol, and he actually locks down the data, prohibiting the historical master/slave relationship, and updates. I firmly believe that, going forward, everything will need to be protocol driven, since it gives the fastest turn-around (and in fact I have modified my local copy of bind to permit creation of new zones via DNSUPDAT). It seems to me that what you lose with his model is nowhere near worth it, to gain so little. I also don't believe that the claim to increased security has really been backed by a formal analysis. At the level of DNS, you really need to not just audit, you need to do completeness proofs. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102060328.UAA08814>