BIND problem

Michael Torrie torriem at chem.byu.edu
Fri Sep 23 19:18:31 MDT 2005


On Fri, 2005-09-23 at 16:28 -0600, Andy Bradford wrote:
> If BIND wasn't a requirement, you could do split-horizon on one server:
> 
> http://cr.yp.to/djbdns/tinydns-data.html#differentiation
> 
> I have set this up for split-horizon before and it works great.

Well like I said, our architecture disallows split-horizon since the DNS
for the inside cannot be in the DMZ, where it would have to be to serve
the outside.  BIND9 does fine at split-horizon if we needed that.

As for djbdns, I try to avoid software by Bernstein.  I'm not convinced
that it's as secure as people claim and I don't like him nor his
software license.  And I'm also not convinced that it would scale in an
enterprise.  BIND9 is proven (for good and bad) and it the enterprise
standard.  One of the first things I did in my present job was to kill
of qmail and replace it with sendmail (which I do know how to configure,
believe it or not).  As I recall we were running a version of djbdns
when I first got here too, in a limited way.  We killed that off too.

Michael



> 
> Andy
> --
> GnuPG ID 0xA63888C9 (D2DA 68C9 BB2B 26B4 8204  2219 A43E F450 A638 88C9)
> [-----------[system uptime]--------------------------------------------]
>   4:27pm  up 95 days,  1:05,  1 user,  load average: 1.00, 1.00, 1.00
-- 
Michael Torrie <torriem at chem.byu.edu>



More information about the PLUG mailing list