Firewall Wizards mailing list archives
RE: Does blocking TCP DNS packets keep your Bind safe?
From: "Reckhard, Tobias" <Reckhard () secunet de>
Date: Thu, 15 Mar 2001 07:06:35 +0100
BIND is written in C and for better or worse, C is *HARD* to program in a secure and safe manner, especially when you have an application as large and complex as BIND is.
Exactly, one of the main reasons for BINDs problems are its complexity. And complexity is very dangerous to security, as we all know. The question that remains is whether a name serving and proxying package needs to be as large and complex as BIND--djbdns seems very lightweight in comparison. What is it that it can't do for you that BIND can (allow me to exclude DNSSEC) and that justifies BINDs complexity? Tobias _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Does blocking TCP DNS packets keep your Bind safe?, (continued)
- Re: Does blocking TCP DNS packets keep your Bind safe? Bill_Royds (Mar 10)
- RE: Does blocking TCP DNS packets keep your Bind safe? Ben Nagy (Mar 11)
- Re: Does blocking TCP DNS packets keep your Bind safe? Luca Berra (Mar 13)
- RE: Does blocking TCP DNS packets keep your Bind safe? Todd (Mar 13)
- Re: Does blocking TCP DNS packets keep your Bind safe? Darren Reed (Mar 14)
- Re: Does blocking TCP DNS packets keep your Bind safe? Todd (Mar 14)
- Re: Does blocking TCP DNS packets keep your Bind safe? Darren Reed (Mar 14)
- RE: Does blocking TCP DNS packets keep your Bind safe? Todd (Mar 16)