Date: Sun, 21 May 2000 22:21:24 -0400 From: Chris Johnson <cjohnson@palomine.net> To: User Datagram Protocol <udp@closed-networks.com> Cc: freebsd-security@freebsd.org Subject: Re: pid file for named Message-ID: <20000521222124.A55554@palomine.net> In-Reply-To: <20000516132531.M2139@closed-networks.com>; from udp@closed-networks.com on Tue, May 16, 2000 at 01:25:31PM %2B0100 References: <Pine.BSF.4.21.0005160634430.21765-100000@srh0902.urh.uiuc.edu> <20000516131606.C16398@naiad.eclipse.net.uk> <20000516132531.M2139@closed-networks.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, May 16, 2000 at 01:25:31PM +0100, User Datagram Protocol wrote: > On Tue, May 16, 2000 at 01:16:06PM +0100, Stuart Henderson wrote: > > On Tue, May 16, 2000 at 06:48:05AM -0500, Frank Tobin wrote: > > > One often wishes to run daemons such as named under other users, e.g., > > > bind:bind. In order to allow bind to write out zones and associated fun > > > stuff correctly, one then does a > > > > For dns, surely djb's servers are a better choice where security is a > > priority? > > > > I have no firm figures, just subjective time perception, but a box running > djb's dnscache seemed a heck of a lot slower than another box running regular > BIND at doing reverse lookups... That hasn't been my experience, and I'm running djb's (that's Daniel J. Bernstein, if anyone's wondering) dnscache/tinydns everywhere. If you have performance problems, try posting a message to dns@list.cr.yp.to and see if anyone has anything to offer. I've been BIND-free since dnscache's first alpha release, and I haven't had a single problem. http://cr.yp.to/dnscache.html, for anyone who's interested. Chris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000521222124.A55554>