|
A secure DNS implementation by Dan J Bernstein, made to replace /BIND? because of its horrible security history. |
|
DJBDNS is a simple and secure DNS implementation by Prof. [Daniel J. Bernstein]?, because he feels that BIND's? security history is very poor. DJBDNS does not implement all of the features of BIND, such as zone transfers. He feels that it is better to re-use existing tools (such as rsync? and ssh?) than to implement separate protocols for zone transfers, as was done with BIND. DJBDNS also implements parsing of host data as a separate program. DNS caching and recursive? resolving? is also implemented as a separate program. The result of these design decisions is a dramatic reduction in code size and complexity of the daemon program that answers lookup requests. Prof. Bernstein (and many others) feel that this is true to the spirit of the Unix operating system, and makes security verfication much simplier. |
![[Home]](wikipedia.png)