compilation bug fix for bsds
Yarin
yarin at warpmail.net
Thu Dec 30 22:24:37 EST 2010
I'm glad to find out that v1 created on-request threads and glad to hear that v2 doesn't.
But actually, I'm already using MaraDNS 2 and the Deadwood resolver you bundled with it; I liked that you separated the server and resolver.
Actually, I already decided on MaraDNS because of it's apparent speed, and stronger focus on security, over BIND9, which almost seemed to bloated for the simple things I wanted it for. And early on I decided against djbdns, "personal rants" aside, after finding out that it hasn't really been maintained in a while (besides the various patches), and even in my limited experience, unmaintained = asking for trouble.
Unbound looks pretty cool though.
Thanks for the info,
The comparison list is especially nice.
Yarin
----- Original message -----
From: "Sam Trenholme" <strenholme.usenet at gmail.com>
To: list at maradns.org
Date: Thu, 30 Dec 2010 12:58:33 -0700
Subject: Re: compilation bug fix for bsds
> OpenBSD.
MaraDNS 2.0 (using Deadwood for recursion) is a much better choice for
OpenBSD than MaraDN 1.4; the reason is because Deadwood (MaraDNS 2.0's
recursive daemon) is non-threaded. MaraDNS 1.4 spawns a thread every
time a client asks for a name not in the recursive cache; this kills
performance on OpenBSD.
The main issue with MaraDNS 2.0 is that it was only released about
three months ago so there are still some rough edges in the code which
I hope to have time to work on. My most current blog about MaraDNS is
here:
http://samiam.org/blog/maradns.html
Personally, I think the best DNS solution for OpenBSD (if one elects
not to use its build of BIND9) is either MaraDNS 2 or your choice of
some patched version of DJBdns. Both are excellent software programs;
MaraDNS has the advantage that I, the primary author, am still here
and am still maintaining the package. [1]
Unbound is a good choice if DNSsec is needed.
The best list of DNS servers out there is here:
http://linuxmafia.com/faq/Network_Other/dns-servers.html
This discusses all of the known patched versions of DjbDNS and pretty
much any other open-source DNS server.
- Sam
[1] Yes, it is true that on a personal level I do not like djbdns. My
issue with djbdns is that its userbase has had too many rude, annoying
fanboys and trolls. Fanboys who tried to cover up [2] djbdns' first
security problem when it was found over three years ago. DJB has a
responsibility to put a leash on the unprofessional behavior of his
more fanatical users; the fact that he has not reflects poorly on his
software.
This is all a non-issue today; the fact that there are three known
security problems in DJB's last release of djbdns and the fact that
DJB has stopped maintaining his program nearly a decade ago have taken
the wind out of the sails of the arguments to use djbdns.
I have a number of rants about djbdns:
http://maradns.blogspot.com/search/label/DjbDNS
Again, my personal issues aside, djbdns is an excellent program **if
you use a patched version like zinq-dnscache**.
[2] http://en.wikipedia.org/w/index.php?title=Djbdns&action=historysubmit&diff=159822066&oldid=141354854
More information about the list
mailing list