Berkeley Internet Name What? El Reg botches another DNS story.
Experts are split over whether a lack of 'genetic diversity' in the (Domain Name System) DNS infrastructure is leaving the internet at greater risk of attacks. Four in five (80 per cent) of the world's internet-facing DNS servers are essentially genetically identical, according to Domain Name System vendor Secure64. In the …
And for me also. I found it much easier to do things like telling djbdns to query my employers DNS server for various domain names than in BIND. Well, that's an understatement.
However, if your a DNS administrator, your day is spent in BIND zone files, so the differences are marked. Also djb has a bit of a reputation...
Four in five (80 per cent) of the world's internet-facing DNS servers are essentially genetically identical, according to Domain Name System vendor Secure64
"80% of the world won't even consider buying our DNS server, so here's some FUD."
"Secure64 DNS products are security-hardened commercial DNS appliances" - yep, talking up their own book.
All this "bind is insecure" is BS. Useless company with useless product - "The SourceT Micro OS executes on standard Itanium server hardware, and provides the foundation for Secure64 software applications." Itanium? Really? Not even ported to anything else? What are they gonna do when Intel kills it?
80% of the DNS uses BIND - thats because its the best product...and free. Yes, there have been vulnerabilities - but they get patched and dealt with very quickly...no waiting for some patch tuesday.
theres a similar story across the internet for other services - Apache rules WWW, ISC also rule DHCP, SQUID rules the proxy world.
the fact that Secure64 market a DNS server makes this story not only biased, but Secure64 repugnant
A NEW Microsoft implementation. But the problem with that is that given "Computer Darwinism" it would have been breed out to the system by now.
Blue screens, and bad answers. Oh wait, that is why people use BIND (I thought it was Berkeley Internet Name Daemon, but it turns out I was wrong).
BIND is a bug-infested maze of spaghetti code with a history of security holes nearly as bad as sendmail. The comparison to Apache is apt - there is a reason why nginx is gaining so rapidly for web servers, or Postfix in the email space.
djbdns is another option, unfortunately without IPv6 or DNSSEC support, and not actively maintained. PowerDNS is another (disclaimer: I used to work with Bert Hubert).
That said, I don't see why anyone with a pulse would pay for a proprietary repackaging of an excellent open-source DNS server produced by NLNet,. one of the organizations that maintain top-level DNS servers (in Europe). NSD and Unbound are some of the best DNS servers around, designed for massive scale, and a pleasure to administer compared to BIND or even DJBDNS. If they are suitable for you, you are best off building them yourself from the original open-source release.
Any reputable DNS company that cares about their network and users, will have more than just BIND implemented on the network. No-IP.com runs multiple brands of DNS server software and we also run multiple operating systems for our DNS servers. We believe that this is simply a "best practice," not a true selling point of a DNS provider.