I wouldn't trust a program with such a bad security history (
http://www.isc.org/index.pl?/sw/bind/bind-security.php ). There are good
nameservers, which are more secure. E.g. the author of djbdns gives $1000
for the first person, who finds a security hole:
http://cr.yp.to/djbdns/guarantee.html
Yes I know, and have, that program.
I find it a bit complicated and as long as bind works OK see no need to change.
I didn't test it, because I used a simpler program last time I installed a
nameserver (didn't remember the name), because I don't need all the
complexity of BIND-like programs. But looks like djbdns is a good program.
It is even not vulnerable to the DNS poisoning exploit:
http://cr.yp.to/djbdns/blurb.html
I wrote a small name server myself, for the backup web server that runs from an SDcard
in a Linksys wireless access point:
http://panteltje.com/panteltje/wap54g/index.html#wapserver
As that name server is not finished (and perhaps never will) I am not releasing it and its source,
also to protect myself against evil forces wanting to see where all the weak spots are.
Now that runs the simplest web server you can imagine.
Asking for a login keeps most of the bots out.
I'm glad that I don't have to maintain the infrastructure and constantly
monitoring security issues, appplying patches etc. Nameserver and eMail
just works. It is not the cheapest, but my ISP has more than 2 million
paying customers, so there is a good chance that problems are fixed fast.
Well, some have 1 euro / minute help desks, and then once you get a line have to explain to THEM what
they need to fix....
I tried more then 7 ISPs, now I have 'direct-adsl', faster, cheaper, better.
This depends on where you use the language. I don't write bug-free
programs, so I would feel uncomfortable to write a web application in C,
because it could have buffer overflows or crash the whole web server
program. If I write it in Java, I just get a nice exception trace in a log
file, but the rest of the server program continues to work and low-level
bugs like buffer overflows are impossible in Java (as long as you don't use
native parts of the system, like JPEG decoding).
I have a bit different philosophy about all this.
These days it seems like the following tactics are used:
A lock on every door in the house with 2 keys to open it, and an open front door.
I do prefer a good fence with a good lock, and doors and windows in the house that
you just can open without locks.
No, I do not always check for buffer overflow [exploits], for example this news reader
will likely crash if some overflow is deliberately created.
So what.
I do not know a lot about Java, in fact all I know is that it is slow, does not have pointers,
that makes it not interesting for me.
Now Java-people claim it is not slow, but some also claim the world is flat.
My view is that people who attack the internet, and its applications, an internet that
is used by much of humanity, and many things that are becoming more and more essential
to us are based on it, should get the death penalty.
Now that will help.
And that also goes for those self serving people who publish new attacks every so often,
like Kaspersky & friends, lock am up and execute them.
It is just their ego and business, the virus writers are THEY, and lots of little script kiddies
use their ideas and tools to create havoc.
Bit extreme POV I have, but alas, it is that way.
Today most people think it is cool to
