About a year ago, there was a thread on Bugtraq, the result of which was
people asking for a new implementation of a DNS server, since people felt
that BIND was insecure, and because people felt that DjbDNS had a license
which was too restrictive.
First of all, BIND 9 is a complete rewrite of BIND, which, so far, has not
had one security problem reported with it. When people say that "BIND is
insecure", they really ought to say "BIND before BIND 9 is insecure".
In addition, there is my project, MaraDNS. MaraDNS strives to be a secure
DNS server, by mandating that MaraDNS run as an unprivledged UID, and by
performing its own chroot operation. In addition, MaraDNS uses a special
string library (which I wrote myself) which is buffer-overflow resistant
(and permits nulls in strings, something which DNS data uses extensivly).
I have just released the first beta release of MaraDNS. This release has
gone under months of testing by a volunteer crew, and I belive that we
have most of the bugs ironed out. Now, it is ready to be more extensivly
tested.
Which is why I am announcing MaraDNS on this mailing list. MaraDNS can be
downloaded here:
http://sourceforge.net/projects/maradns
MaraDNS, naturally, is fully free and open-sourced. In fact, MaraDNS is
public domain code.
Of course, there are some other DNS projects which deserve to be
mentioned. Pdnsd is a caching-only DNS server; Posadis is a DNS server
undergoing extensive development, and is roughly about where MaraDNS was
about six months ago--I wish them the best of luck; and there was Dents
which, sadly, stopped development in 1999 or so before being usable.
- Sam
