On Fri, 7 Dec 2007, Adam Tkac wrote:
Why? Generally dnsmasq (or other lightweight) DNS server beat BIND
with executable size and performance on one processor systems. In
other cases like functionality, performance on multi cores and
portability beat BIND other servers. And as I wrote above future of
DNS is in DNSSEC. And I'm not sure if dnsmasq author is eager to
implement it. That's why BIND should not be marked as irrelevant on this
field.
Okay, so I asked him.
His reply:
You're right that dnsmasq attempts to preserve security information: to
the extent that signed packets are passed through bit-perfect to avoid
breaking the signature, It doesn't, however actually know about DNSSEC
at all.
My attitude is that I'm very happy to take a patch which implements
checking (preferably with suitable #ifdefs so it can be ommitted, if
it's big). I'm not in a position to do the work myself at the moment. I
don't have the knowledge, and I don't have the time to aquire it.
IOW, our standard mantra: "patches accepted." :-)
Jima
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
