upvote

points

by strenholme16 hours ago |
comments
upvoteby 3ASAF16 hours ago|
next
[-]
People here don't know that MaraDNS was already popular on extremely critical security mailing lists that basically hated anything but qmail and postfix. If you introduce more bugs and blog about them, it will probably gain in popularity. :)
reply
upvoteby fc417fc80216 hours ago|
prev|
next
[-]
> It’s not normal for software to be so poorly written, one doubts the claim that a security bug hasn’t been found in over three years.

Can you back that claim up with at least some sort of theory? Because it doesn't match my perception of the real world, nor does it match my mental model of how CVEs happen.

reply
upvoteby strenholme15 hours ago|
parent|
[-]
Yes, I can.

https://samboy.github.io/MaraDNS/webpage/DNS.security.compar...

Also, my sister post: https://news.ycombinator.com/item?id=48112042

reply
upvoteby fc417fc80215 hours ago|
parent|
[-]
Is that not begging the question? You have asserted X and now you point to a particular track record to back the claim of X up but the track record only serves as valid evidence of X if we already accept your assertion that X is the case.
reply
upvoteby zamadatix9 hours ago|
prev|
[-]
I never used Qmail, so I won't comment on it, but I will say I absolutely consider djbdns narrow in scope as well (before accounting the Unix approach, utilized perhaps even more than in MaraDNS, to break that already narrowed scope down into even more focused binaries).

I had believed (and continue to hold) DNS software containing, e.g., an authoritative DNS server which lacks native TCP or DNSSEC support falls squarely into the "narrowly scoped" bucket and would appreciate if you'd not try to decide my opinion for me on any given project in the future.

reply
upvoteby strenholme6 hours ago|
parent|
[-]
The point of djbdns and qmail was this: It allowed administrators to run a local DNS server securely without needing to constantly patch the code. They were limited in scope, but were perfect for admins who valued security over features.

In an era when DNS was otherwise a monoculture, djbdns was a welcome breath of fresh air.

https://lwn.net/2001/0208/

reply
upvoteby zamadatix2 hours ago|
parent|
[-]
Agreed, and that was a good use case + timing (at least for me a ways back :D). I.e. djbdns being narrow in scope isn't necessarily supposed to be a bad decision, it just doesn't serve as a counterexample to the narrow scope option as it was introduced to be.
reply