I'm wondering, does anyone of you are using djbdns (http://cr.yp.to/djbdns.html) instead of BIND? What are your thoughts. Apart from being vulnerable, BIND frequently crashed.
I'm still using BIND 8.2.3 (the bind8-8.2.3-92 RPM for SuSE 7.1) on my internal server, but am planning to switch the djbdns as soon as I manage to create an RPM from the source, which equates to "as soon as I have the time". I agree with the others that BIND shouldn't be crashing and even if it did, that shouldn't happen with a regularity even remotely close to what you're seeing. I've never had it crash on said internal server (and its backup machine, a 486dx33 with 8MB RAM..). However, I do believe you'll be safer in the long run by dumping it in favour of djbdns. BIND's code is a mess and huge, this seems to be indirectly acknowledged by the ISC themselves. Even though nobody knows of any current security problems, this kind of code is what spawns them regularly. Just look at the list of security related bugs that are being fixed between BIND9 versions.. BIND also has many quirks and shortcomings, uses solutions for problems that don't really fix the problem but instead create new problems, etc. djbdns isn't entirely good, for one it doesn't have as many features as BIND, though many are available as patches from independent contributors. It has a very lean code base, was coded with security in mind and adheres to the UNIX ideal of having small, specialized programs that work well together in a coherent manner. It's also very simple to get running and maintain. Some setups are more complicated than with BIND, e.g. you can't have a DNS server and a DNS forwarder on one IP address, the two are separated in djbdns. You have a separate program for zone transfers, but Dan Bernstein urges everyone to avoid them anyhow and instead use rsync over SSH to transfer zone data securely and more economically. If you're speculating on dumping BIND and going for djbdns, you need to free yourself from the BIND way of thinking. For openminded folks or those who'd like to be, this can be a good exercise. Cheers, Tobias