Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> why don't they just use bind9?

Because bind9 is not a dns server but a collection of all available CVE types for further studying.



I guess wikipedia doesn't agree with you:

"BIND is the de facto standard DNS server"

https://en.wikipedia.org/wiki/Comparison_of_DNS_server_softw...

9 just being the currently deployed version.

A non-wikipedia reference:

https://dn.org/a-comprehensive-comparison-of-popular-dns-ser...

Although this article does state that bind's "configuration files and options require careful attention to detail".

So, maybe it's not appropriate for the modern hype-cycle s/w development model?

In general, I don't think I'm disagreeing with you, so I'm not sure what message the reply is intended to convey.

Technitium seems like another one of those: "My weekend hobby project was to reinvent fire, and the wheel" sort of things, that seem popular on the HN feed.

My favorite feature of bind is "split views". This allows the same service to provide DNS on the local LAN, as well as authoritative DNS to the internet.


I am fan of Technitium, because I like to build and I built two plugins for it to fit my use case. But at work, we use Windows DNS and Bind in parallel. So, this is also a hobby of mine. The hook for me is that it is built with dotnet, and I have experience in that stack. Other features are secondary actually.

I am curious though, what would TDNS do so that you can replace BIND with TDNS in your homelab/workplace or wherever it is used? I genuinely ask for it so that I can help the original developer with some PRs.


> I guess wikipedia doesn't agree with you:

Are you kidding? Bind has been the de facto standard for DNS servers for ages but it's just a badly engineered piece of software and had braindead vulnerabilities for decades:

https://www.cvedetails.com/vulnerability-list/vendor_id-64/p...

Already 20 years ago it was common knowledge to never use software that Paul Vixie had touched (bind, vixie-cron, sendmail ...) and we used alternatives such as djbdns. Good old times...


After just a short search to try to come up with some numbers, I find that between 60% and 90% of internet DNS servers are running bind.

And yet somehow, the internet has much bigger problems...


Bold statement just one month after the last cache poisoning vulnerability. Bind is the Microsoft Windows of DNS servers - a lot of users and bugs nonetheless the go-to for many admins because that's what they are most familiar with. And similar to Windows, the internet mostly relies on others - none of the big companies (Meta, Cloudflare, Google, MS, Amazon, Netflix, Twitter...) use bind and neither do most hobbyists. It's just for the plethora of mid-sized companies with unmotivated admins.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: