Announcing a new DNS server implementation

From:	 bugtraq@artemas.reachin.com
To:	 Bugtraq@securityfocus.com
Subject: Announcing a new DNS server implementation
Date:	 Wed, 9 Jan 2002 12:36:31 -0800

About a year ago, there was a thread on Bugtraq, the result of which was 
people asking for a new implementation of a DNS server, since people felt 
that BIND was insecure, and because people felt that DjbDNS had a license 
which was too restrictive.

First of all, BIND 9 is a complete rewrite of BIND, which, so far, has not
had one security problem reported with it.  When people say that "BIND is
insecure", they really ought to say "BIND before BIND 9 is insecure".

In addition, there is my project, MaraDNS.  MaraDNS strives to be a secure
DNS server, by mandating that MaraDNS run as an unprivledged UID, and by
performing its own chroot operation.  In addition, MaraDNS uses a special
string library (which I wrote myself) which is buffer-overflow resistant
(and permits nulls in strings, something which DNS data uses extensivly).

I have just released the first beta release of MaraDNS.  This release has
gone under months of testing by a volunteer crew, and I belive that we
have most of the bugs ironed out.  Now, it is ready to be more extensivly
tested.

Which is why I am announcing MaraDNS on this mailing list.  MaraDNS can be
downloaded here:

        http://sourceforge.net/projects/maradns

MaraDNS, naturally, is fully free and open-sourced.  In fact, MaraDNS is 
public domain code.

Of course, there are some other DNS projects which deserve to be
mentioned.  Pdnsd is a caching-only DNS server; Posadis is a DNS server
undergoing extensive development, and is roughly about where MaraDNS was
about six months ago--I wish them the best of luck; and there was Dents 
which, sadly, stopped development in 1999 or so before being usable.

- Sam