Nominum Calls Open Source DNS "a Recipe For Problems"

← Back to Stories (view on slashdot.org)

Nominum Calls Open Source DNS "a Recipe For Problems"

Posted by Soulskill on Wednesday September 23, 2009 @05:28AM from the dem's-fightin'-woids dept.

Raindeer writes "Commercial DNS software provider Nominum, in an effort to promote its new cloud-based DNS service, SKYE, has slandered all open source/freeware DNS packages. It said: 'Given all the nasty things that have happened this year, freeware is a recipe for problems, and it's just going to get worse. ... So, whether it's Eircom in Ireland or a Brazilian ISP that was attacked earlier this year, all of them were using some variant of freeware. Freeware is not akin to malware, but is opening up those customers to problems.' This has the DNS community fuming. Especially when you consider that Nominum was one of the companies affected by the DNS cache poisoning problem of last year, something PowerDNS, MaraDNS and DJBDNS (all open source) weren't vulnerable to."

16 of 237 comments (clear)

Min score:

Reason:

Sort:

Well by Spazztastic · 2009-09-23 05:34 · Score: 3, Informative

I hope he doesn't run any Linux distributions in his company, at all. That would make him a hypocrite.

--
Posts not to be taken literally. Almost everything is sarcasm.
1. Re:Well by ichthus · 2009-09-23 05:36 · Score: 2, Informative
  
  Ah, but he does.
  
  --
  sig: sauer
2. Re:Well by Spazztastic · 2009-09-23 05:37 · Score: 3, Informative
  
  Ah, but he does.
  
  The argument will be that since they run Redhat it's not considered open source or freeware, even though it is a Linux distribution that is proprietary.
  
  --
  Posts not to be taken literally. Almost everything is sarcasm.
3. Re:Well by mellon · 2009-09-23 05:53 · Score: 2, Informative
  
  We not only run Linux, we *support all our products* on various versions of Linux and FreeBSD (and Solaris, for that matter, which I guess is open source these days).
  Sigh.
4. Re:Well by Anonymous Coward · 2009-09-23 06:48 · Score: 2, Informative
  
  Freeware != Open Source. Open Source is just that, the source is open to view and interprete. Freeware can be closed source and distributed for free under various licensing. The confusing part is many open source projects are released free of charge, and therefore open source and also be freeware (but doesnt have to be).
5. Re:Well by Spazztastic · 2009-09-23 06:54 · Score: 2, Informative
  
  Red hat is open source, but not free. They're talking trash about 'freeware'. Just sayin'
  RTFA, he's bashing Open Source and freeware.
  
  Q: What characterises that open-source, freeware legacy DNS that you think makes it weaker?
  A: Number one is in terms of security controls. If I have a secret way of blocking a hacker from attacking my software, if it's freeware or open source, the hacker can look at the code.
  
  --
  Posts not to be taken literally. Almost everything is sarcasm.
6. Re:Well by noundi · 2009-09-23 07:49 · Score: 2, Informative
  
  Freeware != Open Source. Open Source is just that, the source is open to view and interprete. Freeware can be closed source and distributed for free under various licensing. The confusing part is many open source projects are released free of charge, and therefore open source and also be freeware (but doesnt have to be).
  Thank you for that very irrelevant lecture, now here's some relevant lecture for you.
  
  --
  I am the lawn!
Breaking news by noundi · 2009-09-23 05:43 · Score: 2, Informative

A company has just promoted their own policies and products while at the same time demoting those of their competitors. People are in a state of shock, children are crying, students are demonstrating and the president is making an announcement later this evening. The UN has named this day the annual PR stunt day.

--
I am the lawn!
not impressed by screeble · 2009-09-23 05:45 · Score: 3, Informative

I have some familiarity with SRD/IPRD and I have to say that I'm not very impressed with Nominum.
Single-user root admin in our deployment and a hideous java/windows front end for end-users... One which is so crappy we don't deploy.
Their training is USAstyle puppy mill powerpoint demos running on virtual machines.
Couple that with the fact that they were subject to the same DNS exploits as some of the "vendors" they are trashing in the article and I just think...
Man, what a bunch of ass hats spinning market droid fluff. Somehow, I'm not surprised.
(The views expressed in this post are mine alone and do not necessarily reflect the views of my employer.)
Re:Even if what they say is true... by jggimi · 2009-09-23 06:00 · Score: 4, Informative

Bind is ISC licensed, which is similar to a BSD license. Disclosure is not required. See this example template.
Re:BIND is past it's sell-by date. by Sir+Homer · 2009-09-23 06:01 · Score: 2, Informative

You must be talking of an older version of Bind. Bind9 can use a wide variety of database backends. It's also a complete rewrite.
Re:Blow more smoke up our posteriors... by fafaforza · 2009-09-23 06:21 · Score: 3, Informative

But it's such a good business. I know of one colo client that has DNS for a domain with UltraDNS. We're talking about a single domain with maybe a dozen records. The bill? It was over $2K per month. And we aren't talking about a Fortune500 company here. All those techie sounding terms, trademarked labels, and slick marketing comeons work well with IT "managers".
Re:DoS on PowerDNS? by ahu · 2009-09-23 07:43 · Score: 3, Informative

Nothing too serious, probably a prank from some bored employees at the time. We asked some of the Nominum people what they were up to, since we'd been receiving packets that caused PowerDNS to crash from Nominum IP space.
I seem to recall one of their (ex-)employees eventually even told us which bug they had been triggering.
I don't for a moment believe this was a Nominum-sanctioned activity.
But this is all way back in the mists of time, the beginning of 2002.
Bert
(PowerDNS)
Re:Is this the same Nominum? by CTachyon · 2009-09-23 07:48 · Score: 4, Informative

Isn't Nominum that company that was formed about ten years ago for the purpose of developing the open source BIND and DHCP for ISC?
Yeah, these guys.
And now they're turning around and saying "Don't use that open source BIND because it's crap. We should know, we wrote it!"
Even more beautifully, try digging the version numbers from their nameservers:
$ dig +short @ns1.nominum.net CH TXT version.bind.
"Nominum ANS 3.0.1.0"
$ dig +short @ns2.nominum.net CH TXT version.bind.
"9.3.5-P2"
$ dig +short @ns3.nominum.net CH TXT version.bind.
"Nominum ANSPremier 4.1.0.0"
One of the 3 nameservers for their own domain is running BIND, and a fairly old version of it at that!

--
Range Voting: preference intensity matters
Re:Freeware will not eat your children by coolsnowmen · 2009-09-23 08:03 · Score: 2, Informative

Breaking out of a chroot jail requires a program with root privileges, that is, it requires another security hole to exist to allow you to get out of it.
Re:Good Grief by MightyMartian · 2009-09-23 08:39 · Score: 5, Informative

Well, I haven't seen a product that is as powerful as Bind9, paid or unpaid. The pain in the ass bit is simply the configuration, which when you start talking about various views based on ACLs, can get a bit eye-splitting (but then again, that applies to lots of things with ACLs, like Cisco IOS, Squid, etc).
The guy is a liar. You know it. I know it. I think anybody who actually works with DNS infrastructure knows it.

--
The world's burning. Moped Jesus spotted on I50. Details at 11.