Slashdot Mirror

← Back to Stories (view on slashdot.org)

Nominum Calls Open Source DNS "a Recipe For Problems"

Posted by Soulskill on from the dem's-fightin'-woids dept.

Raindeer writes "Commercial DNS software provider Nominum, in an effort to promote its new cloud-based DNS service, SKYE, has slandered all open source/freeware DNS packages. It said: 'Given all the nasty things that have happened this year, freeware is a recipe for problems, and it's just going to get worse. ... So, whether it's Eircom in Ireland or a Brazilian ISP that was attacked earlier this year, all of them were using some variant of freeware. Freeware is not akin to malware, but is opening up those customers to problems.' This has the DNS community fuming. Especially when you consider that Nominum was one of the companies affected by the DNS cache poisoning problem of last year, something PowerDNS, MaraDNS and DJBDNS (all open source) weren't vulnerable to."

8 of 237 comments (clear)

  1. Even if what they say is true... by Aim+Here · · Score: 4, Interesting

    ... how can you trust these guys to write your DNS software? They're the very guys who were contracted to write Bind9, the foremost open source domain name server, which they're now complaining about.

    And, from TFA:

    You really do need to look under the hood and kick the tyres. Maybe it's a Ferrari on the outside, but it could be an Austin Maxi on the inside.

    Reconcile THAT little gem with support for closed source software.

  2. Re:Blow more smoke up our posteriors... by MightyMartian · · Score: 4, Interesting

    Does the word "cloud" have any particular meaning? Of course you should have multiple geographically and network diverse DNS servers. I run my master DNS on my own server, but my pay like $10 a year for my secondaries, which slave to the master. Under no circumstances will I ever give up control of my DNS, or use some shitty web app to manage my DNS records, and that's why I insist that the master (even if invisible) sit squarely on my end.

    But then again, this has been the general recommendation for a couple of decades now, so I have no idea what "cloud computing" has to do with it. Offsite mirrors of critical data, DNS or otherwise, is simply sound practices.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
  3. Re:Well by secmartin · · Score: 4, Interesting

    That's why we have bloggers, right? Journalists are paid to copy-paste from press released, while bloggers derive their satisfaction from actually reading between the lines / further than the press release (that is, of course, generally speaking; there is at least some good investigative journalism left).

    I just had a great example of this in my mailbox. A press release from a storage company announcing a new trade-in program; it's amazing how many websites just copy-pasted the cheerful announcement without mentioning they are facing a delisting from the NASDAQ or any other useful background info. Examples like this keep popping up, it makes you wonder about Murdoch's plans to charge for that "premium" content...

  4. Re:Freeware will not eat your children by Zan+Lynx · · Score: 3, Interesting

    In what universe is chroot not a security measure?

    It is not perfect security all by itself, but it is *a* security measure. It prevents several classes of local escalation attacks.

    You may as well claim that BSD's jail, alternate namespaces and virtual machines are not a security measure. None of those are perfect, but every little bit helps.

  5. Nominum = $$$$ by golden.radish · · Score: 3, Interesting

    If you've ever had the pleasure of actually seeing a quote from Nominum, you'll see why they're so down on 'freeware'.

    Nominum's DNS software is extremely (and I mean VERY) expensive. For anyone. And I don't just mean it's hundreds or thousands of dollars. It's HUNDREDS _OF_ THOUSANDS of dollars for even a few licenses.

    I suspect sales are down (in these uncertain economic times *cough*) so slandering the competition (errrmmm... how do you compete with free?) is apparently the current marketing strategy.

    Happily, this interview/article makes me dislike them and their products even more than I already did.

  6. Re:Well by lorenlal · · Score: 4, Interesting

    That answer just pisses me off.

    If I have a secret way of blocking a hacker...

    Right. That sounds like an awesome idea. How useful is that "secret" if the customer knows about it? It needs to be documented in that case, which means everyone knows about it, which means it's another attack surface. Plus, there must be a way of turning that feature back off.

    If the customer doesn't know about it. It's only a matter of time before said hacker finds out about it, cause it will get out there. It also means that anyone who works (and worked for) said vendor can exploit that feature for their own purposes. The customer who paid for the software is just left out in the cold. Good job there. Sounds like an excellent reason to not use open code.

    Well done Nominum...

  7. Re:Blow more smoke up our posteriors... by TooMuchToDo · · Score: 3, Interesting

    I had a client who wanted to use either DynDNS Enterprise or UltraDNS, and priced both out for them. When the UltraDNS sales dude called me to find out why they didn't win the business, I told them because DynDNS was $250/month (thousands of A records) and they wanted $3500/month. He said "Oh, I thought you were looking for enterprise-grade DNS services." I responded with an email, "What do you provide that they don't?". Never heard back. UltraDNS can go DIAF. Gougers like that belong with lawyers, at the bottom of the ocean.

  8. "a secret way of blocking a hacker" by alizard · · Score: 4, Interesting

    security by obscurity = automatic EPIC FAIL.

    I won't be using nominum services, even if there's a free version. That's a confession of incompetence.

    --
    Tech Public Policy stuff