Nominum Calls Open Source DNS "a Recipe For Problems"

Raindeer writes "Commercial DNS software provider Nominum, in an effort to promote its new cloud-based DNS service, SKYE, has slandered all open source/freeware DNS packages. It said: 'Given all the nasty things that have happened this year, freeware is a recipe for problems, and it's just going to get worse. ... So, whether it's Eircom in Ireland or a Brazilian ISP that was attacked earlier this year, all of them were using some variant of freeware. Freeware is not akin to malware, but is opening up those customers to problems.' This has the DNS community fuming. Especially when you consider that Nominum was one of the companies affected by the DNS cache poisoning problem of last year, something PowerDNS, MaraDNS and DJBDNS (all open source) weren't vulnerable to."

BIND is past it's sell-by date.

[Animats]

BIND, like Sendmail, is one of those legacy pieces of Berkeley software from the 1980s that should have been retired a long time ago.

A basic problem with both of those packages is that they're database applications without a database. Back in the 1980s, there were no good database programs available for UNIX, and some apps had to roll their own. We're way past that.

There are open-source database-based alternatives. Qmail is a database-based replacement for Sendmail, and it's generally considered to be much more stable and secure. (At this late date, nobody should be running Sendmail.) There's MyDNS, which is a MySQL-based DNS program, but that's never really caught on. The big commercial DNS systems are all database-based.

Re:Yeah, Like Closed Source is better.

[schon]

because the poster child of closed source - Windows - is *so* secure...

Nonono.. didn't you read the summary?

Freeware is not akin to malware, but is opening up those customers to problems.

He's obviously saying that "Freeware" is the only way that malware can attack your system, so therefore he thinks that Windows is "Freeware"!

NLnet Labs software

[funkboy]

Let's just compare the performance, reliability, scalability, and security between Nominum's products and NSD and Unbound. For the moment, have a look specifically at Wouter's presentation from RIPE a year and a half ago for a beta version of Unbound, which show it handling double the number of queries per second of PowerDNS and Bind9 (start at page 11). We're now at version 1.3.3, and I've got an entry-level 1u Xeon server that will handle about 10kqps before slowing down with an Unbound config that took me all of an hour to learn, configure, and tune for optimum performance.

BTW, credit where credit is due, I've got to say thanks to Nominum for open-sourcing their DNS performance testing tools, which was what I used to test my Unbound setup. I think this marking campaign is a result of the right hand not knowing what the left hand is doing, as PowerDNS et. al. were not created in a vacuum and certainly rely on open-source libraries for various things.

Re:Well

[thejynxed]

That's because unlike -any- of the other News Corp properties, the WSJ is actually worth paying for. And guess what? It didn't get that way from any effort put forth by News Corp or Murdoch.