Forgot your password?
typodupeerror
Networking Technology

Nominum Calls Open Source DNS "a Recipe For Problems" 237

Posted by Soulskill
from the dem's-fightin'-woids dept.
Raindeer writes "Commercial DNS software provider Nominum, in an effort to promote its new cloud-based DNS service, SKYE, has slandered all open source/freeware DNS packages. It said: 'Given all the nasty things that have happened this year, freeware is a recipe for problems, and it's just going to get worse. ... So, whether it's Eircom in Ireland or a Brazilian ISP that was attacked earlier this year, all of them were using some variant of freeware. Freeware is not akin to malware, but is opening up those customers to problems.' This has the DNS community fuming. Especially when you consider that Nominum was one of the companies affected by the DNS cache poisoning problem of last year, something PowerDNS, MaraDNS and DJBDNS (all open source) weren't vulnerable to."
This discussion has been archived. No new comments can be posted.

Nominum Calls Open Source DNS 'A Recipe For Problems'

Comments Filter:
  • Well (Score:4, Informative)

    by Spazztastic (814296) <spazztastic@NOSPaM.gmail.com> on Wednesday September 23, 2009 @01:34PM (#29518229)

    I hope he doesn't run any Linux distributions in his company, at all. That would make him a hypocrite.

    • Re: (Score:3, Informative)

      by ichthus (72442)
      Ah, but he does. [netcraft.com]
      • Re:Well (Score:4, Informative)

        by Spazztastic (814296) <spazztastic@NOSPaM.gmail.com> on Wednesday September 23, 2009 @01:37PM (#29518283)

        Ah, but he does. [netcraft.com]

        The argument will be that since they run Redhat it's not considered open source or freeware, even though it is a Linux distribution that is proprietary.

        • Re:Well (Score:5, Insightful)

          by the_womble (580291) on Wednesday September 23, 2009 @01:42PM (#29518423) Homepage Journal

          The argument will be that since they run Redhat it's not considered open source or freeware, even though it is a Linux distribution that is proprietary.

          It is easy enough to prove that Red Hat is open source, the problem is that the "repeat the press release" standard of journalism of the article that accepts any assertion made by an interviewee or a press release as fact.

          • Re:Well (Score:4, Insightful)

            by commodore64_love (1445365) on Wednesday September 23, 2009 @01:48PM (#29518525) Journal

            +5 insightful. That's what most journalists do today - just publish the press release word-for-word, minus a few edits to make it fit inside the available column space or 1-minute soundbite. It's reached the point where you assume the journalists are just mouthpieces for the corporate liars (aka marketers).

            • by fafaforza (248976)

              But why is it the journalist's job to spell out that you're reading a press release from a commercial DNS provider denigrating competition. It should be in everyone's ability to take a press release as company's marketing drivel, and whatever assertions they make about competing products as attempts to promote their own products, unless proven otherwise.

              • Re:Well (Score:5, Insightful)

                by whoever57 (658626) on Wednesday September 23, 2009 @02:24PM (#29519131) Journal

                But why is it the journalist's job to spell out that you're reading a press release from a commercial DNS provider denigrating competition.

                Because that's the job of a reporter -- to investigate, analyse, interpret and explain the information. Otherwise, the reporter is adding no value and simple economic theory would suggest that his/her job should disappear.

                And newspaper owners wonder why they are losing business?

                • Re: (Score:3, Insightful)

                  by value_added (719364)

                  Because that's the job of a reporter -- to investigate, analyse, interpret and explain the information. Otherwise, the reporter is adding no value and simple economic theory would suggest that his/her job should disappear.

                  Ideally, yes. The problem, however, is that most non-investigative types of news stories originate from some kind of announcement, be it a speech, event, or press release. And most of those don't come with handout that lists of the names of people to call for more information. You get

            • Re:Well (Score:5, Interesting)

              by secmartin (1336705) on Wednesday September 23, 2009 @02:21PM (#29519095)

              That's why we have bloggers, right? Journalists are paid to copy-paste from press released, while bloggers derive their satisfaction from actually reading between the lines / further than the press release (that is, of course, generally speaking; there is at least some good investigative journalism left).

              I just had a great example of this in my mailbox. A press release from a storage company announcing a new trade-in program; it's amazing how many websites just copy-pasted the cheerful announcement without mentioning they are facing a delisting from the NASDAQ [storage-news.com] or any other useful background info. Examples like this keep popping up, it makes you wonder about Murdoch's plans to charge for that "premium" content...

              • Re: (Score:3, Insightful)

                by FooAtWFU (699187)
                I can't speak for the rest of News Corp property, but: love it or hate it, The Wall Street Journal is one of those newspapers which still does that meaningful investigation and reporting. And they charge for (full) online access. And people pay for it.
            • by noundi (1044080)

              +5 insightful. That's what most journalists do today - just publish the press release word-for-word, minus a few edits to make it fit inside the available column space or 1-minute soundbite. It's reached the point where you assume the journalists are just mouthpieces for the corporate liars (aka marketers).

              Don't forget the sensational headline that sells the nonsense. Journalism (or rather sensationalism) has become a real filthy profession, and it's a real shame if you ask me. But perhaps it's one of those occupations that are bound to die with the internet era. We no longer need anybody to report the news, the "news" is all around us, all the time -- everywhere, and I don't value hearsay from a journalist higher than hearsay from a peer on the net. Journalism is a method to bring the world closer to you, bu

          • Re:Well it's ZDNet (Score:3, Interesting)

            by b4dc0d3r (1268512)

            First, it's an interview. A lot of interviews tend to be one-sided. Especially on non-controversial issues, but the interviewer is obviously not aware of any potential controversy.

            Second, it would be a good idea to post a comment there, and mail the interviewer and CC the editor. Let them know that they have essentially printed an advertisement, and that some alternative viewpoint would be in order, or at least questioning the claims.

            Third, and most important, ZDNet is not known for investigative journal

        • Re: (Score:3, Insightful)

          by EvilRyry (1025309)
          You can download all the SRPMs for free. How do you get any more open source than that?
          • by idontgno (624372)
            True. [centos.org]
    • Re: (Score:3, Informative)

      by mellon (7048)

      We not only run Linux, we *support all our products* on various versions of Linux and FreeBSD (and Solaris, for that matter, which I guess is open source these days).

      Sigh.

  • by ichthus (72442) on Wednesday September 23, 2009 @01:35PM (#29518241) Homepage
    Linux seems to be fine for them to run their web server [netcraft.com].
  • by autocracy (192714) <slashdot2007NO@SPAMstoryinmemo.com> on Wednesday September 23, 2009 @01:36PM (#29518267) Homepage
    I'll sum up their argument: We use security through obscurity, and that makes us better. You should pay us for that. Also, when we say "cloud-based," we really just mean "in our data centers." They're really abusing the definition of cloud computing, just because it's the current profit-generating buzzword.
    • by omnichad (1198475)

      Yeah - you need to get that off your server in the data center, and into our "cloud."

    • Re: (Score:3, Insightful)

      by stevey (64018)

      Also "freeware" and "open source" mean the same thing, and we'll try to make you associate them with "malware".

    • by fafaforza (248976) on Wednesday September 23, 2009 @02:21PM (#29519089)

      But it's such a good business. I know of one colo client that has DNS for a domain with UltraDNS. We're talking about a single domain with maybe a dozen records. The bill? It was over $2K per month. And we aren't talking about a Fortune500 company here. All those techie sounding terms, trademarked labels, and slick marketing comeons work well with IT "managers".

      • by TooMuchToDo (882796) on Wednesday September 23, 2009 @05:35PM (#29522411)
        I had a client who wanted to use either DynDNS Enterprise or UltraDNS, and priced both out for them. When the UltraDNS sales dude called me to find out why they didn't win the business, I told them because DynDNS was $250/month (thousands of A records) and they wanted $3500/month. He said "Oh, I thought you were looking for enterprise-grade DNS services." I responded with an email, "What do you provide that they don't?". Never heard back. UltraDNS can go DIAF. Gougers like that belong with lawyers, at the bottom of the ocean.
  • Good Grief (Score:5, Insightful)

    by MightyMartian (840721) on Wednesday September 23, 2009 @01:39PM (#29518321) Journal

    I don't know about you, but any company that feels the only way they can sell their product is to basically slander their competitors isn't likely to get my attention. As it is, and as much of a pain in the ass as Bind can be, I have yet to encounter anything quite as powerful as Bind9. It's certainly not without flaws, but after having had to deal with the inadequacies of Microsoft's DNS, anyone who comes up to me and says "Oh yeah, those open source DNS servers are the lesser products" is either a liar or a moron.

    • Re:Good Grief (Score:5, Insightful)

      by Monkeedude1212 (1560403) on Wednesday September 23, 2009 @01:42PM (#29518415) Journal

      I don't know about you, but any company that feels the only way they can sell their product is to basically slander their competitors isn't likely to get my attention.

      And from the blog thats linked:

      Way, way back when, Nominum employees successfully performed a denial of service attack on PowerDNS. I thought they had grown over this kind of behavior, but it appears they didn't.

      I hope no one goes to Nominum, they play dirty. I don't think the internet needs to be more dirty, what with all the scammers out there, both hackers and ISP's alike.

    • Re: (Score:3, Interesting)

      by flyingfsck (986395)
      In Win2003, the Microsoft DNS is a slightly modified version of BIND8 with a BSD licence. It is hidden in there somewhere under the wizards.
    • Re: (Score:3, Interesting)

      by jellomizer (103300)

      "Oh yeah, those open source DNS servers are the lesser products" is either a liar or a moron.

      Unless you are really selling a better product then the Open Source product is a lesser product.

      Being as you admit that Bind is a pain in the ass. If one would create a product just as good as bind but with a nicer UI then it will be a superior product.

      Or...

      Depending on your point of view on what features you find important simpler apps my be superior to Bind because they may do what you want but without the hassle

      • Re:Good Grief (Score:5, Informative)

        by MightyMartian (840721) on Wednesday September 23, 2009 @04:39PM (#29521453) Journal

        Well, I haven't seen a product that is as powerful as Bind9, paid or unpaid. The pain in the ass bit is simply the configuration, which when you start talking about various views based on ACLs, can get a bit eye-splitting (but then again, that applies to lots of things with ACLs, like Cisco IOS, Squid, etc).

        The guy is a liar. You know it. I know it. I think anybody who actually works with DNS infrastructure knows it.

  • by Aim Here (765712) on Wednesday September 23, 2009 @01:39PM (#29518347)

    ... how can you trust these guys to write your DNS software? They're the very guys who were contracted to write Bind9, the foremost open source domain name server, which they're now complaining about.

    And, from TFA:

    You really do need to look under the hood and kick the tyres. Maybe it's a Ferrari on the outside, but it could be an Austin Maxi on the inside.

    Reconcile THAT little gem with support for closed source software.

    • by Spazztastic (814296) <spazztastic@NOSPaM.gmail.com> on Wednesday September 23, 2009 @01:42PM (#29518421)

      ... how can you trust these guys to write your DNS software? They're the very guys who were contracted to write Bind9, the foremost open source domain name server, which they're now complaining about.

      The other question is if they are now using elements of the Bind9 source in their closed source system and are not properly disclosing it.

      • Re: (Score:2, Interesting)

        by sexconker (1179573)

        No, the other question is whether or not they are using the same exact code that they claim is shit, while maintaining that their product is somehow more secure.

        I bet they are.

        Licensing issues are low on the scale of "what matters here".

        • by gad_zuki! (70830)

          BIND isnt GPLd. Its BSD or similar. So you could do what these guys are doing:

          Compile BIND, perhaps add a little something, give it a cool name, and slag it in public.

          Profit? Probably not.

      • by jggimi (1279324) on Wednesday September 23, 2009 @02:00PM (#29518741)
        Bind is ISC licensed, which is similar to a BSD license. Disclosure is not required. See this example template [wikipedia.org].
      • Re: (Score:3, Insightful)

        by ajs (35943)

        ... how can you trust these guys to write your DNS software? They're the very guys who were contracted to write Bind9, the foremost open source domain name server, which they're now complaining about.

        The other question is if they are now using elements of the Bind9 source in their closed source system and are not properly disclosing it.

        There's no disclosure requirement. Welcome to the joys of BSD licensing.

        (personally, I respect people who want to give away all control of their work, but you can't then complain that someone lied about where they got it)

    • Re: (Score:3, Funny)

      When someone on /. Reads TFA and links a Car analogy - does that cancel each other out?

  • by Chris Mattern (191822) on Wednesday September 23, 2009 @01:40PM (#29518353)

    ...proprietary software company says you should buy their product instead of using something else.

    I'm shocked, I tell you. Just shocked.

  • by spun (1352) <(moc.oohay) (ta) (yranoituloverevol)> on Wednesday September 23, 2009 @01:42PM (#29518407) Journal

    "But it is opening up these customers to problems." Nice, textbook FUD/propaganda. Put the thought out there. Deflect attention from your own failings. Lump all 'freeware' DNS into the same basket. Call it 'freeware' instead of Open Source to link it to badly written DOS/Windows programs. Wow, this company is sleazy. It would be such poetic justice for some grey hat hackers to take these goons down.

    Open source DNS is tried and true, everyone uses it. No one was ever fired for installing BIND. This new flash in the pan company has been hacked before, how long until they are hacked again? Why trust your DNS to some untested startup using inappropriate buzzwords like 'cloud computing?' Why pay for what you can get for free? Why outsource your DNS to someone who may or may not be here tomorrow? Heh. We can play at the FUD game, too.

    • No one was ever fired for installing BIND

      Maybe some should have been, given BIND's abysmal security record. At least recent versions run chrooted, so you only lose control of DNS (and, therefore, potentially get your customers redirected to a malware site and your mail redirected to a scammer), and don't get the whole machine rooted, but it's not a huge benefit. BIND 9 has a much better security record than the previous versions (most security holes have 'just' been DoS vulnerabilities), but BIND 8 was a joke.

      • Re: (Score:3, Insightful)

        by spun (1352)

        First, chroot is not a security measure. It was not designed as such, and it will not protect you from knowledgeable intruders.

        Sure, BIND has had problems, but as you mentioned, the newest version is pretty tight. What's the take-away from this? Keep your servers patched. Duh.

        • by Zan Lynx (87672) on Wednesday September 23, 2009 @02:54PM (#29519555) Homepage

          In what universe is chroot not a security measure?

          It is not perfect security all by itself, but it is *a* security measure. It prevents several classes of local escalation attacks.

          You may as well claim that BSD's jail, alternate namespaces and virtual machines are not a security measure. None of those are perfect, but every little bit helps.

        • Re: (Score:3, Informative)

          by coolsnowmen (695297)

          Breaking out of a chroot jail requires a program with root privileges, that is, it requires another security hole to exist to allow you to get out of it.

    • Re: (Score:3, Interesting)

      by Chandon Seldon (43083)
      Remember: Payware isn't exactly the same as malware, but if they're asking for your credit card it's probably a scam.
  • How can a monoculture be better than free software? At least different versions or different configurations provide a less universal attack vector. Though hosted services get all the security updates together, they don't seem to mention the problem of everyone using the same service.

    • by mellon (7048)

      Monoculture and "free" are orthogonal. If the only thing being run for DNS were Bind 9, that would be a monoculture, even though BIND 9 is open source. I'm guessing you probably didn't mean "monoculture." Certainly given the vigorous competition in the DNS market, the notion that there is a monoculture there doesn't hold up.

      • by omnichad (1198475)

        I'm talking about their claim that a huge NUMBER of open implementations are bad, while saying that users of all should go right over to them. That would consolidate a bunch of users under one piece of software, whose only additional security is the obscurity of not having their source code open for perusal.

        I'm not claiming that there IS a monoculture, I'm claiming that they recommend it as better to the evil "free" alternative.

  • Breaking news (Score:3, Informative)

    by noundi (1044080) on Wednesday September 23, 2009 @01:43PM (#29518429)
    A company has just promoted their own policies and products while at the same time demoting those of their competitors. People are in a state of shock, children are crying, students are demonstrating and the president is making an announcement later this evening. The UN has named this day the annual PR stunt day.
  • 90% of everything (you read) is horsepucky.
  • not impressed (Score:3, Informative)

    by screeble (664005) <[moc.liamg] [ta] [rellufnj]> on Wednesday September 23, 2009 @01:45PM (#29518467)

    I have some familiarity with SRD/IPRD and I have to say that I'm not very impressed with Nominum.

    Single-user root admin in our deployment and a hideous java/windows front end for end-users... One which is so crappy we don't deploy.

    Their training is USAstyle puppy mill powerpoint demos running on virtual machines.

    Couple that with the fact that they were subject to the same DNS exploits as some of the "vendors" they are trashing in the article and I just think...

    Man, what a bunch of ass hats spinning market droid fluff. Somehow, I'm not surprised.

    (The views expressed in this post are mine alone and do not necessarily reflect the views of my employer.)

  • Contradictions (Score:5, Insightful)

    by Bert64 (520050) <bert AT slashdot DOT firenzee DOT com> on Wednesday September 23, 2009 @01:46PM (#29518493) Homepage

    You really do need to look under the hood and kick the tyres. Maybe it's a Ferrari on the outside, but it could be an Austin Maxi on the inside.

    He contradicts himself, he tells you to kick the tyres and look under the hood, and then touts his product which he explicitly states won't let you look under the hood...

  • Freeware? (Score:3, Interesting)

    by gad_zuki! (70830) on Wednesday September 23, 2009 @01:49PM (#29518543)

    I think its interesting that they are using the term freeware instead of open source or FOSS. In a lot of people's minds freeware is shit like bonzai buddy or comet cursor or whatever spyware-laden free software these execs always manager to get on their computers. They equate FOSS with badly written spyware and they keep using the term freeware in their quotes. Interesting. They must have Frank Lutz working for them.

    Im sure a lot of execs find this message believable and are drafting up a 'no freeware' policy to only be diplomatically corrected by the IT dept later on.

    Ironically, I have a hard time trusting non-FOSS freeware. I always wonder if Im getting a virus or a trojan and wondering why I havent been able to find an OSS alternative to closed source windows freeware/nagware programs. Paid for proprietary Im less worried about, but Im not paying for what I consider basic functionality like DNS.

    • Re: (Score:3, Insightful)

      You don't seem the like execs very much. Silicon Valley execs know their website is up today because of their reliance on open source projects. This is why many of those execs pay their employees to contribute back to those projects.
  • by Anonymusing (1450747) on Wednesday September 23, 2009 @01:50PM (#29518557)

    The summary says " Nominum was one of the companies affected by the DNS cache poisoning problem of last year".

    But in the interview, I just read this:

    Q: People's reaction to that may be: 'He would say that, wouldn't he, because he's just trying to sell his product'. How would you answer them?

    A: I would respond to them by saying, just look at the facts over the past six months, at the number of vulnerabilities announced and the number of patches that had to made to Bind and freeware products. And Nominum has not had a single known vulnerability in its software.

    See? The summary can't be right.

    • Oh, silly me. He said SIX MONTHS and the summary said LAST YEAR.

    • by bcmm (768152)
      Gah, I thought people stopped spreading crap about patching five years ago..

      "They're PATCHING the open-source competitor. That means it was BROKEN! We never patch OUR software, therefore you know it isn't broken!"
  • by leto (8058) on Wednesday September 23, 2009 @01:55PM (#29518643) Homepage

    Powerdns was vulnerable to the Kaminsky attack, but in a different way. It was actually easier to spoof the server due to its more actively dropping certain DNS packets. So while it did perform source port randomization, it was not totally immune to the attack either.

    http://doc.powerdns.com/security-policy.html itself states:

    All versions of PowerDNS before 2.9.21.1 do not respond to certain queries. This in itself is not a problem, but since the discovery by Dan Kaminsky of a new spoofing technique, this silence for queries PowerDNS considers invalid, within a valid domain, allows attackers more chances to feed *other* resolvers bad data.

    Though it is phrased as "someone elses problem", in the DNS word of course nothing is "someone elses problem". DNS servers are chained in hierachies and one problem somewhere leads to problems elsewhere. DNS is all about protocol compliance to ensure interoperability. With the "someone elses problem" approach, we would have had no "reflection attack" and "amplification attack" problems either, it being "someone elses problem". Despite the nice phrasing, powerdns caused cache poisoning problems as a result of the Kaminsky attack that needed to be addressed.

    In general, I have a problem with bug reports and changelogs writing things as "improved error handling", "made more robust" or "add security to" which are too often used to hide the real security impact of certain bugs. DJB's policy of "it is not my bug to fix, because it is an operating system bug" is also completely bogus from a system administrator point of view who still ends up with a security problem.

  • 1970 Called (Score:4, Funny)

    by Prototerm (762512) on Wednesday September 23, 2009 @01:56PM (#29518661)

    1970 called: they want their "Security Thru Obscurity" argument back.

  • I don't know about you, but there are certain indications you can pick up on when people are talking about something that gives them away as being total idiots. One of these is conflating the terms "freeware" and "open source." When this is done you can feel free to turn your brain off for the rest of the statement because the person obviously doesn't know what they are talking about. Try listening to someone in the MSM talk about open source and you'll pick up on similar idiotic statements.

    • by base3 (539820)
      They aren't confused. They're intentionally using freeware as a pejorative.
  • by CopaceticOpus (965603) on Wednesday September 23, 2009 @01:59PM (#29518707)

    I have the same problem with using local butchers. They buy their meat on the open market, and it is possible to track that meat down to the farm where the cow came from. Those cows are kept outdoors, where anyone can see them. Lord knows what toxins people might be injecting into those cows.

    That's why I only eat meat from MeatCorp. All of MeatCorp's meat is made behind closed doors, in a giant, guarded metal building. Nobody knows what happens inside, and that makes me feel safe when I eat MeatCorp brand Meat Circles.

  • Biased much?
    I'm sure that we can take seriously the word of a company pushing their own closed-source, commercial DNS server solution, when they say that software you don't have to pay anything for is bad.
  • A lot of root- and toplevel-nameservers run on open source software too. NSD, Bind if I'm not mistaken. Ohh, scary ! Not really, works really well actually. 'Even worse' I think the database-system that runs .org is PostgreSQL.
  • I have a feeling there is going to be a lot of attacks on their DNS infrastructure in the near future.

    That said, they will probably get to prove (if possible) that they are a more secure system. ...or not.

  • Translation (Score:3, Interesting)

    by gmuslera (3436) on Wednesday September 23, 2009 @02:07PM (#29518851) Homepage Journal
    Buy our service or the ManBearPig will catch you. We are more secure because you don't know how much insecure are us, but there was an specific case where the dns used by the vast majority of internet had a (fixed) vulnerability under special circunstances in certain moment.
  • Way, way back when, Nominum employees successfully performed a denial of service attack on PowerDNS.

    Does anyone know what this refers to?

    • Re: (Score:3, Informative)

      by ahu (4707)

      Nothing too serious, probably a prank from some bored employees at the time. We asked some of the Nominum people what they were up to, since we'd been receiving packets that caused PowerDNS to crash from Nominum IP space.

      I seem to recall one of their (ex-)employees eventually even told us which bug they had been triggering.

      I don't for a moment believe this was a Nominum-sanctioned activity.

      But this is all way back in the mists of time, the beginning of 2002.

      Bert
      (PowerDNS)

  • by RiotingPacifist (1228016) on Wednesday September 23, 2009 @02:16PM (#29519005)

    Yo Nominum, im really happy for you, and imma let you finish, but microsoft [microsoft.com] is one of the best trolls of all time!

  • by Minwee (522556) <dcr@neverwhen.org> on Wednesday September 23, 2009 @02:17PM (#29519027) Homepage

    Isn't Nominum that company that was formed about ten years ago for the purpose of developing the open source BIND and DHCP for ISC?

    Yeah, these guys [nominum.org].

    And now they're turning around and saying "Don't use that open source BIND because it's crap. We should know, we wrote it!"

    • by CTachyon (412849) <chronosNO@SPAMchronos-tachyon.net> on Wednesday September 23, 2009 @03:48PM (#29520481) Homepage

      Isn't Nominum that company that was formed about ten years ago for the purpose of developing the open source BIND and DHCP for ISC?

      Yeah, these guys [nominum.org].

      And now they're turning around and saying "Don't use that open source BIND because it's crap. We should know, we wrote it!"

      Even more beautifully, try digging the version numbers from their nameservers:

      $ dig +short @ns1.nominum.net CH TXT version.bind.
      "Nominum ANS 3.0.1.0"
      $ dig +short @ns2.nominum.net CH TXT version.bind.
      "9.3.5-P2"
      $ dig +short @ns3.nominum.net CH TXT version.bind.
      "Nominum ANSPremier 4.1.0.0"

      One of the 3 nameservers for their own domain is running BIND, and a fairly old version of it at that!

  • Hi,

    having evaluated and supported a lot of DNS software in the last years, i have to concede some truth to those statement (for other reasons than mentioned), especially concerning the still heavily used BIND. E.g. BIND 9 is a software, i would not encorurage to use in certain environments (>100K zones for authorative, more than 5K queries per second for caching nameservers). The code of BIND isn't something, i want to debug (been there, done that). The weirdest thing (last checked with BIND 9.6.0): With

  • by Alain Williams (2972) <addw@phcomp.co.uk> on Wednesday September 23, 2009 @02:35PM (#29519299) Homepage
    because few people use it so it just isn't a worth while target [v3.co.uk]. Oh, ... wait [serverwatch.com] ....

    We have heard that tired, old argument before, a few idiot CIOs will swallow it, happy to pay top dollar for something that the free s/ware does better. Let them, as long as Nominum sticks to the RFCs and doesn't fork the spec - we don't care.

  • by DrWho520 (655973) on Wednesday September 23, 2009 @02:51PM (#29519497) Journal
    Do not fume about it. Do not rage on a forum about it. Do not send you buddy and e-mail pointing out the stupidity of their comments. Make a press release containing the facts and release it.
  • Nominum = $$$$ (Score:3, Interesting)

    by golden.radish (1459385) on Wednesday September 23, 2009 @02:55PM (#29519587)

    If you've ever had the pleasure of actually seeing a quote from Nominum, you'll see why they're so down on 'freeware'.

    Nominum's DNS software is extremely (and I mean VERY) expensive. For anyone. And I don't just mean it's hundreds or thousands of dollars. It's HUNDREDS _OF_ THOUSANDS of dollars for even a few licenses.

    I suspect sales are down (in these uncertain economic times *cough*) so slandering the competition (errrmmm... how do you compete with free?) is apparently the current marketing strategy.

    Happily, this interview/article makes me dislike them and their products even more than I already did.

"A great many people think they are thinking when they are merely rearranging their prejudices." -- William James

Working...