Nominum Calls Open Source DNS "a Recipe For Problems" 237
Raindeer writes "Commercial DNS software provider Nominum, in an effort to promote its new cloud-based DNS service, SKYE, has slandered all open source/freeware DNS packages. It said: 'Given all the nasty things that have happened this year, freeware is a recipe for problems, and it's just going to get worse. ... So, whether it's Eircom in Ireland or a Brazilian ISP that was attacked earlier this year, all of them were using some variant of freeware. Freeware is not akin to malware, but is opening up those customers to problems.' This has the DNS community fuming. Especially when you consider that Nominum was one of the companies affected by the DNS cache poisoning problem of last year, something PowerDNS, MaraDNS and DJBDNS (all open source) weren't vulnerable to."
Well (Score:4, Informative)
I hope he doesn't run any Linux distributions in his company, at all. That would make him a hypocrite.
Re:Well (Score:3, Informative)
Re:Well (Score:4, Informative)
Ah, but he does. [netcraft.com]
The argument will be that since they run Redhat it's not considered open source or freeware, even though it is a Linux distribution that is proprietary.
Breaking news (Score:3, Informative)
not impressed (Score:3, Informative)
I have some familiarity with SRD/IPRD and I have to say that I'm not very impressed with Nominum.
Single-user root admin in our deployment and a hideous java/windows front end for end-users... One which is so crappy we don't deploy.
Their training is USAstyle puppy mill powerpoint demos running on virtual machines.
Couple that with the fact that they were subject to the same DNS exploits as some of the "vendors" they are trashing in the article and I just think...
Man, what a bunch of ass hats spinning market droid fluff. Somehow, I'm not surprised.
(The views expressed in this post are mine alone and do not necessarily reflect the views of my employer.)
Re:Well (Score:3, Informative)
We not only run Linux, we *support all our products* on various versions of Linux and FreeBSD (and Solaris, for that matter, which I guess is open source these days).
Sigh.
Re:Even if what they say is true... (Score:4, Informative)
Re:BIND is past it's sell-by date. (Score:3, Informative)
Re:Blow more smoke up our posteriors... (Score:4, Informative)
But it's such a good business. I know of one colo client that has DNS for a domain with UltraDNS. We're talking about a single domain with maybe a dozen records. The bill? It was over $2K per month. And we aren't talking about a Fortune500 company here. All those techie sounding terms, trademarked labels, and slick marketing comeons work well with IT "managers".
Re:Well (Score:2, Informative)
Freeware != Open Source. Open Source is just that, the source is open to view and interprete. Freeware can be closed source and distributed for free under various licensing. The confusing part is many open source projects are released free of charge, and therefore open source and also be freeware (but doesnt have to be).
Re:Well (Score:3, Informative)
Red hat is open source, but not free. They're talking trash about 'freeware'. Just sayin'
RTFA, he's bashing Open Source and freeware.
Q: What characterises that open-source, freeware legacy DNS that you think makes it weaker?
A: Number one is in terms of security controls. If I have a secret way of blocking a hacker from attacking my software, if it's freeware or open source, the hacker can look at the code.
Re:DoS on PowerDNS? (Score:3, Informative)
Nothing too serious, probably a prank from some bored employees at the time. We asked some of the Nominum people what they were up to, since we'd been receiving packets that caused PowerDNS to crash from Nominum IP space.
I seem to recall one of their (ex-)employees eventually even told us which bug they had been triggering.
I don't for a moment believe this was a Nominum-sanctioned activity.
But this is all way back in the mists of time, the beginning of 2002.
Bert
(PowerDNS)
Re:Is this the same Nominum? (Score:5, Informative)
Isn't Nominum that company that was formed about ten years ago for the purpose of developing the open source BIND and DHCP for ISC?
Yeah, these guys [nominum.org].
And now they're turning around and saying "Don't use that open source BIND because it's crap. We should know, we wrote it!"
Even more beautifully, try digging the version numbers from their nameservers:
$ dig +short @ns1.nominum.net CH TXT version.bind.
"Nominum ANS 3.0.1.0"
$ dig +short @ns2.nominum.net CH TXT version.bind.
"9.3.5-P2"
$ dig +short @ns3.nominum.net CH TXT version.bind.
"Nominum ANSPremier 4.1.0.0"
One of the 3 nameservers for their own domain is running BIND, and a fairly old version of it at that!
Re:Well (Score:3, Informative)
Freeware != Open Source. Open Source is just that, the source is open to view and interprete. Freeware can be closed source and distributed for free under various licensing. The confusing part is many open source projects are released free of charge, and therefore open source and also be freeware (but doesnt have to be).
Thank you for that very irrelevant lecture, now here's some relevant lecture for you. [wikipedia.org]
Re:Freeware will not eat your children (Score:3, Informative)
Breaking out of a chroot jail requires a program with root privileges, that is, it requires another security hole to exist to allow you to get out of it.
Re:Good Grief (Score:5, Informative)
Well, I haven't seen a product that is as powerful as Bind9, paid or unpaid. The pain in the ass bit is simply the configuration, which when you start talking about various views based on ACLs, can get a bit eye-splitting (but then again, that applies to lots of things with ACLs, like Cisco IOS, Squid, etc).
The guy is a liar. You know it. I know it. I think anybody who actually works with DNS infrastructure knows it.