

New Open Source DNS Server Released Today - polar
http://money.cnn.com/news/newsfeeds/articles/marketwire/0398748.htm

======
xirium
After reading [http://homepages.tesco.net/~J.deBoynePollard/FGA/djbdns-
myth...](http://homepages.tesco.net/~J.deBoynePollard/FGA/djbdns-myths-
dispelled.html) and <http://cr.yp.to/djbdns/forgery.html> we'll pass on this
DNS server.

~~~
eb
What does djbdns have to do with Unbound?

~~~
xirium
djbdns and Unbound are both DNS servers. djbdns implements caching and serving
of authoritive data as separate programs without official support of DNSSec.
Unbound implements both features in one program and supports DNSSec. Combining
the authoritive and caching roles and also having no track record makes
Unbound unecessarily risky to deploy. Furthermore,
<http://cr.yp.to/djbdns/forgery.html> describes modes of attacking DNS,
downwardly compatible solutions, possible modifications to the protocol to
minimise risk and explains why djbdns does not support DNSSec. Specifically,
DNSSec is a centralised solution and VeriSign has a precedent of failure.

It would appear that Unbound is an attempt increase VeriSign's certification
revenue and cryptographically lock-out autonomous root servers when a cheaper
and more effective distributed solution can be implemented.

