|
|
|
|
|
|
by PeterLGummybear
2790 days ago
|
|
|
I'm all for rewriting things into safe languages, but I do like the battle-tested nature of C things, like unbound. For example, I'm interested in replacing my smtpd daemon with something better. I'm most tempted to go with postfix, because it's very supported, does lots, is totally battle tested, and has a good security track record. However, the hip kid on the block is Haraka -- https://haraka.github.io/ . It's written by smart people with a long history in the problem space, and it does things in a new and modern way. I'm inclined to like it. But several things make me hesitant: - Will a hipster javascript thing really be as reliable? Are these new runtimes really sufficient for totally essential things like email? What about filesystem stuff? I'd think a battletested thing like postfix will be much better off than this.
- Do I really want to deal with javascript or whatever other hipster language for deployment? With most essential utilities, it's packaged in my distro with minimal dependencies. With hipster stuff, it's usually a fast pace of development, which doesn't lend itself to packaging, and uses something awful like npm. Is this something I really want to depend on? So I'd wonder the same thing about sdns. The "rewrite it in ${safelang}" trend tends to produce immature and unreliably deployable software and that makes me worried. How's sdns fare? |
|
|
Unbound seems generally respected, is nice and simple, written cleanly, and does MUCH less than bind. However it has had at least one memory corruption bug that plagues most c/c++ applications of non-trivial complexity. It also does seem to hang and I ask around and other people have seen similar. It's no longer what I consider reliable enough to be installed on every client. It's scary that it hangs, because if it gets that wrong there's likely other issues as well.
I'm hopeful that SDNS is more reliable and secure. I just want a local caching resolver that understands DNSSEC.