No way to compare ISC sponsored BIND with obsoleted sendmail
Why did you ignore the "historical" in my post?
The era I was referring to was 1995-2005. Everyone used Sendmail, and BIND was installed even on workstations that didn't need its functionality.
Their security track record in that decade is worse than buying from a drug dealer living in the sewers.
BIND has no proper replacement even DJB tools can not replace BIND
Don't be an idiot.
Most machines only need to run a DNS cache. Several options there. (Although if you use Windows, don't expect WSL to get it right. Queries to e.g. "baidu.com" will include references to "ns.baidu.com", making POSIX getaddrinfo() calls yield incorrect sockets. I'm sure MS will do the good ol' EEE trick, and suggest users will verify the
ai_canonname field before trying to connect to a socket; as actually fixing their DNS cache to follow the fucking standards is outside their technical "ability".)
Most intranets don't need to be split into zones, so most companies only need a central DNS server capable of caching and forwarding queries correctly, and a DHCP server for local addresses. Guess why I know this for a fact?
Where BIND shines, is at ISPs and IP address vendors and larger organizations; basically at root DNS servers, but that's about it.
Numerically, that's a rather small fraction of all servers, a tiny minuscule fraction of all network-connected machines.
Yet, it is the most widely used. Remember VHS and Betamax? No, popularity does not mean it is technically the best option.
And it for sure as hell does not mean it is "not replaceable"; only that
you don't know what it could be replaced with.
The BIND8 codebase was so atrocious they had to rewrite BIND9 from scratch.
And even BIND9 is so crappy it was rewritten a decade ago, yielding
Bundy, which basically died in 2014 due to ISC cutting support.
Are you sure you're not in love with BIND just because it is the only option you think you have?
That's exactly the reason so many people love systemd, after all. Ironic, don't you think?
The fact that it is the only available alternative for a tiny fraction of use cases makes it indispensable there, but it has nothing to do with its security track record, or utility as a software for other purposes.
To me, BIND is just another single-vendor piece of crap. Not because I dislike ISC, but because if it behaves like a crap and has a crap security track record, it is crap, even if it is crap I'd have to use. (Not being an ISP or in charge of a root DNS server or various IP address zones, I don't. Which is a happy thing for me; one less crappy thing to worry about.)
If you weren't so enamored of BIND, you'd take a look at the track record –– of ISC, too ––, and like me, you'd start to wonder why the heck aren't they working to make things better. Hell, it really looks like they're spending more effort in trying to keep their own status, than anything else.
And suddenly, stuff like DNS-over-HTTPS efforts by Alphabet and others suddenly start to reveal the picture: this, too, is one of the damn power struggles –– over control of a facet of the functionality of internet ––, and has very little to do with actual security or utility.
I must admit, I really expected you (PKTKS and bd139) to be fully aware of this, based on your rants.
It is sad to see you fall into the same trap you berate others for.