Author Topic: How much security is needed for windows 10?  (Read 12658 times)

0 Members and 1 Guest are viewing this topic.

Offline PKTKS

  • Super Contributor
  • ***
  • Posts: 1766
  • Country: br
Re: How much security is needed for windows 10?
« Reply #50 on: September 03, 2021, 09:35:13 pm »
No way to compare ISC sponsored BIND with obsoleted sendmail

Sendmail has been obsoleted by itself while BIND has no proper replacement even DJB tools can not replace BIND

WTF lunatic will place a wide network level safe daemon in INIT ?  Answer: systemd

Who will run a resolver before system wide proper start? A idiot.

They did that to do remote image and stuff  needed to their buz.

We dont
Paul
 
The following users thanked this post: bd139

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6173
  • Country: fi
    • My home page and email address
Re: How much security is needed for windows 10?
« Reply #51 on: September 04, 2021, 12:28:53 pm »
No way to compare ISC sponsored BIND with obsoleted sendmail
Why did you ignore the "historical" in my post?

The era I was referring to was 1995-2005.  Everyone used Sendmail, and BIND was installed even on workstations that didn't need its functionality.
Their security track record in that decade is worse than buying from a drug dealer living in the sewers.

BIND has no proper replacement even DJB tools can not replace BIND
Don't be an idiot.

Most machines only need to run a DNS cache.  Several options there.  (Although if you use Windows, don't expect WSL to get it right.  Queries to e.g. "baidu.com" will include references to "ns.baidu.com", making POSIX getaddrinfo() calls yield incorrect sockets.  I'm sure MS will do the good ol' EEE trick, and suggest users will verify the ai_canonname field before trying to connect to a socket; as actually fixing their DNS cache to follow the fucking standards is outside their technical "ability".)

Most intranets don't need to be split into zones, so most companies only need a central DNS server capable of caching and forwarding queries correctly, and a DHCP server for local addresses.  Guess why I know this for a fact?

Where BIND shines, is at ISPs and IP address vendors and larger organizations; basically at root DNS servers, but that's about it.
Numerically, that's a rather small fraction of all servers, a tiny minuscule fraction of all network-connected machines.

Yet, it is the most widely used.  Remember VHS and Betamax?  No, popularity does not mean it is technically the best option.
And it for sure as hell does not mean it is "not replaceable"; only that you don't know what it could be replaced with.

The BIND8 codebase was so atrocious they had to rewrite BIND9 from scratch.
And even BIND9 is so crappy it was rewritten a decade ago, yielding Bundy, which basically died in 2014 due to ISC cutting support.

Are you sure you're not in love with BIND just because it is the only option you think you have?
That's exactly the reason so many people love systemd, after all.  Ironic, don't you think? 

The fact that it is the only available alternative for a tiny fraction of use cases makes it indispensable there, but it has nothing to do with its security track record, or utility as a software for other purposes.

To me, BIND is just another single-vendor piece of crap.  Not because I dislike ISC, but because if it behaves like a crap and has a crap security track record, it is crap, even if it is crap I'd have to use.  (Not being an ISP or in charge of a root DNS server or various IP address zones, I don't.  Which is a happy thing for me; one less crappy thing to worry about.)

If you weren't so enamored of BIND, you'd take a look at the track record –– of ISC, too ––, and like me, you'd start to wonder why the heck aren't they working to make things better.  Hell, it really looks like they're spending more effort in trying to keep their own status, than anything else.
And suddenly, stuff like DNS-over-HTTPS efforts by Alphabet and others suddenly start to reveal the picture: this, too, is one of the damn power struggles –– over control of a facet of the functionality of internet ––, and has very little to do with actual security or utility.

I must admit, I really expected you (PKTKS and bd139) to be fully aware of this, based on your rants.
It is sad to see you fall into the same trap you berate others for.
 

Offline PKTKS

  • Super Contributor
  • ***
  • Posts: 1766
  • Country: br
Re: How much security is needed for windows 10?
« Reply #52 on: September 04, 2021, 02:47:26 pm »
I did not ignore the post.

It just happens that sendmail has at least half dozen ready replacements.

BIND has none. ZERO.

We all deal with it knowing how hard it is/was to put that code together.
Decades of devel and bug fix. Still a lot to check audit maintain.

BIND is non optional as long as you run your own otherwise you will fall in the hands of some other DNS resolver which by now we all know what they do. And how bad that can be

Running a resolver other than BIND is nuts.
Running that at INIT level with PRIORITY 1 is beyond nuts.

But systemd is not optional  you live with that or drop it

Hence the need to raise questions of how to mix bugs into the same sack?

Latest BIND versions are better and being a whole dedicated maintained software which is fairly independent from commercial hands.. is the sane path.

I run my own DNS server and that is not an option.

Hardly we will get free of BIND in the current scenario..
Unless of course you run no DNS at all
or a crappy dummy resolver bundled in some "INIT" thing..

They call this shit "modern"  go figure

I also run DJB very safe DNS internally for other reasons..
Both do a fine job - very reliable

have no alternative so far
Paul
 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6173
  • Country: fi
    • My home page and email address
Re: How much security is needed for windows 10?
« Reply #53 on: September 04, 2021, 05:04:24 pm »
BIND has none. ZERO.
That's exactly what the Poettering fanboys say about systemd, too.  Exactly.

Although I haven't maintained a root DNS server, I've done everything smaller, and I know there are a number of other (less known) software packages I can use to achieve the same end result.  Zone transfers are the key bitch, and they exist only because it ensures ISC dominance in this era.  Much better update transports have been discussed, especially since so many serious security issues revolve around zone transfers.

BIND has none. ZERO.
Latest BIND versions are better and being a whole dedicated maintained software which is fairly independent from commercial hands.. is the sane path.[/quote]
Nope.  It is the ISC-approved path of ensuring ISC authority and ability to block any significant advances that endanger their position in this domain.

I really, really expected more sense from you; at least a self awareness of recognizing in yourself the same logical fallacies you accuse others of having.

Plonk, one more myopic idiot to ignore, I guess.
 

Offline PKTKS

  • Super Contributor
  • ***
  • Posts: 1766
  • Country: br
Re: How much security is needed for windows 10?
« Reply #54 on: September 05, 2021, 08:43:36 am »
I will be very happy running a reliable alternative to BIND on my servers

It has been a major security always and systemd or proprietary closed sources are not an option

What do you trust and run instead of traditional BIND?

Paul
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23018
  • Country: gb
Re: How much security is needed for windows 10?
« Reply #55 on: September 05, 2021, 09:28:00 am »
I run my DNS on Route53 and nscd  :-DD
 

Offline PKTKS

  • Super Contributor
  • ***
  • Posts: 1766
  • Country: br
Re: How much security is needed for windows 10?
« Reply #56 on: September 05, 2021, 10:08:22 am »
I run my DNS on Route53 and nscd  :-DD

Not an option to me...

They charge per query and monitor all your system traffic..  like having your landlord monitor you by cam 24h/7

Private systems assume no cloud and even you may be offline having only internal traffic eg intranet privacy

Alternative to BIND is not a cloud thing

Paul
 

Offline MazeFrame

  • Contributor
  • Posts: 34
  • Country: de
  • = != ==
Re: How much security is needed for windows 10?
« Reply #57 on: November 02, 2021, 09:19:14 am »
The problem with security in software is that it has to be designed in, as it cannot be bolted on afterwards.  This has been proven time and time again.
A lot of fantastic security can easily be undermined by allowing a user near it.
Never Forgive, Always Forget.
Perpetually Angry and Confused!
 
The following users thanked this post: HobGoblyn


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf