[Unbound-users] [wishlist] unbound vs djbdns

Kevin Chadwick ma1l1ists at yahoo.co.uk
Tue Jun 14 20:42:35 UTC 2011


On Tue, 14 Jun 2011 20:51:00 +0200
Jaap Akkerhuis wrote:

> I don't understand this logic. For "security reason" one should not parse
> traffic on the production box, but it is OK that unbound
> (that is in prduction on this box) does parse it?

Unbound is chrooted and has very limited parsing requirements. OpenBSD's
PF with no serious bugs at all and Snort which has had many serious
parsing bugs would be the extremes.



More information about the Unbound-users mailing list