Maintained by: NLnet Labs

[Unbound-users] [wishlist] unbound vs djbdns

Kevin Chadwick
Tue Jun 14 22:42:35 CEST 2011


On Tue, 14 Jun 2011 20:51:00 +0200
Jaap Akkerhuis wrote:

> I don't understand this logic. For "security reason" one should not parse
> traffic on the production box, but it is OK that unbound
> (that is in prduction on this box) does parse it?

Unbound is chrooted and has very limited parsing requirements. OpenBSD's
PF with no serious bugs at all and Snort which has had many serious
parsing bugs would be the extremes.