This morning, I was unpleasantly surprised by an advertorial on ZDNET, where PowerDNS competitor Nominum stated that since they are closed source, their technology is inherently more secure. They also cleverly compared Open Source to malware. Nice.
In addition, Nominum stated they have not had any security problems, “unlike the freeware legacy DNS”, but this simply is not true as can be seen on their own webpage (which will probably be ‘cleaned up’ shortly).
There are some true gems in the interview, cleverly titled “Why open-source DNS is ‘internet’s dirty little secret’“.
Freeware legacy DNS is the internet’s dirty little secret — and it’s not even little, it’s probably a big secret. Because if you think of all the places outside of where Nominum is today — whether it’s the majority of enterprise accounts or some of the smaller ISPs — they all have essentially been running freeware up until now.
Given all the nasty things that have happened this year, freeware is a recipe for problems, and it’s just going to get worse.
Correct. So, whether it’s Eircom in Ireland or a Brazilian ISP that was attacked earlier this year, all of them were using some variant of freeware. Freeware is not akin to malware, but is opening up those customers to problems. So we’ve seen the majority of the world’s top ISPs migrating away from freeware to a solution that is carrier-grade, commercial-grade and secure.
And the real screamer:
Nominum software was written 100 percent from the ground up, and by having software with source code that is not open for everybody to look at, it is inherently more secure.
Way, way back when, Nominum employees successfully performed a denial of service attack on PowerDNS. I thought they had grown over this kind of behavior, but it appears they didn’t.
Nominum used to be a part of the DNS community, interacting with the IETF in the standards setting process. It may be harder for them to credibly contribute anymore if this is their stance on open cooperation..
UPDATE: It is ironic to note that at the time of writing, one of the Nominum.com nameservers was actually running BIND (‘freeware, not akin to malware’). In addition, both the webserver and the operating system for the Nominum webpages run on open source software (Apache, Linux).