This is in the current security guide: Bind Important: Bind is known for its lousy security history and that should not be taken lightly. As with any other service it should never run as root so please do not change the default configuration for this service. One can find documentation at the Internet Software Consortium the BIND 9 Administrator Reference Manual is also in the doc/arm. Djbdns There is really not much to say about djbdns except that the author is willing to bet money on how secure it is. So go and try it: http://www.djbdns.org/ it is very different from the way Bind v.9 works but you will get the hang of it. ---- I would please ask you to change this, BIND 9 has a very good security record and is a very powerful and by far the best dns implementation around (there is a reason every single root server runs BIND and not djbdns) also, djbdns has a set of it's own problems including non-rfc compliance, djb himself spreads FUD about other implementations, and has a restrictive license that is not entirely opensource --- thanks, if you need more info please comment
Created attachment 23909 [details, diff] Patch to gentoo-security.xml This patch removes the warning and changes the djbdns text to: """ Djbdns is a DNS implementation of which the author is willing to bet money on how secure it is. It is very different from how Bind 9 works but worth a try. More information can be obtained from http://www.djbdns.org. """ I couldn't immediately find any non-RFC conformance issues (I didn't do an extensive look though) so I've kept this out. If a docdev can review?
Patch looks good
Thanks. Patch committed.