28 Jan
2003
28 Jan
'03
1:57 p.m.
What do you think of OpenBSD still installing BIND4 as part of the default base system and recommended as secure by the OpenBSD FAQ ? (See Section 6.8.3 in <http://www.openbsd.org/faq/faq6.html#DNS> )
i think that bind4 was relatively easy for them to do a format string audit on, and that bind9 was comparatively huge, and that their caution is justified based on bind4/bind8's record in CERT advisories, and that for feature level reasons they will move to bind9 as soon as they can complete a security audit on the code. (although in this case ISC and others have already completed such an audit, another pass never hurts.)