On Sat, 15 Aug 1998, David R. Conrad wrote:
Hi,
Oh, and make everyone upgrade their version of BIND. Unfortunately, far too many people refuse even when they know their whole world can be messed up by a broken nameserver or two unless they upgrade.
Yeah. What he said. Upgrade. Please.
See http://www.cert.org/advisories/CA-98.05.bind_problems.html for a few good reasons.
To summarize for lazy people (since others would have upgraded already...): your DNS is vulnerable to manipulation (both on purpose and by accident; this is _NOT_ some rare thing, but happens more and more), the machine you run BIND on is vulnerable to root compromises, your job is vulnerable. While we are on the topic, are there any known cache pollution problems with 4.9.7 that are fixed in 8.x? I had thought that those problems were fixed in 4.9.7 but I keep think I seeing other people's 4.9.7 machines vulnerable to them.