Re: sorry to ruin several of your evenings...
asr@latency.net (Adam Rothschild) writes:
Not to disrespect Mr. Vixie, or detract from the operational content of the original post, but I'd like to recommend another solution to these recently reported security holes in BIND: install djbdns <http://www.djbdns.org/>.
No disrespect taken. The README for 8.2.3 says: Note that BIND 8 is in "end-of-life", having been replaced by BIND 9. See http://www.isc.org/ for more details. And indeed, BIND 9 has been in preparation for several years, has been in an extended test release phase for the last 6 or 8 months, and with the release of 9.1.0 a few weeks ago, is a far better choice than BIND 8.2.3 for most systems. It's also compatible with BIND 8's configuration file syntax. BIND 9's server shares not a single line of code with BIND 8's. So if genetic diversity is what's worrying anybody, please check out BIND 9.1.0. But if you just want the BIND 8 you already have (except, without certain security flaws) then BIND 8.2.3 is just what you need.
On Sat, Jan 27, 2001 at 09:54:31PM -0800, Paul Vixie wrote:
BIND 9's server shares not a single line of code with BIND 8's. So if genetic diversity is what's worrying anybody, please check out BIND 9.1.0. But if you just want the BIND 8 you already have (except, without certain security flaws) then BIND 8.2.3 is just what you need.
Cool. Major version number bump; complete rewrite. That's the way it's supposed to work. Paul? Quick one sentence version of how far from "drop-in" the upgrade is? Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015
On Sun, Jan 28, 2001 at 01:14:05AM -0500, Jeffrey Meltzer wrote:
Paul? Quick one sentence version of how far from "drop-in" the upgrade is?
I just upgraded a server, and didn't have to change a line of config...
That consitutes "good enough for me", I guess. :-) Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015
the only thing that I had to do when upgrading between 8.x and 9.x was at add $TTL line to the top of every zone file. /Vince ----- Original Message ----- From: "Jeffrey Meltzer" <meltzer@villageworld.com> To: <nanog@merit.edu> Sent: Saturday, January 27, 2001 10:14 PM Subject: Re: sorry to ruin several of your evenings...
Paul? Quick one sentence version of how far from "drop-in" the upgrade is?
I just upgraded a server, and didn't have to change a line of config...
Jeff
-- Jeffrey Meltzer VillageWorld.com, Inc.
On 27 Jan 2001, Paul Vixie wrote:
But if you just want the BIND 8 you already have (except, without certain security flaws) then BIND 8.2.3 is just what you need.
Without being aware of what your disclosure policies are, I'll go ahead and ask... what are the flaws, and are they also in 8.2.2-p7? I don't see anything at: http://www.isc.org/products/BIND/bind-security.html that mentions p7. Sure, I could diff a bunch of stuff... Sorry to bring this to NANOG, but it's a bit more appropriate than gabbing about what a root server is. Also, note that Bugtraq is gone until Monday, so there'll be no talk of this there. Thanks, Charles
participants (5)
-
Charles Sprickman -
Jay R. Ashworth -
Jeffrey Meltzer -
Paul Vixie -
Vincent Power