Re: [PLUG] why use bind 9?

Fred K Ollinger on Sun, 15 Sep 2002 20:02:05 -0400

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] why use bind 9?

From: Fred K Ollinger <follinge@sas.upenn.edu>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] why use bind 9?

Date: Sun, 15 Sep 2002 20:01:51 -0400 (EDT)

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

> Code base written in avoidance of the mistakes that have led to > security problems with all previous versions of BIND, resolver > libraries of which the same is true, dynamic DNS support, TSIG > support, true integration with ISC dhcpd (for dyn-DNS, mostly), > better approach to zone xfers, split DNS zones, zone views (related, > but not the same as, the previous). In general, it's got modern Well, I agree, that it must be good if it's more secure. > features that older versions don't and that do make your life easier. Bind was the second hardest thing that I set up. I hated it. I still hate it, so I don't see how any version of bind can make my life easier. :) I'm guessing you mean that if I actually knew what I was doing and I was managing a great number of IPs. > > OpenBSD uses Bind 4.x. > > They ship it. Do you actually think anyone *uses* it? In any case, I don't know. I was hoping you could help. The OpenBSD propaganda makes a good case on using the older version as they claim that bind 8 is not audited, but bind 4 was, and that there are no known holes in the version that they ship. I don't know enough about this to verify this, though. > > Are there advantages to bind 9 that I don't know about? I'm happy w/ what > > I'm running. > > If nothing else, you can be sure that there are as-yet undiscovered > buffer overflows in BIND 8, and that those buffer overflows *will* > be discovered by malicious hackers, not benevolent ones. Now, you are being too pessimistic. :) > It's quite probable that such also exist in BIND 9, but ISC has > openly stated they're not going to bother to looking for the BIND > 8 problems, whereas they *are* actively auditing BIND 9 code. Ah, bind 8 is deprecated all ready. I didn't know. I'm glad someone is keeping us informed. :) Thanks, as usual, for the info. Fred Ollinger _________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce General Discussion -- http://lists.netisland.net/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] why use bind 9?
From: gabriel rosenkoetter <gr@eclipsed.net>

References:

Re: [PLUG] why use bind 9?
From: gabriel rosenkoetter <gr@eclipsed.net>

Prev by Date: Re: [PLUG] why use bind 9?

Next by Date: Re: [PLUG] why use bind 9?

Previous by thread: Re: [PLUG] why use bind 9?

Next by thread: Re: [PLUG] why use bind 9?

Index(es):

Date

Thread