| gabriel rosenkoetter on Mon, 16 Sep 2002 00:40:10 +0200 |
|
On Sun, Sep 15, 2002 at 05:23:02PM -0400, Fred K Ollinger wrote: > Why upgrade to this? Code base written in avoidance of the mistakes that have led to security problems with all previous versions of BIND, resolver libraries of which the same is true, dynamic DNS support, TSIG support, true integration with ISC dhcpd (for dyn-DNS, mostly), better approach to zone xfers, split DNS zones, zone views (related, but not the same as, the previous). In general, it's got modern features that older versions don't and that do make your life easier. > OpenBSD uses Bind 4.x. They ship it. Do you actually think anyone *uses* it? In any case, they ship it mostly because it's what NetBSD was using when they forked. More than a few of the files under src/usr.sbin/named haven't been modified since, whereas NetBSD's named is 8.3.3 last time I bothered to check. (In case you hadn't guess, I use BIND 9.) > Are there advantages to bind 9 that I don't know about? I'm happy w/ what > I'm running. If nothing else, you can be sure that there are as-yet undiscovered buffer overflows in BIND 8, and that those buffer overflows *will* be discovered by malicious hackers, not benevolent ones. It's quite probable that such also exist in BIND 9, but ISC has openly stated they're not going to bother to looking for the BIND 8 problems, whereas they *are* actively auditing BIND 9 code. Generally, the security world's agreed with them, since BIND 9 now contains a superset of BIND 8's features (when it first came out, it was missing a couple; that shouldn't be true any more). -- gabriel rosenkoetter gr@eclipsed.net Attachment:
pgpx0FVGZnA2U.pgp
|
|