BIND 8/4 (security issues)
Brad Cox
brad at linuxbofh.com
Fri Nov 15 13:33:57 PST 2002
While on the subject, djbdns (by Dan Bernstein, author of qmail) has
never had a security hole. In fact, if someone does find a bug, the
author will give them $500. There is a bit of a learning curve from
bind (it opts for a more machine editable format over the bind zone
file format), but my opinion is that it is worth it for the peace of
mind (and the reduced load on your servers). The last release was Feb
11th, 2001, which was to release new features, not fix bugs. That's
over a year and a half of not having to upgrade.
On Fri, Nov 15, 2002 at 12:58:35PM -0800, ME wrote:
> I prob should have passed this forward, but forgot since I moved to Bind 9
> a few months back...
>
> http://online.securityfocus.com/archive/1/299457/2002-11-12/2002-11-18/0
>
> If you run Bind 4 or 8 for DNS, consider looking for an upgrade, or just
> migrate to bind 9.
>
> For x86, I strongly suggest migrating to Bind 9. It is much easier to
> setup than 8 (especially with SetUID/GID and chrooted), but you will
> likely need to modify your options - especially if you did things
> non-standard.
>
> If you have not subscribed to BUGTRAQ and are an admin of a *nix box, you
> may want to consider it.
--
Brad Cox brad at linuxbofh.com
Key fingerprint = E741 589E 4A43 DA89 C5AA B9A3 7E44 18BB C16B F62D
BOFH excuse #13:
we're waiting for [the phone company] to fix that line
More information about the talk
mailing list