About DNS (BIND) with Database

Bill Vermillion bv at wjv.com
Tue Nov 18 07:01:28 PST 2003 

On Tue, Nov 18, 2003 at 12:35 , Simon Gray exclaimed "Las Cucarachas 
entran, Pero no puede en salir", and then rambled on saying with:
 
> > >personally i wouldn't use bind, its had a bad security history.

> > YEP, and it is VERY OLD HISTORY, but it goes back 3 years.
> > So what's your gripe about security vulnerabilities in BIND
> > since early 2001? If you don't have any concrete, recent
> > examples, then stop the FUD. There are reasons some people
> > don't want to use BIND, but security isn't one of them.

> My apologies if this thread has hit a nerve, I wasn't picking
> at anyone. I'm just giving my point of view.

> The history may be old in terms of computing, but I won't how
> many vulnerable systems are still out there? System admins that
> may not even know how to upgrade or even know that the vulns
> exist.

> bind advisories:
> http://www.cert.org/advisories/CA-2002-19.html
> http://www.cert.org/advisories/CA-2001-02.html
> http://www.cert.org/advisories/CA-1999-14.html

> Plus http://www.isc.org/products/BIND/bind-security.html isn't
> a very good track record is it?

Not as bad as other utilities out there.  Since this is an ISP list
I would think that all here keep things up to date.

The worst problem in BIND is not in the above list and it was
sometime before the last one there.  In Linux systems the
vulnerability gave the cracker root access.  In FreeBSD systems
DIND just stopped running

> Track records are pretty much all you have to go on with
> software, unless you audit all the code yourself.

And monitor the security lists is pretty much a requirement for
anyone at an ISP.  Vulnerabilites occur everywhere.

> If people want to use bind or any other package, they do so at
> Itheir choice. 'm just saying in my opinion I think there are
> Ibetter alternative.

> If you're happy using bind, use bind. If you're happy with
> windows 95, use it.

Happy with Win95.  I got fed up with the restriction and very poor
performance of DOS 2.0 - which looked good on paper - that after
6 months I parted out my IBM and moved to Unix and have never
looked back.  I do have MS systems to use when I need to - probably
2 or 3 times a week for short periods - but 99% its' on a *n*x
system.  I learned early :-)

Bill
-- 
Bill Vermillion - bv @ wjv . com

More information about the freebsd-isp mailing list