About DNS (BIND) with Database
LConrad at Go2France.com
Thu Nov 20 09:30:48 PST 2003
>My apologies if this thread has hit a nerve, I wasn't picking at anyone. I'm
>just giving my point of view.
And I was giving you mine on your FUD.
>The history may be old in terms of computing, but I won't how many
>vulnerable systems are still out there?
but at this point, running a vulnerable BIND 2 or 3+ years old is not
really BIND's fault, nor a reason to recommend against running current
BIND8, and esp BIND9 which has NO history of (exploited) vulnerabilities,
>System admins that may not even know how to upgrade or even know that the
Then they aren't "sys admins", but jerks.
>Plus http://www.isc.org/products/BIND/bind-security.html isn't a very good
>track record is it?
The charter of ISC is to implement the ALL of RFCs for DNS in BIND8 and 9,
so as the RFCs move along, so does BIND, with inevitable bugs. Fixing of
the infrequent problems has been extremely fast over the past 3 years.
Other DNS software can cherry pick the DNS features they want to (or can)
implement and blow off the rest, or push some political agenda.
>If people want to use bind or any other package, they do so at their choice.
>I'm just saying in my opinion I think there are better alternative.
nothing wrong with that, but your reason against choosing BIND, an old
security record, was wrong.
>If you're happy using bind, use bind. If you're happy with windows 95, use
thanks, great advice, the list is grateful.
And, if you're happy recommending _against_ something, do it accurately.
Trotting out 3+ year old CERT/SANS advisories as reasons for not using
current software is BS.
http://MenAndMice.com/DNS-training: Atlanta; Orlando; San Jose
IMGate.MEIway.com: anti-spam gateway, effective on 1000's of sites, free
More information about the freebsd-isp