RE: [suse-security] Is bind 9.1.0 secure?
This is a lot like Sendmail, older versions sucked, so they did a rewrite/audit and secured it reasonably well. Things change.
http://www.isc.org/products/BIND/bind-security.html
So far (knock on wood) Bind 9.x hasn't had any serious security bugs.
Have you read DJB's comments? Cheers Tobias
This is a lot like Sendmail, older versions sucked, so they did a rewrite/audit and secured it reasonably well. Things change.
http://www.isc.org/products/BIND/bind-security.html
So far (knock on wood) Bind 9.x hasn't had any serious security bugs.
Have you read DJB's comments?
Yes. And? His comments with regard to Postfix are incorrect (i.e. wrong) and seriously out of date. Have you read this: http://www.sigmasoft.com/~openbsd/archive/openbsd-ports/200108/msg00461.html It got bad enough that OpenBSD dropped his software from _ports_. Plus most of his software stagnates quite quickly, and he doesn't officially accept contributions, so you end up missing basic functionality that is addressed by third party (unaudited typically) patches. Anyways, I think that's enough of this.
Cheers Tobias
-Kurt
On Monday 21 January 2002 12:39, Kurt Seifried wrote:
It got bad enough that OpenBSD dropped his software from _ports_.
Plus most of his software stagnates quite quickly, and he doesn't officially accept contributions, so you end up missing basic functionality that is addressed by third party (unaudited typically) patches.
Doesn't DJB also use a very awkward license? Reading through his comments, on other software in the links posted, was enough actually to put me off DJB's software. Hard to imagine him fielding security concern found by another very sympathetically. There's a lot of hype about, it's better to review the track record on advisories of the major packages yourself, and see what the problems really are, and how frequent. Was there a spate of them after a rewrite, or before for example, how much scrutiny does the software get, and is it widely used? Rob
Hi, On Monday 21 January 2002 12:39, Kurt Seifried wrote:
It got bad enough that OpenBSD dropped his software from _ports_.
That is not too hard. And it was not done for security issues but because of philosophies concerning the position of programms in the filesystem. Mr. de Raadt has his own way to communicate that I personaly believe to be offending making me avoid any discussion with him. Mr. Bernstein, too, is shurely not the easiest communication partner. Everyone could tell that sooner or later DJB software would no longer be part of the OpenBSD ports. No problem. On 21 Jan 2002 at 13:04, Robert Davies wrote:
Doesn't DJB also use a very awkward license? Reading through his comments, on other software in the links posted, was enough actually to put me off DJB's software. Hard to imagine him fielding security concern found by another very sympathetically.
I care about security and usability of software I use, and DJB software is not too bad. If you use software because you like the author, ... Now, to be a little on topic, any security problems so far with bind9? I use DJBDNS but some customers prefer bind, so is it necessary or wise to install bind 9.1.0 instead of bind 8x? TIA mike
On Monday 21 January 2002 12:39, Kurt Seifried wrote:
It got bad enough that OpenBSD dropped his software from _ports_.
That is not too hard. And it was not done for security issues but because of philosophies concerning the position of programms in the filesystem. Mr. de Raadt has his own way to communicate that I personaly believe to be offending making me avoid any discussion with him. Mr. Bernstein, too, is shurely not the easiest communication partner. Everyone could tell that sooner or later DJB software would no longer be part of the OpenBSD ports. No problem.
This is also true for Linux vendors. Relying ons oftware that is not free is a bad idea, for example IBM's open sourc elicense included a revocaiton clause, until that was removed very few large players used postfix.
Now, to be a little on topic, any security problems so far with bind9? I use
I posted a link to the isc page, none so far.
DJBDNS but some customers prefer bind, so is it necessary or wise to install bind 9.1.0 instead of bind 8x?
I would. Bind 9 was a rewrite, there are likely sitll bugs lurking in 8.x.
TIA
mike
-Kurt
participants (4)
-
Kurt Seifried
-
Reckhard, Tobias
-
Robert Davies
-
Thomas Michael Wanka