Is bind 9.1.0 secure?
Hi all, I am planning to set up this name server in the near future, so I have looked at ISC web site to see if there were some new bugs I did know of. I have noticed that they raccomend version 9.2.0, but I do not see why, as the vulnerabilities listed are all for version < 8.2.5 Will I be safe with Suse's package of bind (9.1.0) in Suse 7.1? Praise
Hi Praise,
Will I be safe with Suse's package of bind (9.1.0) in Suse 7.1? bind 9 is buggy and not safe - neither SuSE's nor Redhat's. It's all ISC...
I recommend reading http://cr.yp.to/djbdns/blurb/unbind.html and using djbdns:
http://cr.yp.to/djbdns.html
djbdns follows *nix philosophy. It splits dns functionality into a set of small tools rather than running a clonky monolithic daemon. The thing runs as non-root and most of it is chrooted. Configuration is stunning easy.
BTW, this mailing list runs akaik with qmail written by Bernstein...
Regards,
--
Jörg Frühbrodt
* Jörg Frühbrodt wrote on Fri, Jan 18, 2002 at 00:19 +0100:
Will I be safe with Suse's package of bind (9.1.0) in Suse 7.1? bind 9 is buggy and not safe - neither SuSE's nor Redhat's. It's all ISC...
I recommend reading http://cr.yp.to/djbdns/blurb/unbind.html and using djbdns:
We had a discussion about djbdns on a local maillinglist in Berlin. It's not offering all features that bind offers. I don't know if zone transfers are supported currently, some time ago you had to fiddle around with rsync or such things. For non-trivial setups (i.e. some hunderds zones and a handful secondaries) I would not recommend such approach but use bind8 instead. If you need cryptography, I think there is no way around bind9 currently. For a small private caching only server djbdns may be a nice solution. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
participants (3)
-
Jörg Frühbrodt
-
Praise
-
Steffen Dettmer