Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
RE: [suse-security] Is bind 9.1.0 secure?
  • From: "Reckhard, Tobias" <tobias.reckhard@xxxxxxxxxxx>
  • Date: Tue, 22 Jan 2002 06:45:44 +0100
  • Message-id: <96C102324EF9D411A49500306E06C8D1A56CDC@xxxxxxxxxxxxxxxxx>
> you forgot one reason to use bind, and this one is important
> and security
> relevant: The number of others using it and the resulting amount of
> documentation and help available! The same is true für MS products.
>
> Customers use bind because if they have problems help is
> available. There are
> books they can buy. The DNS technicians of their ISP can
> help. This is an
> important reason to use bind.

This would be a valid point. But it is my experience that an extremely high
percentage of the people using MS software doesn't know how to use it
properly. And regarding the server components, even very many 'experts' are
too ignorant to deserve the title at all. Same goes for most BIND
installations out there. The people in charge of them know the basics of
DNS, but that's about it, most of the time. I have yet to come to a customer
site and find the current version of BIND, i.e. one without known security
issues, aka root exploits, running. Many of the configurations I see are
wrong or highly insecure, reverse zones are missing, etc... IMHO, this is
very much similar to the high proportion of vulnerable IIS servers on the
'Net.

Cheers
Tobias

< Previous Next >