Full Disclosure mailing list archives
Re: Bind 8 patches available
From: Simon Waters <Simon () wretched demon co uk>
Date: Tue, 19 Nov 2002 11:23:30 +0000
8.3.3-REL: c,e,f,h
That might explain why there isn't a whole new version, although it is interesting that none are running BIND 9, not even the "f" name server which is hosted by ISC itself.
F is now running 9.2.2rc1 (at least from here, looks like we will be getting a proliferation of F's in future, all part of Paul's plan to take over the world I suspect.
Can anyone have much confidence in a company that doesn't eat its own dogfood?
It is complicated ISC don't run the root servers, only F AFAIK. Hell I think Verisign still run one, although it was "moved recently. ISC write BIND 8, maintain BIND 4 and subcontract BIND 9 authorship to Nominum. Version.bind queries to Nominum give Version of 99.314159... (is that a pun I'm missing?) authors.bind ;-) queries to Nominum name servers give "refused", which is identical to behaviour of recent BIND 9 versions with a "version" directive, although NOT unique to BIND 9. Older BIND 9's will report the authors list even if "version" is set to give another result, so you can easily finger print stale versions of BIND 9. BIND 9 has much lower peak (~50%) throughput than BIND 8, at least until and including 9.2.1, so it is not too surprising root server operators choose BIND 8, they are one of the few places where authoritative DNS load can't be handled by a ten year old PC. In this sense ISC and Nominum are apparently eating their own dog food, guess if you serve several brands of dogfood, you can only eat so much in one sitting, although my spaniel was always keen to disprove this. If you run BIND, you probably ought to be running 9.2.2rc1, much as I hate release candidates. If you provide public authoritative servers, you should have disabled recursion many moons ago, and so the vulnerability SHOULD have been largely academic. Although there is the risk of corrupting private recursive servers by sending trojan "packages", be they programs, webpages or e-mails. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Bind 8 patches available John . Airey (Nov 15)
- Re: Bind 8 patches available Patrick Oonk (Nov 15)
- Re: Bind 8 patches available Peter Bieringer (Nov 16)
- <Possible follow-ups>
- RE: Bind 8 patches available John . Airey (Nov 15)
- RE: Bind 8 patches available John . Airey (Nov 18)
- Re: Bind 8 patches available Simon Waters (Nov 19)