Full Disclosure mailing list archives

Re: Bind 8 patches available

From: Simon Waters <Simon () wretched demon co uk>
Date: Tue, 19 Nov 2002 11:23:30 +0000

8.3.3-REL:  c,e,f,h

That might explain why there isn't a whole new version, although it is
interesting that none are running BIND 9, not even the "f" name server which
is hosted by ISC itself.


F is now running 9.2.2rc1 (at least from here, looks like we
will be getting a proliferation of F's in future, all part of
Paul's plan to take over the world I suspect.

Can anyone have much confidence in a company that doesn't eat its own
dogfood?


It is complicated ISC don't run the root servers, only F AFAIK.
Hell I think Verisign still run one, although it was "moved
recently. 

ISC write BIND 8, maintain BIND 4 and subcontract BIND 9
authorship to Nominum.

Version.bind queries to Nominum give Version of 99.314159... (is
that a pun I'm missing?)

authors.bind ;-) queries to Nominum name servers give "refused",
which is identical to behaviour of recent BIND 9 versions with a
"version" directive, although NOT unique to BIND 9. Older BIND
9's will report the authors list even if "version" is set to
give another result, so you can easily finger print stale
versions of BIND 9.

BIND 9 has much lower peak (~50%) throughput than BIND 8, at
least until and including 9.2.1, so it is not too surprising
root server operators choose BIND 8, they are one of the few
places where authoritative DNS load can't be handled by a ten
year old PC.

In this sense ISC and Nominum are apparently eating their own
dog food, guess if you serve several brands of dogfood, you can
only eat so much in one sitting, although my spaniel was always
keen to disprove this.

If you run BIND, you probably ought to be running 9.2.2rc1, much
as I hate release candidates. If you provide public
authoritative servers, you should have disabled recursion many
moons ago, and so the vulnerability SHOULD have been largely
academic.

Although there is the risk of corrupting private recursive
servers by sending trojan "packages", be they programs, webpages
or e-mails.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Bind 8 patches available John . Airey (Nov 15)
- Re: Bind 8 patches available Patrick Oonk (Nov 15)
- Re: Bind 8 patches available Peter Bieringer (Nov 16)
- <Possible follow-ups>
- RE: Bind 8 patches available John . Airey (Nov 15)
- RE: Bind 8 patches available John . Airey (Nov 18)
- Re: Bind 8 patches available Simon Waters (Nov 19)