nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OT: Re: WANAL (Re: What could have been done differently?)

From: Paul Vixie <paul () vix com>
Date: Tue, 28 Jan 2003 18:57:54 +0000


 What do you think of OpenBSD still installing BIND4 as part of the
default base system and  recommended as secure by the OpenBSD FAQ ?
(See Section 6.8.3 in <http://www.openbsd.org/faq/faq6.html#DNS> )


i think that bind4 was relatively easy for them to do a format string
audit on, and that bind9 was comparatively huge, and that their caution
is justified based on bind4/bind8's record in CERT advisories, and that
for feature level reasons they will move to bind9 as soon as they can
complete a security audit on the code.  (although in this case ISC and
others have already completed such an audit, another pass never hurts.)
Previous By Date Next
Previous By Thread Next

Current thread: