[<prev] [next>] [day] [month] [year] [list]
Message-ID: <3DDA1F32.BC6D7EAF@wretched.demon.co.uk>
From: Simon at wretched.demon.co.uk (Simon Waters)
Subject: Re: Bind 8 patches available
> > 8.3.3-REL: c,e,f,h
> That might explain why there isn't a whole new version, although it is
> interesting that none are running BIND 9, not even the "f" name server which
> is hosted by ISC itself.
F is now running 9.2.2rc1 (at least from here, looks like we
will be getting a proliferation of F's in future, all part of
Paul's plan to take over the world I suspect.
> Can anyone have much confidence in a company that doesn't eat its own
> dogfood?
It is complicated ISC don't run the root servers, only F AFAIK.
Hell I think Verisign still run one, although it was "moved
recently.
ISC write BIND 8, maintain BIND 4 and subcontract BIND 9
authorship to Nominum.
Version.bind queries to Nominum give Version of 99.314159... (is
that a pun I'm missing?)
authors.bind ;-) queries to Nominum name servers give "refused",
which is identical to behaviour of recent BIND 9 versions with a
"version" directive, although NOT unique to BIND 9. Older BIND
9's will report the authors list even if "version" is set to
give another result, so you can easily finger print stale
versions of BIND 9.
BIND 9 has much lower peak (~50%) throughput than BIND 8, at
least until and including 9.2.1, so it is not too surprising
root server operators choose BIND 8, they are one of the few
places where authoritative DNS load can't be handled by a ten
year old PC.
In this sense ISC and Nominum are apparently eating their own
dog food, guess if you serve several brands of dogfood, you can
only eat so much in one sitting, although my spaniel was always
keen to disprove this.
If you run BIND, you probably ought to be running 9.2.2rc1, much
as I hate release candidates. If you provide public
authoritative servers, you should have disabled recursion many
moons ago, and so the vulnerability SHOULD have been largely
academic.
Although there is the risk of corrupting private recursive
servers by sending trojan "packages", be they programs, webpages
or e-mails.
Powered by blists - more mailing lists