From owner-freebsd-questions@FreeBSD.ORG Wed Jun 4 20:35:32 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E2A5837B401 for ; Wed, 4 Jun 2003 20:35:32 -0700 (PDT) Received: from twisp.olympus.net (twisp.olympus.net [65.117.224.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5EA1343F75 for ; Wed, 4 Jun 2003 20:35:32 -0700 (PDT) (envelope-from cp@olympus.net) Received: from inttwisp2 ([127.0.0.2] helo=intTwisp.olympus.net) by twisp.olympus.net with esmtp (Exim 4.10) id 19NlXH-0005kv-00 for freebsd-questions@freebsd.org; Wed, 04 Jun 2003 20:35:31 -0700 Received: from 0-1pool38-149.nas14.bellevue1.wa.us.da.qwest.net ([67.3.38.149] helo=compaq7058) by twisp.olympus.net with smtp (Exim 4.10) id 19NlWy-0005g1-00 for freebsd-questions@FreeBSD.ORG; Wed, 04 Jun 2003 20:35:13 -0700 Message-ID: <002401c32b14$2d539ae0$95260343@compaq7058> From: "cp" To: Date: Wed, 4 Jun 2003 20:40:14 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Envelope-to: freebsd-questions@freebsd.org X-Olympus-SmartMail: Virus-scanned only Subject: Bind 9 Port X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2003 03:35:33 -0000 I was planning to ask opinions on this tonight even before I saw the discussion on Bind 8. I'm preparing a old box for Internal, Caching and an unrelated primary master. The security warnings at FreeBSD.org seemed quite clear that I should not use Bind 8 due to 3 flaws that can be exploited if recursion is turned on (such as would be necessary when running caching). At ISC, it stated that Bind 8 should be used only for experimentation or some such warning. I started to realize that my setup work thus far was moot. Running 5.0 January, I went to my ports disk and pulled Bind 9 which would not install at all. I went to ISC and pulled the binary versions which were incompatible with a crypto lib. I checked google and saw nothing specific on the issue. It's either pull the Bind 9 source, compile.and possibly hold off implementation for another series of tests or do something else. Before I go any further with 5.0, is it most appropriate to use FreeBSD 4.8 STABLE April with the Bind 9.2.2 binary from ISC? I just want know it works or if there is a better combination that is secure and functional?