From owner-freebsd-isp@FreeBSD.ORG Tue Nov 18 04:36:55 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 646DC16A4CE for ; Tue, 18 Nov 2003 04:36:55 -0800 (PST) Received: from ptb-mailc05.plus.net (ptb-mailc05.plus.net [212.159.14.211]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2D1AE43FAF for ; Tue, 18 Nov 2003 04:36:53 -0800 (PST) (envelope-from simong@desktop-guardian.com) Received: from [81.174.227.186] (helo=desktop-guardian.com) by ptb-mailc05.plus.net with smtp (Exim 4.12) id 1AM56B-0002XQ-00 for freebsd-isp@freebsd.org; Tue, 18 Nov 2003 12:36:52 +0000 Received: (qmail 78679 invoked by uid 1006); 18 Nov 2003 12:37:39 -0000 Received: from simong@desktop-guardian.com by dtg25 by uid 82 with qmail-scanner-1.16 (clamscan: 0.54. spamassassin: 2.55. Clear:. Processed in 10.729639 secs); 18 Nov 2003 12:37:39 -0000 Received: from unknown (HELO dtg17) (192.168.0.17) by 192.168.0.25 with SMTP; 18 Nov 2003 12:37:26 -0000 Message-ID: <010101c3add0$7c2bbd70$1100a8c0@dtg17> From: "Simon Gray" To: "Len Conrad" References: <029b01c3ad14$5e53b080$110d3ad4@VAHOXP> <0b3a01c3ad1e$2224d850$1100a8c0@dtg17> <6.0.1.1.2.20031117145927.0486af80@mail.go2france.com> Date: Tue, 18 Nov 2003 12:35:44 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 cc: freebsd-isp@freebsd.org Subject: Re: About DNS (BIND) with Database X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Nov 2003 12:36:55 -0000 > >personally i wouldn't use bind, its had a bad security history. > > YEP, and it is VERY OLD HISTORY, but it goes back 3 years. > So what's your gripe about security vulnerabilities in BIND since early 2001? > If you don't have any concrete, recent examples, then stop the FUD. > There are reasons some people don't want to use BIND, but security isn't > one of them. My apologies if this thread has hit a nerve, I wasn't picking at anyone. I'm just giving my point of view. The history may be old in terms of computing, but I won't how many vulnerable systems are still out there? System admins that may not even know how to upgrade or even know that the vulns exist. bind advisories: http://www.cert.org/advisories/CA-2002-19.html http://www.cert.org/advisories/CA-2001-02.html http://www.cert.org/advisories/CA-1999-14.html Plus http://www.isc.org/products/BIND/bind-security.html isn't a very good track record is it? Track records are pretty much all you have to go on with software, unless you audit all the code yourself. If people want to use bind or any other package, they do so at their choice. I'm just saying in my opinion I think there are better alternative. If you're happy using bind, use bind. If you're happy with windows 95, use it. Simon