From owner-freebsd-isp@FreeBSD.ORG Tue Nov 18 07:01:28 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 14D0116A4CE for ; Tue, 18 Nov 2003 07:01:28 -0800 (PST) Received: from bilver.wjv.com (user38.net339.fl.sprint-hsd.net [65.40.24.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8136643FE1 for ; Tue, 18 Nov 2003 07:01:24 -0800 (PST) (envelope-from bv@bilver.wjv.com) Received: from bilver.wjv.com (localhost.wjv.com [127.0.0.1]) by bilver.wjv.com (8.12.10/8.12.10) with ESMTP id hAIF1MDW088538 for ; Tue, 18 Nov 2003 10:01:22 -0500 (EST) (envelope-from bv@bilver.wjv.com) Received: (from bv@localhost) by bilver.wjv.com (8.12.10/8.12.10/Submit) id hAIF1Mn8088537 for freebsd-isp@freebsd.org; Tue, 18 Nov 2003 10:01:22 -0500 (EST) (envelope-from bv) Date: Tue, 18 Nov 2003 10:01:22 -0500 From: Bill Vermillion To: freebsd-isp@freebsd.org Message-ID: <20031118150122.GE88161@wjv.com> References: <029b01c3ad14$5e53b080$110d3ad4@VAHOXP> <0b3a01c3ad1e$2224d850$1100a8c0@dtg17> <6.0.1.1.2.20031117145927.0486af80@mail.go2france.com> <010101c3add0$7c2bbd70$1100a8c0@dtg17> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <010101c3add0$7c2bbd70$1100a8c0@dtg17> Organization: W.J.Vermillion / Orlando - Winter Park ReplyTo: bv@wjv.com User-Agent: Mutt/1.5.4i X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60 X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on bilver.wjv.com Subject: Re: About DNS (BIND) with Database X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: bv@wjv.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Nov 2003 15:01:28 -0000 On Tue, Nov 18, 2003 at 12:35 , Simon Gray exclaimed "Las Cucarachas entran, Pero no puede en salir", and then rambled on saying with: > > >personally i wouldn't use bind, its had a bad security history. > > YEP, and it is VERY OLD HISTORY, but it goes back 3 years. > > So what's your gripe about security vulnerabilities in BIND > > since early 2001? If you don't have any concrete, recent > > examples, then stop the FUD. There are reasons some people > > don't want to use BIND, but security isn't one of them. > My apologies if this thread has hit a nerve, I wasn't picking > at anyone. I'm just giving my point of view. > The history may be old in terms of computing, but I won't how > many vulnerable systems are still out there? System admins that > may not even know how to upgrade or even know that the vulns > exist. > bind advisories: > http://www.cert.org/advisories/CA-2002-19.html > http://www.cert.org/advisories/CA-2001-02.html > http://www.cert.org/advisories/CA-1999-14.html > Plus http://www.isc.org/products/BIND/bind-security.html isn't > a very good track record is it? Not as bad as other utilities out there. Since this is an ISP list I would think that all here keep things up to date. The worst problem in BIND is not in the above list and it was sometime before the last one there. In Linux systems the vulnerability gave the cracker root access. In FreeBSD systems DIND just stopped running > Track records are pretty much all you have to go on with > software, unless you audit all the code yourself. And monitor the security lists is pretty much a requirement for anyone at an ISP. Vulnerabilites occur everywhere. > If people want to use bind or any other package, they do so at > Itheir choice. 'm just saying in my opinion I think there are > Ibetter alternative. > If you're happy using bind, use bind. If you're happy with > windows 95, use it. Happy with Win95. I got fed up with the restriction and very poor performance of DOS 2.0 - which looked good on paper - that after 6 months I parted out my IBM and moved to Unix and have never looked back. I do have MS systems to use when I need to - probably 2 or 3 times a week for short periods - but 99% its' on a *n*x system. I learned early :-) Bill -- Bill Vermillion - bv @ wjv . com