From owner-freebsd-hackers Tue Nov 25 07:39:05 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id HAA20915 for hackers-outgoing; Tue, 25 Nov 1997 07:39:05 -0800 (PST) (envelope-from owner-freebsd-hackers) Received: from ns.mt.sri.com (sri-gw.MT.net [206.127.105.141]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id HAA20892; Tue, 25 Nov 1997 07:38:55 -0800 (PST) (envelope-from nate@mt.sri.com) Received: from mt.sri.com (rocky.mt.sri.com [206.127.76.100]) by ns.mt.sri.com (8.8.8/8.8.8) with SMTP id IAA01171; Tue, 25 Nov 1997 08:38:52 -0700 (MST) (envelope-from nate@rocky.mt.sri.com) Received: by mt.sri.com (SMI-8.6/SMI-SVR4) id IAA27156; Tue, 25 Nov 1997 08:38:50 -0700 Date: Tue, 25 Nov 1997 08:38:50 -0700 Message-Id: <199711251538.IAA27156@mt.sri.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: Stephen Roome Cc: Nate Williams , Julian Elischer , hackers@FreeBSD.ORG, peter@FreeBSD.ORG Subject: Re: BIND 8.1.1 In-Reply-To: References: <199711250130.SAA24765@mt.sri.com> X-Mailer: VM 6.29 under 19.15 XEmacs Lucid Sender: owner-freebsd-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > > > My presumption is that everyone agrees that we'll move to it > > > 'eventually'. does anyone have ideas as to when 'eventually' is? > > > > I thought the advice from Paul was to 'wait awhile' and integrate when > > everything got finished up, which means 'wait awhile' to me. :) > > I was under the impression that there are some fairly important changes in > BIND 8.1.1 This is true, but none of those changes are 'security' or necessary changes for most users. > Couldn't 8.1.1 be made a package/port in the meantime, it would make life > a bit easier for all the isp folks who run FreeBSD. Why? ISP's are *very* safe running BIND 4.9.6, which is the default in all FreeBSD versions except 2.1.X. All of the known security holes are fixed in that version, and it has the advantage of being compatible (setup-wise) with all older versions of BIND in use today. > How many (any?) new users will chose Linux/BSDi/Solaris or whatever else > is now running 8.1.1 by default ? Only those who don't do their homework. There is no need for 8.1.1 for *anyone*, and since it will be changing, it'll be *more* work for them to upgrade to the next version when it comes up since it will also contain new changes, while if they stick with 4.9.6 (or if new bugs are found, 4.9.7, or whatever) until BIND 8 'stabilizes', the upgrade will only require *one* big change, rather than possibly lots of changes as BIND 8 is modified. I'm sure Paul Vixie doesn't want the same thing to happen with BIND that happened with sendmail, so that the sendmail.cf file changed on a regular basis, and that a new version was required every week. I'll bet he wants to get all of the little 'niggly details' shaken out of BIND 8 before calling it *the* new standard, so that's why he's still maintaining Bind 4.9.X for folks. Now, that's not to say that he's unwilling to have you test BIND 8 (cause how else will all the 'niggly details' get shaken out if people don't test it), but it's certainly not required to have a secure system. Nate