From owner-freebsd-isp@FreeBSD.ORG Thu Nov 20 09:30:48 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E70916A4D3 for ; Thu, 20 Nov 2003 09:30:48 -0800 (PST) Received: from mgw1.MEIway.com (mgw1.meiway.com [212.73.210.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id AC2A943FCB for ; Thu, 20 Nov 2003 09:30:46 -0800 (PST) (envelope-from LConrad@Go2France.com) Received: from VirusGate.MEIway.com (virus-gate.meiway.com [212.73.210.91]) by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id 0AD33EF42C for ; Thu, 20 Nov 2003 18:30:44 +0100 (CET) (envelope-from LConrad@Go2France.com) Received: from localhost (localhost.meiway.com [127.0.0.1]) by VirusGate.MEIway.com (Postfix) with SMTP id 0BF055D009 for ; Thu, 20 Nov 2003 18:36:16 +0100 (CET) Received: from mail.Go2France.com (ms1.meiway.com [212.73.210.73]) by VirusGate.MEIway.com (Postfix) with ESMTP id 975B85D008 for ; Thu, 20 Nov 2003 18:36:15 +0100 (CET) Received: from tx0.Go2France.com [24.242.169.51] by mail.Go2France.com with ESMTP (SMTPD32-6.06) id AD8E65690120; Thu, 20 Nov 2003 18:44:46 +0100 Message-Id: <6.0.1.1.2.20031118084120.08cd68c8@mail.go2france.com> X-Sender: LConrad@Go2France.com@mail.go2france.com X-Mailer: QUALCOMM Windows Eudora Version 6.0.1.1 Date: Thu, 20 Nov 2003 11:30:03 -0600 To: freebsd-isp@freebsd.org From: Len Conrad In-Reply-To: <010101c3add0$7c2bbd70$1100a8c0@dtg17> References: <029b01c3ad14$5e53b080$110d3ad4@VAHOXP> <0b3a01c3ad1e$2224d850$1100a8c0@dtg17> <6.0.1.1.2.20031117145927.0486af80@mail.go2france.com> <010101c3add0$7c2bbd70$1100a8c0@dtg17> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: Re: About DNS (BIND) with Database X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Nov 2003 17:30:48 -0000 >My apologies if this thread has hit a nerve, I wasn't picking at anyone. I'm >just giving my point of view. And I was giving you mine on your FUD. >The history may be old in terms of computing, but I won't how many >vulnerable systems are still out there? but at this point, running a vulnerable BIND 2 or 3+ years old is not really BIND's fault, nor a reason to recommend against running current BIND8, and esp BIND9 which has NO history of (exploited) vulnerabilities, >System admins that may not even know how to upgrade or even know that the >vulns exist. Then they aren't "sys admins", but jerks. >Plus http://www.isc.org/products/BIND/bind-security.html isn't a very good >track record is it? The charter of ISC is to implement the ALL of RFCs for DNS in BIND8 and 9, so as the RFCs move along, so does BIND, with inevitable bugs. Fixing of the infrequent problems has been extremely fast over the past 3 years. Other DNS software can cherry pick the DNS features they want to (or can) implement and blow off the rest, or push some political agenda. >If people want to use bind or any other package, they do so at their choice. >I'm just saying in my opinion I think there are better alternative. nothing wrong with that, but your reason against choosing BIND, an old security record, was wrong. >If you're happy using bind, use bind. If you're happy with windows 95, use >it. thanks, great advice, the list is grateful. And, if you're happy recommending _against_ something, do it accurately. Trotting out 3+ year old CERT/SANS advisories as reasons for not using current software is BS. Len _____________________________________________________________________ http://MenAndMice.com/DNS-training: Atlanta; Orlando; San Jose IMGate.MEIway.com: anti-spam gateway, effective on 1000's of sites, free