From owner-freebsd-isp  Fri May 29 12:44:19 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA21330
          for freebsd-isp-outgoing; Fri, 29 May 1998 12:44:19 -0700 (PDT)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from caladan.tdx.co.uk (caladan.tdx.co.uk [195.188.177.4])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA21211
          for <isp@FreeBSD.ORG>; Fri, 29 May 1998 12:43:51 -0700 (PDT)
          (envelope-from kpielorz@tdx.co.uk)
Received: from tdx.co.uk (lorca-tx.tdx.co.uk [195.188.177.242])
	by caladan.tdx.co.uk (8.8.8/8.8.8) with ESMTP id UAA14285;
	Fri, 29 May 1998 20:43:46 +0100 (BST)
	(envelope-from kpielorz@tdx.co.uk)
Message-ID: <356F0FF2.F38FB9D6@tdx.co.uk>
Date: Fri, 29 May 1998 20:43:46 +0100
From: Karl Pielorz <kpielorz@tdx.co.uk>
Organization: TDX
X-Mailer: Mozilla 4.05 [en] (WinNT; I)
MIME-Version: 1.0
To: Brian Lube <brian@mpinet.net>
CC: isp@FreeBSD.ORG
Subject: Re: Bind revisited
References: <13371622019371@mpinet.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Brian Lube wrote:
> 
> I'm currently working on securing up our BSD box,  I apologize in advance
> if this has already been beaten to death,  but what is the best way to
> secure my copy of bind?  Should I upgrade to 8.1.1 and then keep up to date
> with patches, or is there going to be some sort of update for the 4 series?
>  We are currently looking to upgrade to the 8.1.1 series, but we're not
> really sure how much work it is going to entail.
> 
> Any suggestions on this would be greatly appreciated.
> 
> Brian Lube
> senior technician
> MPInet

8.1.1 has some security problems which were mentioned by a recent CERT
advisory, you should use the latest release which is 8.1.2. We looked at
both the latest in the now discontinued (except for bug fixes) 4.9.X series,
and 8.1.2 - and decided to go with 8.1.2 at the moment, as we run primary
DNS for quite a few customers - 8.1.2 lets you control which interfaces it
binds to - and has better security for things like zone transfers.

8.1.2 installs fairly painlessly on FreeBSD - you will need to convert your
'named.boot' file into a 'named.conf' file - which can be a little daunting
at first, but you should get used to it... (There is a conversion perl
script which comes with FreeBSD -Current at the moment, that I craftily used
to convert the named.boot files on all your 2.2.X production boxes ;-)

The source for 8.1.2 'knows' about FreeBSD (i.e. has support for compilation
/ installation on it), but as usual - if it's an important / production box,
back it up before - and take care...

Regards,

Karl Pielorz

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message