Date: Fri, 29 May 1998 20:43:46 +0100 From: Karl Pielorz <kpielorz@tdx.co.uk> To: Brian Lube <brian@mpinet.net> Cc: isp@FreeBSD.ORG Subject: Re: Bind revisited Message-ID: <356F0FF2.F38FB9D6@tdx.co.uk> References: <13371622019371@mpinet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Brian Lube wrote: > > I'm currently working on securing up our BSD box, I apologize in advance > if this has already been beaten to death, but what is the best way to > secure my copy of bind? Should I upgrade to 8.1.1 and then keep up to date > with patches, or is there going to be some sort of update for the 4 series? > We are currently looking to upgrade to the 8.1.1 series, but we're not > really sure how much work it is going to entail. > > Any suggestions on this would be greatly appreciated. > > Brian Lube > senior technician > MPInet 8.1.1 has some security problems which were mentioned by a recent CERT advisory, you should use the latest release which is 8.1.2. We looked at both the latest in the now discontinued (except for bug fixes) 4.9.X series, and 8.1.2 - and decided to go with 8.1.2 at the moment, as we run primary DNS for quite a few customers - 8.1.2 lets you control which interfaces it binds to - and has better security for things like zone transfers. 8.1.2 installs fairly painlessly on FreeBSD - you will need to convert your 'named.boot' file into a 'named.conf' file - which can be a little daunting at first, but you should get used to it... (There is a conversion perl script which comes with FreeBSD -Current at the moment, that I craftily used to convert the named.boot files on all your 2.2.X production boxes ;-) The source for 8.1.2 'knows' about FreeBSD (i.e. has support for compilation / installation on it), but as usual - if it's an important / production box, back it up before - and take care... Regards, Karl Pielorz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?356F0FF2.F38FB9D6>