Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 29 May 1998 20:43:46 +0100
From:      Karl Pielorz <kpielorz@tdx.co.uk>
To:        Brian Lube <brian@mpinet.net>
Cc:        isp@FreeBSD.ORG
Subject:   Re: Bind revisited
Message-ID:  <356F0FF2.F38FB9D6@tdx.co.uk>
References:  <13371622019371@mpinet.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Brian Lube wrote:
> 
> I'm currently working on securing up our BSD box,  I apologize in advance
> if this has already been beaten to death,  but what is the best way to
> secure my copy of bind?  Should I upgrade to 8.1.1 and then keep up to date
> with patches, or is there going to be some sort of update for the 4 series?
>  We are currently looking to upgrade to the 8.1.1 series, but we're not
> really sure how much work it is going to entail.
> 
> Any suggestions on this would be greatly appreciated.
> 
> Brian Lube
> senior technician
> MPInet

8.1.1 has some security problems which were mentioned by a recent CERT
advisory, you should use the latest release which is 8.1.2. We looked at
both the latest in the now discontinued (except for bug fixes) 4.9.X series,
and 8.1.2 - and decided to go with 8.1.2 at the moment, as we run primary
DNS for quite a few customers - 8.1.2 lets you control which interfaces it
binds to - and has better security for things like zone transfers.

8.1.2 installs fairly painlessly on FreeBSD - you will need to convert your
'named.boot' file into a 'named.conf' file - which can be a little daunting
at first, but you should get used to it... (There is a conversion perl
script which comes with FreeBSD -Current at the moment, that I craftily used
to convert the named.boot files on all your 2.2.X production boxes ;-)

The source for 8.1.2 'knows' about FreeBSD (i.e. has support for compilation
/ installation on it), but as usual - if it's an important / production box,
back it up before - and take care...

Regards,

Karl Pielorz

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?356F0FF2.F38FB9D6>