From owner-freebsd-security@FreeBSD.ORG Fri Feb 2 07:30:06 2007 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 23E5716A59F for ; Fri, 2 Feb 2007 07:30:05 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx21.fluidhosting.com [204.14.89.4]) by mx1.freebsd.org (Postfix) with SMTP id 259A113C49D for ; Fri, 2 Feb 2007 07:30:04 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: (qmail 5862 invoked by uid 399); 2 Feb 2007 07:29:54 -0000 Received: from pool-71-107-56-242.lsanca.dsl-w.verizon.net (HELO lap.dougb.net) (dougb@dougbarton.us@71.107.56.242) by mail2.fluidhosting.com with SMTP; 2 Feb 2007 07:29:54 -0000 X-Originating-IP: 71.107.56.242 Message-ID: <45C2E870.5000000@FreeBSD.org> Date: Thu, 01 Feb 2007 23:29:52 -0800 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Thunderbird 2.0b2 (X11/20070116) MIME-Version: 1.0 To: Chuck Swiger References: <001601c74428$ff9d54b0$ab76ed54@odipw> <45BEE27D.1050804@FreeBSD.org> <45BFA1B3.9040000@rxsec.com> <45C23DAA.9040108@FreeBSD.org> <45C24D57.3000704@mac.com> <45C25696.10806@FreeBSD.org> <45C26ACC.9020702@mac.com> In-Reply-To: <45C26ACC.9020702@mac.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: What about BIND 9.3.4 in FreeBSD in base system ? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Feb 2007 07:30:06 -0000 Chuck Swiger wrote: > Doug Barton wrote: >> Chuck Swiger wrote: >>> Doug Barton wrote: >>> I've got two nameservers tracking 5-STABLE >> >> I am not sure how to respond to that. > [ ...comments about moving to 6 snipped for brevity... ] > > That's OK, I wasn't soliciting advice on which platform or OS version a > given set of machines ought to run. Right. As I understood it, you were arguing in favor of MFC'ing a fix to RELENG_5 because you have machines from that branch in a production setting. If I misunderstood your point, I apologize. > When the number of machines one > deals with in a given environment changes from single-digit, to dozens, > to hundreds, to tens of thousands, keeping machines updated to a > bug-free, stable environment is more important than chasing features off > the latest branch. Yes, I understand those issues quite well. I used to manage hundreds of name servers for a company that had many 10s of thousands of machines. And I think that you are basically making my point, which is that users in a serious production environment are probably not using the BIND that comes with FreeBSD in an off the shelf configuration. >>> I'm starting to feel thankful that my important domains include >>> off-site secondaries which are running djbdns. >> >> EGRATUITOUSBINDBASHING > > You seem to be disposed to believe it so, but regardless of opinions, > I've had named crash under moderate loads ... This thread isn't about what's the best brand of name server to use, it's about whether to MFC an update. Doug -- This .signature sanitized for your protection