Danny Mayer wrote: > [EMAIL PROTECTED] wrote: > >> Evan Hunt wrote: >> >>>> The thing is we are on Bind 8.4.6, we really need to upgrade to a more >>>> up to date version. Anything in 9.x.x ? >>>> >>>> >>> All versions of BIND9 prior to the recent security patches (that is, up to >>> 9.3.5, 9.4.2, and 9.5.0) ran on Windows 2000, but they're wide open to >>> Kaminsky attacks. It would be inadvisable to use any of them for >>> recursive DNS. >>> >>> >>> >> In other words, we are safe to upgrade to BIND 9.5.0 on Windows 2000 as >> long as we do not use it as caching DNS server, correct? >> >> Peter >> > > No. Only the -P2-W1 versions are safe and they do not run on Windows 2000. > > In what way would it be unsafe to run a non-Kaminsky-patched *authoritative-only* nameserver? My understanding is that Kaminsky only applies to resolvers.
- Kevin