Currently running 9.9.4-P2, been trying to decide if I want to go to 9.10 or
stay within 9.9.x?
Since 9.9.x is ESV could stay with this version for along time, plus its more
likely if we go with an appliance....if its using bind, its probably more
likely to be this version (have only looked at one that is bind based, and it
was 9.6-ESV though.)
Not sure management realizes these days appliances tend to just be custom
PCs, they still need to get software updates over time (or not...just as our
DHCP servers are still running the same level of Solaris 9 and version 3.x
DHCP when it was configured back in 2006. They want to replace it with an
appliance because its been getting less and less stable....)
Though usually an appliance has a (relatively) simple way to get updated.
Compared to having to open a ticket to get me to update a system that I
didn't setup or configure...so can't estimate how long that would take, but
after the first update, I would think future updates to be pretty quick.
I usually have our bind servers updated to the latest security patch before
our IT security group tells me that I need to update them (unless I determine
that the patch isn't relevant now...ever since I rushed to a patch...that
only applied had I upgraded preceding feature release... which I was going
slow with, because it involved needing to make configuration changes...with
more empty zones defaulting to on. Someday I should dig through and clean up
our entire config file....not just search for the "ADD NEW ZONES HERE" line
and doing only that....
Like why (until I changed IPs of my servers) kept getting notifies for
domains I didn't know if I was supposed to be secondary for....had made
contact with admin before me, and he said we probably were secondary for
them, but you'll have to ask the person before me on details like who to
contact about it...or at least a monitored email account ... or non-domain
dependent. Had another case where the servers we had listed for them, either
didn't respond or said they weren't authoritative for the domain. Couldn't
send email to their domain...which had come to my attention because another
administrator had mail piling up for that domain. After a few years, I
finally got an email for their admin asking why their domain wasn't working
off our servers, but my reply bounced. Someday it might get fixed ;)
OTOH, management has also been looking at non-bind based appliances...so my
days of using bind on anything might be numbered (my other site is using
FreeBSD 9.2 for its DNS, eventually they might upgrade to 10.x. Though I'm
running 9.9.5 out of ports on these servers, so its possible I could continue
to stay with bind on 10.x...though I would lose the replace base option.
(though starting to wish I hadn't selected that option.) The main reason for
using ports bind, was to enable the 'filter-aaaa-on-v4' option. Though
someday they^H^H^H^H^H I might get ipv6 working.
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- & SafeZone Ally
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
