torsdagen den 14 november 2002 23.25 skrev Vincent Danen: > On Thursday, November 14, 2002, at 03:44 AM, Oden Eriksson wrote:
> >> Anyways, bind8 is only in 7.2 and SNF7.2... 8.0+ install bind9 by > >> default. I'm actually impressed that bind9 isn't affected by any of > >> this, but it sure makes it easy to support. Why are you still using > >> bind8 (I'm assuming you're not using a 7.2 box since this is on > >> cooker). > > > > There are people refusing to upgrade, and my bind-chroot packages are > > for > > them. But anyway after a couple of hours fiddling with the conf files > > I was > > able to run one of my clients 2000+ hosts zone files under 9.2.1, so I > > will > > recommend them to upgrade. > > Upgrading from BIND8 to BIND9 should be (relatively) painless. IIRC, > there are a few changes to the zone files in certain situations, but I > think most people shouldn't have this problem. Last time I tried this, too many directories where unimplemented so I had to postpone this upgrade. Now it didn't even complain much about the zone file data, nice. > >> Actually, the real question, is why are you still using bind at all? > >> ISC screwed the pooch on this one big time... I wouldn't touch bind > >> after this mess with a 10 foot pole. > > > > Because I do not trust tinydns to do the job. I know a guy that has > > been > > working several years with the dot se top domain..., and I do take his > > word > > for it... > > Ok... you don't trust tinydns to do the job. Fair enough. Can I ask > why? I had the whole icq chat in my history file that was lost after a session with ez-drive ;) So..., I can't remember specifically where the problems lies. I can ask him again if you like? > And, on a side note, I suppose this implies you trust BIND to do it's > job. I guess that's valid. But can you trust it to do it's job > *well*? And can you trust ISC to have your best interests at heart? > Or do you feel comfortable with a company who's sat on a remotely > exploitable vulnerability for a month, disclosed it to folks who paid > for the privilege, then allowed an advisory to go out to the general > public and told that same public "we'll have patches available next > week"? And "oh, BTW, join our Bind Forum and you can enjoy 3r33t > access to patches and fixes as well"? As I'm not in the position to tell if bind does the job worse than whatever else name server software I can't really say. I do have to trust that the de facto standard name server software works. If it didn't work you would surely be notified from a bunch of angry customers. Switching to djbdns is not an option for me in the near future I'm afraid. I know the ISC "support" sucks, but what can you do about it? People do trust companies like Microsoft, so... ;) > Sorry. I'd rather do without some of the new fangled features in BIND > and go with a product that a) has a pristine security history, b) is > 100% compliant with DNS standards (if not some recently ISC-introduced > RFCs which are the new-fangled features), c) has better performance > than BIND, d) has an author who unequivocally would *never* bull what > ISC pulled this week. There are many new unwanted features (bloat) in latest bind, I have to agree with you here. Show me _that_ name server software and I will ditch bind. Do you know of any independant tests out there? > > Well..., here's what I plan to do; Implement DLZ for latest bind. > > Packages > > built with MySQL support here: > > What's DLZ? And why do you need MySQL support? Isn't BIND slow enough > for you as it is? =) http://www.nlnet.nl/projects/dlz/ http://bind-dlz.sourceforge.net/ > > (conditional build, but with mysql enabled in the spec file) > > > > http://d-srv.com/Cooker/RPMS/bind-9.2.2-0.rc1.2mdk.i586.rpm > > http://d-srv.com/Cooker/RPMS/bind-devel-9.2.2-0.rc1.2mdk.i586.rpm > > http://d-srv.com/Cooker/RPMS/bind-utils-9.2.2-0.rc1.2mdk.i586.rpm > > http://d-srv.com/Cooker/SRPMS/bind-9.2.2-0.rc1.2mdk.src.rpm > > > > Hmm..., I better hurry up now pack my bags instead of RPM:s ;)..., I'm > > bound > > for London in two hours. > > Have a safe trip. Thanks, I'm back now, could have arrived in a coffin though, victimised by an al-quida cyanid gas attack in the tube..., heh... I don't think I will travel to such a pleasent target again until that dirty ape bin laden son of a bitch and all of his deciples has been put six feet under. -- Regards // Oden Eriksson, Deserve-IT Networks Check the "Modules For Apache2" status page at: http://www.deserve-it.com/modules_for_apache2.html
