On Tuesday, November 19, 2002, at 03:25 AM, Oden Eriksson wrote:
Last time I tried this, too many directories where unimplemented so I had toUpgrading from BIND8 to BIND9 should be (relatively) painless. IIRC, there are a few changes to the zone files in certain situations, but I think most people shouldn't have this problem.
postpone this upgrade. Now it didn't even complain much about the zone file
data, nice.
Yeah, it's gotten better.
I had the whole icq chat in my history file that was lost after a session withOk... you don't trust tinydns to do the job. Fair enough. Can I ask why?
ez-drive ;) So..., I can't remember specifically where the problems lies. I
can ask him again if you like?
Better ask him again. I'd like to know.
No one said bind doesn't work. What I said was it doesn't work securely. Anyways, have you read bugtraq and the other security lists lately? There are plenty people pissed at ISC about this. The people who aren't, don't know any better or simply don't care. Also, why isn't switching to djbdns not an option? What's stopping you?As I'm not in the position to tell if bind does the job worse than whateverAnd, on a side note, I suppose this implies you trust BIND to do it's job. I guess that's valid. But can you trust it to do it's job *well*? And can you trust ISC to have your best interests at heart? Or do you feel comfortable with a company who's sat on a remotely exploitable vulnerability for a month, disclosed it to folks who paid for the privilege, then allowed an advisory to go out to the general public and told that same public "we'll have patches available next week"? And "oh, BTW, join our Bind Forum and you can enjoy 3r33t access to patches and fixes as well"?
else name server software I can't really say. I do have to trust that the de
facto standard name server software works. If it didn't work you would surely
be notified from a bunch of angry customers. Switching to djbdns is not an
option for me in the near future I'm afraid.
I know the ISC "support" sucks, but what can you do about it? People do trustIrrelevant. People were blinded by MS for years. MS products are full of security holes and people are realizing it. Why the growing interest in Linux over the last few years? Because people are fed up with MS. The people who continue to use it are either a) trapped into using it (by their own inexperience, doubts, or ignorance), b) don't care about the threats, c) using proprietary software that is not available under Linux (and, incidentally, probably have never tried to see if said software will run in vmware, win4lin, winex, codeweavers, etc.), d) use proprietary games. In the case of bind, the only one that applies is a). Inexperience, doubts, or ignorance.
companies like Microsoft, so... ;)
Many people don't realize there are alternatives to bind. I'm not speaking specifically of djbdns here... there are other alternatives as well.
I have shown you *that* nameserver. Go do some reading at cr.yp.to/djbdns.html. I don't know of any independent tests, but I've not gone looking either.There are many new unwanted features (bloat) in latest bind, I have to agreeSorry. I'd rather do without some of the new fangled features in BIND and go with a product that a) has a pristine security history, b) is 100% compliant with DNS standards (if not some recently ISC-introduced RFCs which are the new-fangled features), c) has better performance than BIND, d) has an author who unequivocally would *never* bull what ISC pulled this week.
with you here. Show me _that_ name server software and I will ditch bind. Do
you know of any independant tests out there?
I'll check this out later when my ibook batteries aren't about to drain... have to be quick if I want to finish this before it automatically goes to sleep... =)What's DLZ? And why do you need MySQL support? Isn't BIND slow enoughWell..., here's what I plan to do; Implement DLZ for latest bind. Packages built with MySQL support here:
for you as it is? =)
http://www.nlnet.nl/projects/dlz/ http://bind-dlz.sourceforge.net/
Thanks, I'm back now, could have arrived in a coffin though, victimised by an(conditional build, but with mysql enabled in the spec file)
http://d-srv.com/Cooker/RPMS/bind-9.2.2-0.rc1.2mdk.i586.rpm
http://d-srv.com/Cooker/RPMS/bind-devel-9.2.2-0.rc1.2mdk.i586.rpm
http://d-srv.com/Cooker/RPMS/bind-utils-9.2.2-0.rc1.2mdk.i586.rpm
http://d-srv.com/Cooker/SRPMS/bind-9.2.2-0.rc1.2mdk.src.rpm
Hmm..., I better hurry up now pack my bags instead of RPM:s ;)..., I'm
bound
for London in two hours.
Have a safe trip.
al-quida cyanid gas attack in the tube..., heh... I don't think I will travel
to such a pleasent target again until that dirty ape bin laden son of a bitch
and all of his deciples has been put six feet under.
No doubt... =( -- MandrakeSoft Security; http://www.mandrakesecure.net/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD: 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
PGP.sig
Description: PGP signature
