Doug Barton wrote:
Chuck Swiger wrote:
Doug Barton wrote:
[ ... ]
Right. As I understood it, you were arguing in favor of MFC'ing a fix to
RELENG_5 because you have machines from that branch in a production
setting. If I misunderstood your point, I apologize.
I would like CVE-2007-0493 fixed in RELENG_5 and RELENG_5_5, specifically, yes
please.
More generally, I would like BIND to deal with hundreds (or-- preferably but
not required-- thousands) of outstanding recursive queries without dumping
core or becoming non-responsive. Have you attempted to reproduce the issue
via the adns port or anything else which generates lots of queries?
When the number of machines one deals with in a given environment
changes from single-digit, to dozens, to hundreds, to tens of
thousands, keeping machines updated to a bug-free, stable environment
is more important than chasing features off the latest branch.
Yes, I understand those issues quite well. I used to manage hundreds of
name servers for a company that had many 10s of thousands of machines.
And I think that you are basically making my point, which is that users
in a serious production environment are probably not using the BIND that
comes with FreeBSD in an off the shelf configuration.
It would be safe to say that almost all people using BIND are not using a
completely off-the-shelf configuration, unless you count the few only running
as "caching-only".
--
-Chuck
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
