I recommend reading what is driving bind version 9:
http://www.isc.org/products/BIND/plans.html
- Marc
On Sun, 23 Apr 2000, Kenneth E. Lussier wrote:
> BIND has been around longer than I have, so most of my knowledge on the subject
> is in retrospect. However, from everything that I have read and heard from
> people, there hasn't been a version of bind yet that hasn't had some sort of
> major security vulnerability. I'm not sure if it is because the crackers are
> better, the systems are more powerful, or if it is the simple fact that DNS (as
> well as most internet-based services) were designed with openness in mind, not
> security. Most services were meant to be used by large numbers of nameless,
> faceless users, and to make them as easily accessible as possible, they were
> left wide open. Now that we depend op things like DNS, it's hard to implement a
> new way of doing things with security in mind. We can build on what we have,
> but if the basic building blocks are vulnerable, then all you can do is tighten
> it as much as possible, and assess the risk of what is left.
> Just my $.01,
> Kenny
>
> Jeff Macdonald wrote:
>
> > I've been cracked via bind 4 times over the past year. Each bind was a
> > different version. The last time was my workstation on a LAN at work. Yes,
> > the LAN should of been firewalled, but more important is to not run
> > services that you don't really need. For workstations, use the workstation
> > install, and you'll get less services started automatically. Add those that
> > you need by hand after the install.
> >
> > One last thing, does Redhat 6.2 configure bind to not run as root? Wouldn't
> > that keep buffer overflows from doing to much damage?
> >
> > At 03:10 PM 4/22/00 -0400, Derek Martin wrote:
> >
> > >I believe I have identified how my system was compromized. CERT has
> > >released this advisory regarding BIND 8.2:
> > >
> > > http://www.cert.org/advisories/CA-99-14-bind.html
> > >
> > >If you are running BIND on an Internet accessible RH6.1 machine, go get
> > >the updates NOW!
> > >
> > >--
> > >PGP/GPG Public key at http://cerberus.ne.mediaone.net/~derek/pubkey.txt
> > >------------------------------------------------------
> > >Derek D. Martin | Unix/Linux Geek
> > >[EMAIL PROTECTED] | [EMAIL PROTECTED]
> > >------------------------------------------------------
> > >
> > >
> > >**********************************************************
> > >To unsubscribe from this list, send mail to
> > >[EMAIL PROTECTED] with the following text in the
> > >*body* (*not* the subject line) of the letter:
> > >unsubscribe gnhlug
> > >**********************************************************
> >
> > **********************************************************
> > To unsubscribe from this list, send mail to
> > [EMAIL PROTECTED] with the following text in the
> > *body* (*not* the subject line) of the letter:
> > unsubscribe gnhlug
> > **********************************************************
>
>
> **********************************************************
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **********************************************************
>
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
