HA: RE: BIND 9 windows XP builds
Hello all. Regarding the "critical mass": I'm the one who downloads BIND from XP box and I do it just to set it up on internal Linux machine. The reason to use XP as PC OS is company's policy and lack of money after all. :) P. S.: I can not imagine any user of BIND to even try to run it from Windows machine but I think if it is possible to provide Windows XP builds and there are still plenty of BIND users running Windows XP (Even if it is botnets. Bontnet is just a piece of software like Windows XP or BIND. Why do you want to drop botnet support?) there is a reason to build binaries for Windows XP. Still it is all about money. Not everyone are able to pay Microsoft for the new OS. And there might be legacy software too. Why do users have to update and break everything if it works for them? So, my final answer is: "Don't drop the Windows XP binaries if it's technically possible to build them." -- With best regards, Igor Chudov. Tel.: +7 937 266-51-34 От: "Darcy Kevin (FCA)"Кому: "bind-users@lists.isc.org" , Дата: 19.04.2017 02:59 Тема: RE: BIND 9 windows XP builds Отправитель: "bind-users" I guess I'm not so worried about a non-Internet-connected Windows XP box forwarding to an Internet-connected box that's running a modern (preferably non-Windows) OS. Assuming that the BIND versions are patched up to date, of course. To be sure, all things must come to end, and XP support for BIND is no exception. But, the risk calculation runs something like: is there still enough critical mass of BIND-on-XP out there that there is a *bigger* risk incurred by no longer incorporating new security updates, or, has the population dwindled to the point where *only* the withdrawal of support will get the remainder to upgrade/replace/refresh their XP boxes? - Kevin -Original Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Paul Kosinski Sent: Tuesday, April 18, 2017 5:09 PM To: bind-users@lists.isc.org Subject: Re: BIND 9 windows XP builds Yes, I suppose not every machine running BIND is connected to the Internet. But how many are network inaccessible to every machine that *is* connected to the Internet and might be compromised? We run a local BIND for our LAN to avoid HOSTS files, but that same machine is connected to the Internet -- and runs a different instance of BIND to be authoritative for our domain. (No, not a separate machine, it's a very small installation.) So, how many BINDs are completely isolated from the Internet, even under transitive closure of the internal network? It's surely a proper subset of all instances of BIND, but I doubt if it's other than a quite small subset. On Tue, 18 Apr 2017 17:22:24 + "Darcy Kevin (FCA)" wrote: > Unspoken and false assumption: that every machine running BIND is > connected to the Internet. > > I'm no fan of old, broken Microsoft OSes (or even the newer ones, for > that matter), but let's be clear here: BIND is for anyone who doesn't > want to maintain a "hosts" file. "Connected to the Internet" is a much > smaller subset of *that* set. > >- Kevin > > -Original Message- > From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf > Of Paul Kosinski Sent: Monday, April 17, 2017 9:08 PM > To: bind-users@lists.isc.org > Subject: Re: BIND 9 windows XP builds > > I can see somebody running XP for some "legacy" software that doesn't > run nicely on newer versions of Windows, but I would think it > extremely risky to have such a machine connected to the Internet. > > Maybe whoever runs BIND on XP should consider converting that machine > to Linux, and running BIND on Linux? > > > On Mon, 17 Apr 2017 20:30:43 + > Evan Hunt wrote: > > > Greetings, > > > > For some time ISC has been providing three Windows builds for each > > release of BIND 9: x64, win32, and windows XP. > > > > Windows XP is well past its end of life and is no longer receiving > > security updates. I'd like to stop supporting it after the upcoming > > maintenance release, but it's been pointed out to me that a > > significant number of people -- many thousands -- are downloading > > the XP version every time we put out a new release. > > > > This information surprised me. If you're one of those people, would > > you mind responding, either on or off the list, to discuss it? Why > > are you using XP to run a name server? Is it possible you're still > > using the XP build out of inertia, but your OS would work equally > > well with the win32 build? If you're really still running XP, do > > you have a plan for transitioning to something newer? > > > > We want to support the needs of our users, but to do that we have to > > understand those needs, so please let us know what yours are. > > Thanks, > > > > -- > >
Re: BIND 9 windows XP builds
In message <20170418194105.06929a69@ime1.iment.local>, Paul Kosinski writes: > I would think that a Internet-connected box that is severely > compromised (e.g., has malware running with maximal privileges) is > about as bad as having the LAN that the box is on connected to the > Internet directly (without a Firewall etc.). > > In particular, such a box could be remote controlled to attack XP in > whatever way XP is vulnerable to attacks from the Internet at large. Which have always been very few after Microsoft enabled the on machine firewall by default in SP2. Most of the problem have been with applications installed on XP machines and running as Administrator not the OS itself. IE is a application as far as I am concerned. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9 windows XP builds
I would think that a Internet-connected box that is severely compromised (e.g., has malware running with maximal privileges) is about as bad as having the LAN that the box is on connected to the Internet directly (without a Firewall etc.). In particular, such a box could be remote controlled to attack XP in whatever way XP is vulnerable to attacks from the Internet at large. On Tue, 18 Apr 2017 22:58:47 + "Darcy Kevin (FCA)"wrote: > I guess I'm not so worried about a non-Internet-connected Windows XP > box forwarding to an Internet-connected box that's running a modern > (preferably non-Windows) OS. Assuming that the BIND versions are > patched up to date, of course. > > To be sure, all things must come to end, and XP support for BIND is > no exception. But, the risk calculation runs something like: is there > still enough critical mass of BIND-on-XP out there that there is a > *bigger* risk incurred by no longer incorporating new security > updates, or, has the population dwindled to the point where *only* > the withdrawal of support will get the remainder to > upgrade/replace/refresh their XP boxes? > > > - > Kevin > > > > -Original Message- > From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf > Of Paul Kosinski Sent: Tuesday, April 18, 2017 5:09 PM > To: bind-users@lists.isc.org > Subject: Re: BIND 9 windows XP builds > > Yes, I suppose not every machine running BIND is connected to the > Internet. But how many are network inaccessible to every machine that > *is* connected to the Internet and might be compromised? > > We run a local BIND for our LAN to avoid HOSTS files, but that same > machine is connected to the Internet -- and runs a different instance > of BIND to be authoritative for our domain. (No, not a separate > machine, it's a very small installation.) > > So, how many BINDs are completely isolated from the Internet, even > under transitive closure of the internal network? It's surely a > proper subset of all instances of BIND, but I doubt if it's other > than a quite small subset. > > > On Tue, 18 Apr 2017 17:22:24 + > "Darcy Kevin (FCA)" wrote: > > > Unspoken and false assumption: that every machine running BIND is > > connected to the Internet. > > > > I'm no fan of old, broken Microsoft OSes (or even the newer ones, > > for that matter), but let's be clear here: BIND is for anyone who > > doesn't want to maintain a "hosts" file. "Connected to the > > Internet" is a much smaller subset of *that* set. > > > > - Kevin > > > > -Original Message- > > From: bind-users [mailto:bind-users-boun...@lists.isc.org] On > > Behalf Of Paul Kosinski Sent: Monday, April 17, 2017 9:08 PM > > To: bind-users@lists.isc.org > > Subject: Re: BIND 9 windows XP builds > > > > I can see somebody running XP for some "legacy" software that > > doesn't run nicely on newer versions of Windows, but I would think > > it extremely risky to have such a machine connected to the Internet. > > > > Maybe whoever runs BIND on XP should consider converting that > > machine to Linux, and running BIND on Linux? > > > > > > On Mon, 17 Apr 2017 20:30:43 + > > Evan Hunt wrote: > > > > > Greetings, > > > > > > For some time ISC has been providing three Windows builds for > > > each release of BIND 9: x64, win32, and windows XP. > > > > > > Windows XP is well past its end of life and is no longer > > > receiving security updates. I'd like to stop supporting it after > > > the upcoming maintenance release, but it's been pointed out to me > > > that a significant number of people -- many thousands -- are > > > downloading the XP version every time we put out a new release. > > > > > > This information surprised me. If you're one of those people, > > > would you mind responding, either on or off the list, to discuss > > > it? Why are you using XP to run a name server? Is it possible > > > you're still using the XP build out of inertia, but your OS would > > > work equally well with the win32 build? If you're really still > > > running XP, do you have a plan for transitioning to something > > > newer? > > > > > > We want to support the needs of our users, but to do that we have > > > to understand those needs, so please let us know what yours are. > > > Thanks, > > > > > > -- > > > Evan Hunt -- e...@isc.org > > > Internet Systems Consortium, Inc. > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: BIND 9 windows XP builds
Which we can assume is the reason Evan raised the question in the first place. Stuart -Original Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Darcy Kevin (FCA) Sent: Wednesday, 19 April 2017 8:59 AM To: bind-users@lists.isc.org Subject: RE: BIND 9 windows XP builds To be sure, all things must come to end, and XP support for BIND is no exception. But, the risk calculation runs something like: is there still enough critical mass of BIND-on-XP out there that there is a *bigger* risk incurred by no longer incorporating new security updates, or, has the population dwindled to the point where *only* the withdrawal of support will get the remainder to upgrade/replace/refresh their XP boxes? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: BIND 9 windows XP builds
I guess I'm not so worried about a non-Internet-connected Windows XP box forwarding to an Internet-connected box that's running a modern (preferably non-Windows) OS. Assuming that the BIND versions are patched up to date, of course. To be sure, all things must come to end, and XP support for BIND is no exception. But, the risk calculation runs something like: is there still enough critical mass of BIND-on-XP out there that there is a *bigger* risk incurred by no longer incorporating new security updates, or, has the population dwindled to the point where *only* the withdrawal of support will get the remainder to upgrade/replace/refresh their XP boxes? - Kevin -Original Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Paul Kosinski Sent: Tuesday, April 18, 2017 5:09 PM To: bind-users@lists.isc.org Subject: Re: BIND 9 windows XP builds Yes, I suppose not every machine running BIND is connected to the Internet. But how many are network inaccessible to every machine that *is* connected to the Internet and might be compromised? We run a local BIND for our LAN to avoid HOSTS files, but that same machine is connected to the Internet -- and runs a different instance of BIND to be authoritative for our domain. (No, not a separate machine, it's a very small installation.) So, how many BINDs are completely isolated from the Internet, even under transitive closure of the internal network? It's surely a proper subset of all instances of BIND, but I doubt if it's other than a quite small subset. On Tue, 18 Apr 2017 17:22:24 + "Darcy Kevin (FCA)"wrote: > Unspoken and false assumption: that every machine running BIND is > connected to the Internet. > > I'm no fan of old, broken Microsoft OSes (or even the newer ones, for > that matter), but let's be clear here: BIND is for anyone who doesn't > want to maintain a "hosts" file. "Connected to the Internet" is a much > smaller subset of *that* set. > > - Kevin > > -Original Message- > From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf > Of Paul Kosinski Sent: Monday, April 17, 2017 9:08 PM > To: bind-users@lists.isc.org > Subject: Re: BIND 9 windows XP builds > > I can see somebody running XP for some "legacy" software that doesn't > run nicely on newer versions of Windows, but I would think it > extremely risky to have such a machine connected to the Internet. > > Maybe whoever runs BIND on XP should consider converting that machine > to Linux, and running BIND on Linux? > > > On Mon, 17 Apr 2017 20:30:43 + > Evan Hunt wrote: > > > Greetings, > > > > For some time ISC has been providing three Windows builds for each > > release of BIND 9: x64, win32, and windows XP. > > > > Windows XP is well past its end of life and is no longer receiving > > security updates. I'd like to stop supporting it after the upcoming > > maintenance release, but it's been pointed out to me that a > > significant number of people -- many thousands -- are downloading > > the XP version every time we put out a new release. > > > > This information surprised me. If you're one of those people, would > > you mind responding, either on or off the list, to discuss it? Why > > are you using XP to run a name server? Is it possible you're still > > using the XP build out of inertia, but your OS would work equally > > well with the win32 build? If you're really still running XP, do > > you have a plan for transitioning to something newer? > > > > We want to support the needs of our users, but to do that we have to > > understand those needs, so please let us know what yours are. > > Thanks, > > > > -- > > Evan Hunt -- e...@isc.org > > Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9 windows XP builds
Yes, I suppose not every machine running BIND is connected to the Internet. But how many are network inaccessible to every machine that *is* connected to the Internet and might be compromised? We run a local BIND for our LAN to avoid HOSTS files, but that same machine is connected to the Internet -- and runs a different instance of BIND to be authoritative for our domain. (No, not a separate machine, it's a very small installation.) So, how many BINDs are completely isolated from the Internet, even under transitive closure of the internal network? It's surely a proper subset of all instances of BIND, but I doubt if it's other than a quite small subset. On Tue, 18 Apr 2017 17:22:24 + "Darcy Kevin (FCA)"wrote: > Unspoken and false assumption: that every machine running BIND is > connected to the Internet. > > I'm no fan of old, broken Microsoft OSes (or even the newer ones, for > that matter), but let's be clear here: BIND is for anyone who doesn't > want to maintain a "hosts" file. "Connected to the Internet" is a > much smaller subset of *that* set. > > - Kevin > > -Original Message- > From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf > Of Paul Kosinski Sent: Monday, April 17, 2017 9:08 PM > To: bind-users@lists.isc.org > Subject: Re: BIND 9 windows XP builds > > I can see somebody running XP for some "legacy" software that doesn't > run nicely on newer versions of Windows, but I would think it > extremely risky to have such a machine connected to the Internet. > > Maybe whoever runs BIND on XP should consider converting that machine > to Linux, and running BIND on Linux? > > > On Mon, 17 Apr 2017 20:30:43 + > Evan Hunt wrote: > > > Greetings, > > > > For some time ISC has been providing three Windows builds for each > > release of BIND 9: x64, win32, and windows XP. > > > > Windows XP is well past its end of life and is no longer receiving > > security updates. I'd like to stop supporting it after the > > upcoming maintenance release, but it's been pointed out to me that > > a significant number of people -- many thousands -- are downloading > > the XP version every time we put out a new release. > > > > This information surprised me. If you're one of those people, would > > you mind responding, either on or off the list, to discuss it? Why > > are you using XP to run a name server? Is it possible you're still > > using the XP build out of inertia, but your OS would work equally > > well with the win32 build? If you're really still running XP, do > > you have a plan for transitioning to something newer? > > > > We want to support the needs of our users, but to do that we have > > to understand those needs, so please let us know what yours are. > > Thanks, > > > > -- > > Evan Hunt -- e...@isc.org > > Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9 windows XP builds
Am 18.04.2017 um 19:22 schrieb Darcy Kevin (FCA): Unspoken and false assumption: that every machine running BIND is connected to the Internet. I'm no fan of old, broken Microsoft OSes (or even the newer ones, for that matter), but let's be clear here: BIND is for anyone who doesn't want to maintain a "hosts" file. "Connected to the Internet" is a much smaller subset of *that* set. but you hardly need a full featured bind for that usecase... just setup whatever container/vm running dnsmasq which can even use a hosts-file as source and likely there is something similar and tiny available for windows native too -Original Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Paul Kosinski Sent: Monday, April 17, 2017 9:08 PM To: bind-users@lists.isc.org Subject: Re: BIND 9 windows XP builds I can see somebody running XP for some "legacy" software that doesn't run nicely on newer versions of Windows, but I would think it extremely risky to have such a machine connected to the Internet. Maybe whoever runs BIND on XP should consider converting that machine to Linux, and running BIND on Linux? On Mon, 17 Apr 2017 20:30:43 + Evan Huntwrote: Greetings, For some time ISC has been providing three Windows builds for each release of BIND 9: x64, win32, and windows XP. Windows XP is well past its end of life and is no longer receiving security updates. I'd like to stop supporting it after the upcoming maintenance release, but it's been pointed out to me that a significant number of people -- many thousands -- are downloading the XP version every time we put out a new release. This information surprised me. If you're one of those people, would you mind responding, either on or off the list, to discuss it? Why are you using XP to run a name server? Is it possible you're still using the XP build out of inertia, but your OS would work equally well with the win32 build? If you're really still running XP, do you have a plan for transitioning to something newer? We want to support the needs of our users, but to do that we have to understand those needs, so please let us know what yours are. Thanks ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: BIND 9 windows XP builds
Unspoken and false assumption: that every machine running BIND is connected to the Internet. I'm no fan of old, broken Microsoft OSes (or even the newer ones, for that matter), but let's be clear here: BIND is for anyone who doesn't want to maintain a "hosts" file. "Connected to the Internet" is a much smaller subset of *that* set. - Kevin -Original Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Paul Kosinski Sent: Monday, April 17, 2017 9:08 PM To: bind-users@lists.isc.org Subject: Re: BIND 9 windows XP builds I can see somebody running XP for some "legacy" software that doesn't run nicely on newer versions of Windows, but I would think it extremely risky to have such a machine connected to the Internet. Maybe whoever runs BIND on XP should consider converting that machine to Linux, and running BIND on Linux? On Mon, 17 Apr 2017 20:30:43 + Evan Huntwrote: > Greetings, > > For some time ISC has been providing three Windows builds for each > release of BIND 9: x64, win32, and windows XP. > > Windows XP is well past its end of life and is no longer receiving > security updates. I'd like to stop supporting it after the upcoming > maintenance release, but it's been pointed out to me that a > significant number of people -- many thousands -- are downloading the > XP version every time we put out a new release. > > This information surprised me. If you're one of those people, would > you mind responding, either on or off the list, to discuss it? Why > are you using XP to run a name server? Is it possible you're still > using the XP build out of inertia, but your OS would work equally well > with the win32 build? If you're really still running XP, do you have > a plan for transitioning to something newer? > > We want to support the needs of our users, but to do that we have to > understand those needs, so please let us know what yours are. Thanks, > > -- > Evan Hunt -- e...@isc.org > Internet Systems Consortium, Inc. > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: [E] Re: BIND 9 windows XP builds
no, microsoft is *not* repsonsible for fools which connect a 15 years old, long unsupported OS version to a network. responsible are the people who are running that machines from hell and vendors which provide updates for software running on them which appears for users that there is some support - just build the binaries with a compiler so that they don't run on WinXP "by accident" and the problem goes away sooner or later when the machines are no longer working at all Am 18.04.2017 um 16:39 schrieb David Erickson via bind-users: One could argue the problem is Microsoft in general. Problem is people don't take security seriously cause they don't think they could ever get compromised or hacked. And then most of the ones who have already been compromised just ignore the symptoms thinking their old end of life system is just slow :) But the Microsoft platform in general is the problem not just one single end of life platform :) Unfortunately we definitely can't drop support for all of Microsoft lol -Original Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of G.W. Haywood Sent: Tuesday, April 18, 2017 10:28 AM To: bind-users@lists.isc.org Subject: [E] Re: BIND 9 windows XP builds Hi there, On Tue, 18 Apr 2017, Evan Hunt wrote: ... I wanted to find out whether there's a reason for so many people to still be doing this -- even if it wasn't a very good reason -- before I cut them off. Personally I'm more than a bit surprised, and even a little offended that ISC still provides an XP build. Running an XP machine connected to the Internet is like driving around town in an uninsured vehicle with no roadworthiness certificate. It's irresponsible. Those of us who manage mailservers and who take any kind of interest in the threat landscape will attest to the number of XP botnets still plying their obnoxious trade, especially (sorted by greatest volume in my mailserver logs first) from China, Vietnam, India and the USA. Cut them off. If, by being one more provider which drops support for a sociopathic menace, you tend to reduce the threat from it, then you will at least have the warm appreciation of hard-pressed and generally ill-appreciated mail administrators the world over. If you don't already run 'p0f', then you might want to consider it to give you an idea of what's connecting to your servers. I'd guess it will be more informative than any feedback you get from real users. It wouldn't surprise me if most of the downloaders of XP builds that you're seeing are themselves bots. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: [E] Re: BIND 9 windows XP builds
One could argue the problem is Microsoft in general. Problem is people don't take security seriously cause they don't think they could ever get compromised or hacked. And then most of the ones who have already been compromised just ignore the symptoms thinking their old end of life system is just slow :) But the Microsoft platform in general is the problem not just one single end of life platform :) Unfortunately we definitely can't drop support for all of Microsoft lol David Erickson david.erick...@verizon.com -Original Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of G.W. Haywood Sent: Tuesday, April 18, 2017 10:28 AM To: bind-users@lists.isc.org Subject: [E] Re: BIND 9 windows XP builds Hi there, On Tue, 18 Apr 2017, Evan Hunt wrote: > ... I wanted to find out whether there's a reason for so many people > to still be doing this -- even if it wasn't a very good reason -- > before I cut them off. Personally I'm more than a bit surprised, and even a little offended that ISC still provides an XP build. Running an XP machine connected to the Internet is like driving around town in an uninsured vehicle with no roadworthiness certificate. It's irresponsible. Those of us who manage mailservers and who take any kind of interest in the threat landscape will attest to the number of XP botnets still plying their obnoxious trade, especially (sorted by greatest volume in my mailserver logs first) from China, Vietnam, India and the USA. Cut them off. If, by being one more provider which drops support for a sociopathic menace, you tend to reduce the threat from it, then you will at least have the warm appreciation of hard-pressed and generally ill-appreciated mail administrators the world over. If you don't already run 'p0f', then you might want to consider it to give you an idea of what's connecting to your servers. I'd guess it will be more informative than any feedback you get from real users. It wouldn't surprise me if most of the downloaders of XP builds that you're seeing are themselves bots. -- 73, Ged. ___ Please visit https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.isc.org_mailman_listinfo_bind-2Dusers=DwICAg=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ=CCYhX-wesopPi4FsQciZ3xyflA9MGaPBB1U-wtYiyPk=6RHxZm-CgsoYLk0mMG9jcccPTQI43o4UIXKbfV1bRa4=LSxm0JG1nBP9RUPnZQpZtTDCxs9Gl8JVGma1-C2v9a0= to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.isc.org_mailman_listinfo_bind-2Dusers=DwICAg=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ=CCYhX-wesopPi4FsQciZ3xyflA9MGaPBB1U-wtYiyPk=6RHxZm-CgsoYLk0mMG9jcccPTQI43o4UIXKbfV1bRa4=LSxm0JG1nBP9RUPnZQpZtTDCxs9Gl8JVGma1-C2v9a0= ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9 windows XP builds
Hi there, On Tue, 18 Apr 2017, Evan Hunt wrote: ... I wanted to find out whether there's a reason for so many people to still be doing this -- even if it wasn't a very good reason -- before I cut them off. Personally I'm more than a bit surprised, and even a little offended that ISC still provides an XP build. Running an XP machine connected to the Internet is like driving around town in an uninsured vehicle with no roadworthiness certificate. It's irresponsible. Those of us who manage mailservers and who take any kind of interest in the threat landscape will attest to the number of XP botnets still plying their obnoxious trade, especially (sorted by greatest volume in my mailserver logs first) from China, Vietnam, India and the USA. Cut them off. If, by being one more provider which drops support for a sociopathic menace, you tend to reduce the threat from it, then you will at least have the warm appreciation of hard-pressed and generally ill-appreciated mail administrators the world over. If you don't already run 'p0f', then you might want to consider it to give you an idea of what's connecting to your servers. I'd guess it will be more informative than any feedback you get from real users. It wouldn't surprise me if most of the downloaders of XP builds that you're seeing are themselves bots. -- 73, Ged. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users