Re: BIND 9.10.0b1 has been released.
Hi there, On Wed, 26 Feb 2014, Michael McNally wrote: At ISC we are quite excited about the long list of new features and ... I don't want to rain on your parade, and I know that this is likely to be contentious, but I would just like to ask all at ISC (and I know it isn't necessary, but I'll ask anyway) to remember that many of us out here in the Totally Untamed Internet do not like our infrastructure to be exciting. Long lists of new features give me personally the screaming heeby-jeebies. The last thing anyone needs is a zero-day BIND exploit in the wild. Solid and dependable is good. For the most part BIND is just that, and I can't heap enough praise on the people who gave all that to us. But I've noticed in the last few years that I've had to do more work to keep up with bind developments when a few things have escaped that perhaps should not have. I've wanted to say this for at least a year and I'm finally biting the bullet. Please do not consider this in any way to be any kind of a criticism. Maybe just a gentle nudge. Hopefully a contribution. Take your time. Get it right. No surprises please. If that means that new features aren't even compiled in unless I ask for them, that's fine by me. Many of us seek no excitement at all in our working day. -- 73, Ged. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.10.0b1 has been released.
On Wed, Feb 26, 2014 at 12:44:37PM +, G.W. Haywood wrote: Many of us seek no excitement at all in our working day. We're here for you, too. BIND 9.9 is an extended support version, it won't reach end-of-life until at least 2017, and we won't add new features to it unless there's a darned good reason. (Even then, we'll generally put them beind #ifdef's, as with --enable-rrl, so you can build without them.) Gotta put new stuff somewhere, though, or we'd all still be using BIND 4. :) -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.10.0b1 has been released.
On 02/26/14 10:01, Evan Hunt wrote: On Wed, Feb 26, 2014 at 12:44:37PM +, G.W. Haywood wrote: Many of us seek no excitement at all in our working day. We're here for you, too. BIND 9.9 is an extended support version, it won't reach end-of-life until at least 2017, and we won't add new features to it unless there's a darned good reason. (Even then, we'll generally put them beind #ifdef's, as with --enable-rrl, so you can build without them.) Gotta put new stuff somewhere, though, or we'd all still be using BIND 4. :) Except that security patches haven't been going into BIND 4 for some time (though I vaguely recall hand patching security patches into bind on RedHat 7.3 in response to the Kaminsky DNS Vulnerability.) Which was after I had upgraded servers at work from Bind 9.3.x, because upgrading from openssl 0.9.7 on those systems wasn't possible as it would break other packages on there. Though the former admin said there was probably a new flag I needed to use to make it build against that ancient version of openssl. I looked to see what package was the problempre-Solaris 10 we deployed systems with our own build of sshd, and trying to remove and add openssl/sshd while ssh'd into the box is hard. So, I upgraded those systems from the console...later those machines were replaced with Solaris 10 systems, where we stayed with the system sshd. So, upgrading openssl is less scary It also helps what with Solaris 10, we went from bind in a chroot to bind in a DNS only Solaris container (the only two packages that depend on openssl are bind and nrpe.) I recall there was some reason to upgrade from 9.6 to 9.7...so that we didn't go to 9.6-ESV. Possibly DNSSEC related. Of course, I'm looking at some of the new features in 9.10 and I'm thinking that they might be something we'll want when its stable OTOH, our DHCP servers are still running v3.0.4. (since a month before I started in 2006...) I had offered to upgrade them to something newer at various times (and bring them under our configuration management system -- like I'm doing for a smaller site. They already have all the common configuration, pools/reservations, in separate files, but currently they make edits by hand on each server separatelywe've had outages due to mismatches.), but they keep saying some year (since summer 2011) they'll come up with money to replace them with appliances. -- Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator For: Enterprise Server Technologies (EST) -- SafeZone Ally ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.10.0b1 has been released.
On 02/26/2014 05:48 PM, Lawrence K. Chen, P.Eng. wrote: Except that security patches haven't been going into BIND 4 for some time probably because BIND4 has been deprecated since 2007. BIND8 was deprecated in 2008. BIND 9.4 was deprecated in 2008 with the last release of 9.4-ESV in 2012. the last release of 9.5 was in 2010. 9.7 is also deprecated, last released in 2012. 9.6-ESV is the oldest ISC supported version for the public, it last had an update a few weeks ago. this is the last version of 9.6 as support ended in January. supported versions: 9.8.7 was released a month ago 9.9.5 two weeks ago 9.10.0b1 a month ago if you are running BIND software older than these three trees, you're responsible for creating or finding security patches for that software. ISC doesn't support deprecated versions. the current ESV tree is BIND 9.9 which will be supported until June, 2017. DHCP 4.1-ESV is the oldest supported ESV, which will become unsupported in December of this year. 4.3 will be the next ESV version. 3.1-ESV and 4.0 were deprecated in 2010. -david ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
BIND 9.10.0b1 has been released.
BIND 9.10.0b1 has been released and is now available from: http://www.isc.org/downloads At ISC we are quite excited about the long list of new features and feature improvements in this major release and we hope that you'll share our enthusiasm. We'd particularly like to hear from DNS operators who have a chance to try the new software while it is in beta and provide feedback on the new features and utilities that have been added. If you have an interest in helping us to improve BIND, please consider joining the bind-beta-response list and sharing your experience with the development release. https://lists.isc.org/mailman/listinfo/bind-beta-response ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users