subject:"RE\: BIND 9 windows XP builds"

Re: HA: RE: BIND 9 windows XP builds

2017-04-19 Thread Reindl Harald




Am 19.04.2017 um 06:52 schrieb i.chu...@volga.ttk.ru:

Hello all.

Regarding the "critical mass": I'm the one who downloads BIND from XP box
and I do it just to set it up on internal Linux machine. The reason to use
XP as PC OS is company's policy and lack of money after all. :)

P. S.: I can not imagine any user of BIND to even try to run it from
Windows machine but I think if it is possible to provide Windows XP builds
and there are still plenty of BIND users running Windows XP (Even if it is
botnets. Bontnet is just a piece of software like Windows XP or BIND. Why
do you want to drop botnet support?) there is a reason to build binaries
for Windows XP. Still it is all about money. Not everyone are able to pay
Microsoft for the new OS. And there might be legacy software too. Why do
users have to update and break everything if it works for them? So, my
final answer is: "Don't drop the Windows XP binaries if it's technically
possible to build them."


> Not everyone are able to pay Microsoft for the new OS.
> And there might be legacy software too

so your whole OS is legacy, there is running other legacy software - why 
would you then need BIND as the one and only non-legacy software on that 
box?


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

HA: RE: BIND 9 windows XP builds

2017-04-18 Thread i . chudov

Hello all.

Regarding the "critical mass": I'm the one who downloads BIND from XP box 
and I do it just to set it up on internal Linux machine. The reason to use 
XP as PC OS is company's policy and lack of money after all. :)

P. S.: I can not imagine any user of BIND to even try to run it from 
Windows machine but I think if it is possible to provide Windows XP builds 
and there are still plenty of BIND users running Windows XP (Even if it is 
botnets. Bontnet is just a piece of software like Windows XP or BIND. Why 
do you want to drop botnet support?) there is a reason to build binaries 
for Windows XP. Still it is all about money. Not everyone are able to pay 
Microsoft for the new OS. And there might be legacy software too. Why do 
users have to update and break everything if it works for them? So, my 
final answer is: "Don't drop the Windows XP binaries if it's technically 
possible to build them."
--
With best regards, Igor Chudov.
Tel.: +7 937 266-51-34

От:
"Darcy Kevin (FCA)" <kevin.da...@fcagroup.com>
Кому:
"bind-users@lists.isc.org" <bind-users@lists.isc.org>, 
Дата:
19.04.2017 02:59
Тема:
RE: BIND 9 windows XP builds
Отправитель:
"bind-users" <bind-users-boun...@lists.isc.org>

I guess I'm not so worried about a non-Internet-connected Windows XP box 
forwarding to an Internet-connected box that's running a modern 
(preferably non-Windows) OS. Assuming that the BIND versions are patched 
up to date, of course.

To be sure, all things must come to end, and XP support for BIND is no 
exception. But, the risk calculation runs something like: is there still 
enough critical mass of BIND-on-XP out there that there is a *bigger* risk 
incurred by no longer incorporating new security updates, or, has the 
population dwindled to the point where *only* the withdrawal of support 
will get the remainder to upgrade/replace/refresh their XP boxes?

 - Kevin

-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of 
Paul Kosinski
Sent: Tuesday, April 18, 2017 5:09 PM
To: bind-users@lists.isc.org
Subject: Re: BIND 9 windows XP builds

Yes, I suppose not every machine running BIND is connected to the 
Internet. But how many are network inaccessible to every machine that
*is* connected to the Internet and might be compromised?

We run a local BIND for our LAN to avoid HOSTS files, but that same 
machine is connected to the Internet -- and runs a different instance of 
BIND to be authoritative for our domain. (No, not a separate machine, it's 
a very small installation.)

So, how many BINDs are completely isolated from the Internet, even under 
transitive closure of the internal network? It's surely a proper subset of 
all instances of BIND, but I doubt if it's other than a quite small 
subset.

On Tue, 18 Apr 2017 17:22:24 +
"Darcy Kevin (FCA)" <kevin.da...@fcagroup.com> wrote:

> Unspoken and false assumption: that every machine running BIND is 
> connected to the Internet.
> 
> I'm no fan of old, broken Microsoft OSes (or even the newer ones, for 
> that matter), but let's be clear here: BIND is for anyone who doesn't 
> want to maintain a "hosts" file. "Connected to the Internet" is a much 
> smaller subset of *that* set.
> 
>- Kevin
> 
> -Original Message-
> From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf 
> Of Paul Kosinski Sent: Monday, April 17, 2017 9:08 PM
> To: bind-users@lists.isc.org
> Subject: Re: BIND 9 windows XP builds
> 
> I can see somebody running XP for some "legacy" software that doesn't 
> run nicely on newer versions of Windows, but I would think it 
> extremely risky to have such a machine connected to the Internet.
> 
> Maybe whoever runs BIND on XP should consider converting that machine 
> to Linux, and running BIND on Linux?
> 
> 
> On Mon, 17 Apr 2017 20:30:43 +
> Evan Hunt <e...@isc.org> wrote:
> 
> > Greetings,
> > 
> > For some time ISC has been providing three Windows builds for each 
> > release of BIND 9: x64, win32, and windows XP.
> > 
> > Windows XP is well past its end of life and is no longer receiving 
> > security updates.  I'd like to stop supporting it after the upcoming 
> > maintenance release, but it's been pointed out to me that a 
> > significant number of people -- many thousands -- are downloading 
> > the XP version every time we put out a new release.
> > 
> > This information surprised me. If you're one of those people, would 
> > you mind responding, either on or off the list, to discuss it?  Why 
> > are you using XP to run a name server?  Is it possible you're still 
> > using the XP build out of inertia, but your OS would work eq

Re: BIND 9 windows XP builds

2017-04-18 Thread Mark Andrews


In message <20170418194105.06929a69@ime1.iment.local>, Paul Kosinski writes:
> I would think that a Internet-connected box that is severely
> compromised (e.g., has malware running with maximal privileges) is
> about as bad as having the LAN that the box is on connected to the
> Internet directly (without a Firewall etc.).
> 
> In particular, such a box could be remote controlled to attack XP in
> whatever way XP is vulnerable to attacks from the Internet at large.

Which have always been very few after Microsoft enabled the on
machine firewall by default in SP2.  Most of the problem have been
with applications installed on XP machines and running as Administrator
not the OS itself.

IE is a application as far as I am concerned.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND 9 windows XP builds

2017-04-18 Thread Paul Kosinski

I would think that a Internet-connected box that is severely
compromised (e.g., has malware running with maximal privileges) is
about as bad as having the LAN that the box is on connected to the
Internet directly (without a Firewall etc.).

In particular, such a box could be remote controlled to attack XP in
whatever way XP is vulnerable to attacks from the Internet at large.


On Tue, 18 Apr 2017 22:58:47 +
"Darcy Kevin (FCA)" <kevin.da...@fcagroup.com> wrote:

> I guess I'm not so worried about a non-Internet-connected Windows XP
> box forwarding to an Internet-connected box that's running a modern
> (preferably non-Windows) OS. Assuming that the BIND versions are
> patched up to date, of course.
> 
> To be sure, all things must come to end, and XP support for BIND is
> no exception. But, the risk calculation runs something like: is there
> still enough critical mass of BIND-on-XP out there that there is a
> *bigger* risk incurred by no longer incorporating new security
> updates, or, has the population dwindled to the point where *only*
> the withdrawal of support will get the remainder to
> upgrade/replace/refresh their XP boxes?
> 
>   
> -
> Kevin
> 
> 
> 
> -Original Message-
> From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf
> Of Paul Kosinski Sent: Tuesday, April 18, 2017 5:09 PM
> To: bind-users@lists.isc.org
> Subject: Re: BIND 9 windows XP builds
> 
> Yes, I suppose not every machine running BIND is connected to the
> Internet. But how many are network inaccessible to every machine that
> *is* connected to the Internet and might be compromised?
> 
> We run a local BIND for our LAN to avoid HOSTS files, but that same
> machine is connected to the Internet -- and runs a different instance
> of BIND to be authoritative for our domain. (No, not a separate
> machine, it's a very small installation.)
> 
> So, how many BINDs are completely isolated from the Internet, even
> under transitive closure of the internal network? It's surely a
> proper subset of all instances of BIND, but I doubt if it's other
> than a quite small subset.
> 
> 
> On Tue, 18 Apr 2017 17:22:24 +
> "Darcy Kevin (FCA)" <kevin.da...@fcagroup.com> wrote:
> 
> > Unspoken and false assumption: that every machine running BIND is 
> > connected to the Internet.
> > 
> > I'm no fan of old, broken Microsoft OSes (or even the newer ones,
> > for that matter), but let's be clear here: BIND is for anyone who
> > doesn't want to maintain a "hosts" file. "Connected to the
> > Internet" is a much smaller subset of *that* set.
> > 
> >             - Kevin
> > 
> > -Original Message-
> > From: bind-users [mailto:bind-users-boun...@lists.isc.org] On
> > Behalf Of Paul Kosinski Sent: Monday, April 17, 2017 9:08 PM
> > To: bind-users@lists.isc.org
> > Subject: Re: BIND 9 windows XP builds
> > 
> > I can see somebody running XP for some "legacy" software that
> > doesn't run nicely on newer versions of Windows, but I would think
> > it extremely risky to have such a machine connected to the Internet.
> > 
> > Maybe whoever runs BIND on XP should consider converting that
> > machine to Linux, and running BIND on Linux?
> > 
> > 
> > On Mon, 17 Apr 2017 20:30:43 +
> > Evan Hunt <e...@isc.org> wrote:
> > 
> > > Greetings,
> > > 
> > > For some time ISC has been providing three Windows builds for
> > > each release of BIND 9: x64, win32, and windows XP.
> > > 
> > > Windows XP is well past its end of life and is no longer
> > > receiving security updates.  I'd like to stop supporting it after
> > > the upcoming maintenance release, but it's been pointed out to me
> > > that a significant number of people -- many thousands -- are
> > > downloading the XP version every time we put out a new release.
> > > 
> > > This information surprised me. If you're one of those people,
> > > would you mind responding, either on or off the list, to discuss
> > > it?  Why are you using XP to run a name server?  Is it possible
> > > you're still using the XP build out of inertia, but your OS would
> > > work equally well with the win32 build?  If you're really still
> > > running XP, do you have a plan for transitioning to something
> > > newer?
> > > 
> > > We want to support the needs of our users, but to do that we have
> > > to understand those needs, so please let us know what yours are.
> > > Thanks,
> > > 
> > > --
> > > Evan Hunt -- e...@isc.org
> > > Internet Systems Consortium, Inc.

> 
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: BIND 9 windows XP builds

2017-04-18 Thread Browne, Stuart

Which we can assume is the reason Evan raised the question in the first place.

Stuart

-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Darcy 
Kevin (FCA)
Sent: Wednesday, 19 April 2017 8:59 AM
To: bind-users@lists.isc.org
Subject: RE: BIND 9 windows XP builds

To be sure, all things must come to end, and XP support for BIND is no 
exception. But, the risk calculation runs something like: is there still enough 
critical mass of BIND-on-XP out there that there is a *bigger* risk incurred by 
no longer incorporating new security updates, or, has the population dwindled 
to the point where *only* the withdrawal of support will get the remainder to 
upgrade/replace/refresh their XP boxes?

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: BIND 9 windows XP builds

2017-04-18 Thread Darcy Kevin (FCA)

I guess I'm not so worried about a non-Internet-connected Windows XP box 
forwarding to an Internet-connected box that's running a modern (preferably 
non-Windows) OS. Assuming that the BIND versions are patched up to date, of 
course.

To be sure, all things must come to end, and XP support for BIND is no 
exception. But, the risk calculation runs something like: is there still enough 
critical mass of BIND-on-XP out there that there is a *bigger* risk incurred by 
no longer incorporating new security updates, or, has the population dwindled 
to the point where *only* the withdrawal of support will get the remainder to 
upgrade/replace/refresh their XP boxes?

- Kevin

-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Paul 
Kosinski
Sent: Tuesday, April 18, 2017 5:09 PM
To: bind-users@lists.isc.org
Subject: Re: BIND 9 windows XP builds

Yes, I suppose not every machine running BIND is connected to the Internet. But 
how many are network inaccessible to every machine that
*is* connected to the Internet and might be compromised?

We run a local BIND for our LAN to avoid HOSTS files, but that same machine is 
connected to the Internet -- and runs a different instance of BIND to be 
authoritative for our domain. (No, not a separate machine, it's a very small 
installation.)

So, how many BINDs are completely isolated from the Internet, even under 
transitive closure of the internal network? It's surely a proper subset of all 
instances of BIND, but I doubt if it's other than a quite small subset.

On Tue, 18 Apr 2017 17:22:24 +
"Darcy Kevin (FCA)" <kevin.da...@fcagroup.com> wrote:

> Unspoken and false assumption: that every machine running BIND is 
> connected to the Internet.
> 
> I'm no fan of old, broken Microsoft OSes (or even the newer ones, for 
> that matter), but let's be clear here: BIND is for anyone who doesn't 
> want to maintain a "hosts" file. "Connected to the Internet" is a much 
> smaller subset of *that* set.
> 
>   - Kevin
> 
> -Original Message-
> From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf 
> Of Paul Kosinski Sent: Monday, April 17, 2017 9:08 PM
> To: bind-users@lists.isc.org
> Subject: Re: BIND 9 windows XP builds
> 
> I can see somebody running XP for some "legacy" software that doesn't 
> run nicely on newer versions of Windows, but I would think it 
> extremely risky to have such a machine connected to the Internet.
> 
> Maybe whoever runs BIND on XP should consider converting that machine 
> to Linux, and running BIND on Linux?
> 
> 
> On Mon, 17 Apr 2017 20:30:43 +
> Evan Hunt <e...@isc.org> wrote:
> 
> > Greetings,
> > 
> > For some time ISC has been providing three Windows builds for each 
> > release of BIND 9: x64, win32, and windows XP.
> > 
> > Windows XP is well past its end of life and is no longer receiving 
> > security updates.  I'd like to stop supporting it after the upcoming 
> > maintenance release, but it's been pointed out to me that a 
> > significant number of people -- many thousands -- are downloading 
> > the XP version every time we put out a new release.
> > 
> > This information surprised me. If you're one of those people, would 
> > you mind responding, either on or off the list, to discuss it?  Why 
> > are you using XP to run a name server?  Is it possible you're still 
> > using the XP build out of inertia, but your OS would work equally 
> > well with the win32 build?  If you're really still running XP, do 
> > you have a plan for transitioning to something newer?
> > 
> > We want to support the needs of our users, but to do that we have to 
> > understand those needs, so please let us know what yours are.
> > Thanks,
> > 
> > --
> > Evan Hunt -- e...@isc.org
> > Internet Systems Consortium, Inc.

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND 9 windows XP builds

2017-04-18 Thread Paul Kosinski

Yes, I suppose not every machine running BIND is connected to the
Internet. But how many are network inaccessible to every machine that
*is* connected to the Internet and might be compromised?

We run a local BIND for our LAN to avoid HOSTS files, but that same
machine is connected to the Internet -- and runs a different instance of
BIND to be authoritative for our domain. (No, not a separate machine,
it's a very small installation.)

So, how many BINDs are completely isolated from the Internet, even
under transitive closure of the internal network? It's surely a proper
subset of all instances of BIND, but I doubt if it's other than a quite
small subset.


On Tue, 18 Apr 2017 17:22:24 +
"Darcy Kevin (FCA)" <kevin.da...@fcagroup.com> wrote:

> Unspoken and false assumption: that every machine running BIND is
> connected to the Internet.
> 
> I'm no fan of old, broken Microsoft OSes (or even the newer ones, for
> that matter), but let's be clear here: BIND is for anyone who doesn't
> want to maintain a "hosts" file. "Connected to the Internet" is a
> much smaller subset of *that* set.
> 
>   - Kevin
> 
> -Original Message-
> From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf
> Of Paul Kosinski Sent: Monday, April 17, 2017 9:08 PM
> To: bind-users@lists.isc.org
> Subject: Re: BIND 9 windows XP builds
> 
> I can see somebody running XP for some "legacy" software that doesn't
> run nicely on newer versions of Windows, but I would think it
> extremely risky to have such a machine connected to the Internet.
> 
> Maybe whoever runs BIND on XP should consider converting that machine
> to Linux, and running BIND on Linux?
> 
> 
> On Mon, 17 Apr 2017 20:30:43 +
> Evan Hunt <e...@isc.org> wrote:
> 
> > Greetings,
> > 
> > For some time ISC has been providing three Windows builds for each 
> > release of BIND 9: x64, win32, and windows XP.
> > 
> > Windows XP is well past its end of life and is no longer receiving 
> > security updates.  I'd like to stop supporting it after the
> > upcoming maintenance release, but it's been pointed out to me that
> > a significant number of people -- many thousands -- are downloading
> > the XP version every time we put out a new release.
> > 
> > This information surprised me. If you're one of those people, would 
> > you mind responding, either on or off the list, to discuss it?  Why 
> > are you using XP to run a name server?  Is it possible you're still 
> > using the XP build out of inertia, but your OS would work equally
> > well with the win32 build?  If you're really still running XP, do
> > you have a plan for transitioning to something newer?
> > 
> > We want to support the needs of our users, but to do that we have
> > to understand those needs, so please let us know what yours are.
> > Thanks,
> > 
> > --
> > Evan Hunt -- e...@isc.org
> > Internet Systems Consortium, Inc.

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND 9 windows XP builds

2017-04-18 Thread Reindl Harald




Am 18.04.2017 um 19:22 schrieb Darcy Kevin (FCA):

Unspoken and false assumption: that every machine running BIND is connected to 
the Internet.

I'm no fan of old, broken Microsoft OSes (or even the newer ones, for that matter), but let's be 
clear here: BIND is for anyone who doesn't want to maintain a "hosts" file. 
"Connected to the Internet" is a much smaller subset of *that* set.


but you hardly need a full featured bind for that usecase...

just setup whatever container/vm running dnsmasq which can even use a 
hosts-file as source and likely there is something similar and tiny 
available for windows native too




-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Paul 
Kosinski
Sent: Monday, April 17, 2017 9:08 PM
To: bind-users@lists.isc.org
Subject: Re: BIND 9 windows XP builds

I can see somebody running XP for some "legacy" software that doesn't run 
nicely on newer versions of Windows, but I would think it extremely risky to have such a 
machine connected to the Internet.

Maybe whoever runs BIND on XP should consider converting that machine to Linux, 
and running BIND on Linux?


On Mon, 17 Apr 2017 20:30:43 +
Evan Hunt <e...@isc.org> wrote:


Greetings,

For some time ISC has been providing three Windows builds for each
release of BIND 9: x64, win32, and windows XP.

Windows XP is well past its end of life and is no longer receiving
security updates.  I'd like to stop supporting it after the upcoming
maintenance release, but it's been pointed out to me that a
significant number of people -- many thousands -- are downloading the
XP version every time we put out a new release.

This information surprised me. If you're one of those people, would
you mind responding, either on or off the list, to discuss it?  Why
are you using XP to run a name server?  Is it possible you're still
using the XP build out of inertia, but your OS would work equally well
with the win32 build?  If you're really still running XP, do you have
a plan for transitioning to something newer?

We want to support the needs of our users, but to do that we have to
understand those needs, so please let us know what yours are.  Thanks


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: BIND 9 windows XP builds

2017-04-18 Thread Darcy Kevin (FCA)

Unspoken and false assumption: that every machine running BIND is connected to 
the Internet.

I'm no fan of old, broken Microsoft OSes (or even the newer ones, for that 
matter), but let's be clear here: BIND is for anyone who doesn't want to 
maintain a "hosts" file. "Connected to the Internet" is a much smaller subset 
of *that* set.

- Kevin

-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Paul 
Kosinski
Sent: Monday, April 17, 2017 9:08 PM
To: bind-users@lists.isc.org
Subject: Re: BIND 9 windows XP builds

I can see somebody running XP for some "legacy" software that doesn't run 
nicely on newer versions of Windows, but I would think it extremely risky to 
have such a machine connected to the Internet.

Maybe whoever runs BIND on XP should consider converting that machine to Linux, 
and running BIND on Linux?


On Mon, 17 Apr 2017 20:30:43 +
Evan Hunt <e...@isc.org> wrote:

> Greetings,
> 
> For some time ISC has been providing three Windows builds for each 
> release of BIND 9: x64, win32, and windows XP.
> 
> Windows XP is well past its end of life and is no longer receiving 
> security updates.  I'd like to stop supporting it after the upcoming 
> maintenance release, but it's been pointed out to me that a 
> significant number of people -- many thousands -- are downloading the 
> XP version every time we put out a new release.
> 
> This information surprised me. If you're one of those people, would 
> you mind responding, either on or off the list, to discuss it?  Why 
> are you using XP to run a name server?  Is it possible you're still 
> using the XP build out of inertia, but your OS would work equally well 
> with the win32 build?  If you're really still running XP, do you have 
> a plan for transitioning to something newer?
> 
> We want to support the needs of our users, but to do that we have to 
> understand those needs, so please let us know what yours are.  Thanks,
> 
> --
> Evan Hunt -- e...@isc.org
> Internet Systems Consortium, Inc.
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
> unsubscribe from this list
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: [E] Re: BIND 9 windows XP builds

2017-04-18 Thread Reindl Harald

no, microsoft is *not* repsonsible for fools which connect a 15 years 
old, long unsupported OS version to a network. responsible are the 
people who are running that machines from hell and vendors which provide 
updates for software running on them which appears for users that there 
is some support - just build the binaries with a compiler so that they 
don't run on WinXP "by accident" and the problem goes away sooner or 
later when the machines are no longer working at all


Am 18.04.2017 um 16:39 schrieb David Erickson via bind-users:

One could argue the problem is Microsoft in general.  Problem is people don't 
take security seriously cause they don't think they could ever get compromised 
or hacked.  And then most of the ones who have already been compromised just 
ignore the symptoms thinking their old end of life system is just slow :)  But 
the Microsoft platform in general is the problem not just one single end of 
life platform :)  Unfortunately we definitely can't drop support for all of 
Microsoft lol



-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of G.W. 
Haywood
Sent: Tuesday, April 18, 2017 10:28 AM
To: bind-users@lists.isc.org
Subject: [E] Re: BIND 9 windows XP builds

Hi there,

On Tue, 18 Apr 2017, Evan Hunt wrote:


... I wanted to find out whether there's a reason for so many people
to still be doing this -- even if it wasn't a very good reason --
before I cut them off.


Personally I'm more than a bit surprised, and even a little offended that ISC 
still provides an XP build.  Running an XP machine connected to the Internet is 
like driving around town in an uninsured vehicle with no roadworthiness 
certificate.  It's irresponsible.  Those of us who manage mailservers and who 
take any kind of interest in the threat landscape will attest to the number of 
XP botnets still plying their obnoxious trade, especially (sorted by greatest 
volume in my mailserver logs first) from China, Vietnam, India and the USA.

Cut them off.  If, by being one more provider which drops support for a 
sociopathic menace, you tend to reduce the threat from it, then you will at 
least have the warm appreciation of hard-pressed and generally ill-appreciated 
mail administrators the world over.

If you don't already run 'p0f', then you might want to consider it to give you 
an idea of what's connecting to your servers.  I'd guess it will be more 
informative than any feedback you get from real users.
It wouldn't surprise me if most of the downloaders of XP builds that you're 
seeing are themselves bots.

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: [E] Re: BIND 9 windows XP builds

2017-04-18 Thread David Erickson via bind-users

One could argue the problem is Microsoft in general.  Problem is people don't 
take security seriously cause they don't think they could ever get compromised 
or hacked.  And then most of the ones who have already been compromised just 
ignore the symptoms thinking their old end of life system is just slow :)  But 
the Microsoft platform in general is the problem not just one single end of 
life platform :)  Unfortunately we definitely can't drop support for all of 
Microsoft lol

David Erickson
david.erick...@verizon.com

-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of G.W. 
Haywood
Sent: Tuesday, April 18, 2017 10:28 AM
To: bind-users@lists.isc.org
Subject: [E] Re: BIND 9 windows XP builds

Hi there,

On Tue, 18 Apr 2017, Evan Hunt wrote:

> ... I wanted to find out whether there's a reason for so many people 
> to still be doing this -- even if it wasn't a very good reason -- 
> before I cut them off.

Personally I'm more than a bit surprised, and even a little offended that ISC 
still provides an XP build.  Running an XP machine connected to the Internet is 
like driving around town in an uninsured vehicle with no roadworthiness 
certificate.  It's irresponsible.  Those of us who manage mailservers and who 
take any kind of interest in the threat landscape will attest to the number of 
XP botnets still plying their obnoxious trade, especially (sorted by greatest 
volume in my mailserver logs first) from China, Vietnam, India and the USA.

Cut them off.  If, by being one more provider which drops support for a 
sociopathic menace, you tend to reduce the threat from it, then you will at 
least have the warm appreciation of hard-pressed and generally ill-appreciated 
mail administrators the world over.

If you don't already run 'p0f', then you might want to consider it to give you 
an idea of what's connecting to your servers.  I'd guess it will be more 
informative than any feedback you get from real users.
It wouldn't surprise me if most of the downloaders of XP builds that you're 
seeing are themselves bots.

-- 

73,
Ged.
___
Please visit 
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.isc.org_mailman_listinfo_bind-2Dusers=DwICAg=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ=CCYhX-wesopPi4FsQciZ3xyflA9MGaPBB1U-wtYiyPk=6RHxZm-CgsoYLk0mMG9jcccPTQI43o4UIXKbfV1bRa4=LSxm0JG1nBP9RUPnZQpZtTDCxs9Gl8JVGma1-C2v9a0=
  to unsubscribe from this list

bind-users mailing list
bind-users@lists.isc.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.isc.org_mailman_listinfo_bind-2Dusers=DwICAg=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ=CCYhX-wesopPi4FsQciZ3xyflA9MGaPBB1U-wtYiyPk=6RHxZm-CgsoYLk0mMG9jcccPTQI43o4UIXKbfV1bRa4=LSxm0JG1nBP9RUPnZQpZtTDCxs9Gl8JVGma1-C2v9a0=

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND 9 windows XP builds

2017-04-18 Thread G.W. Haywood


Hi there,

On Tue, 18 Apr 2017, Evan Hunt wrote:


... I wanted to find out whether there's a reason for so many people
to still be doing this -- even if it wasn't a very good reason --
before I cut them off.


Personally I'm more than a bit surprised, and even a little offended
that ISC still provides an XP build.  Running an XP machine connected
to the Internet is like driving around town in an uninsured vehicle
with no roadworthiness certificate.  It's irresponsible.  Those of us
who manage mailservers and who take any kind of interest in the threat
landscape will attest to the number of XP botnets still plying their
obnoxious trade, especially (sorted by greatest volume in my mailserver
logs first) from China, Vietnam, India and the USA.

Cut them off.  If, by being one more provider which drops support for
a sociopathic menace, you tend to reduce the threat from it, then you
will at least have the warm appreciation of hard-pressed and generally
ill-appreciated mail administrators the world over.

If you don't already run 'p0f', then you might want to consider it to
give you an idea of what's connecting to your servers.  I'd guess it
will be more informative than any feedback you get from real users.
It wouldn't surprise me if most of the downloaders of XP builds that
you're seeing are themselves bots.

--

73,
Ged.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND 9 windows XP builds

2017-04-17 Thread Evan Hunt

On Mon, Apr 17, 2017 at 09:08:28PM -0400, Paul Kosinski wrote:
> I can see somebody running XP for some "legacy" software that doesn't
> run nicely on newer versions of Windows, but I would think it extremely
> risky to have such a machine connected to the Internet.

Yes, it seems like an extremely bad idea.

But, I wanted to find out whether there's a reason for so many people to
still be doing this -- even if it wasn't a very good reason -- before I cut
them off.

So far, the only answers I've gotten were from a couple of people who are
in the habit of downloading all the files for each release, but don't
actually use the XP builds. If that turns out to be the only explanation
I hear, then we'll drop XP support after the upcoming releases are final.

-- 
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND 9 windows XP builds

2017-04-17 Thread Paul Kosinski

I can see somebody running XP for some "legacy" software that doesn't
run nicely on newer versions of Windows, but I would think it extremely
risky to have such a machine connected to the Internet.

Maybe whoever runs BIND on XP should consider converting that machine to
Linux, and running BIND on Linux?


On Mon, 17 Apr 2017 20:30:43 +
Evan Hunt  wrote:

> Greetings,
> 
> For some time ISC has been providing three Windows builds for each
> release of BIND 9: x64, win32, and windows XP.
> 
> Windows XP is well past its end of life and is no longer receiving
> security updates.  I'd like to stop supporting it after the upcoming
> maintenance release, but it's been pointed out to me that a
> significant number of people -- many thousands -- are downloading the
> XP version every time we put out a new release.
> 
> This information surprised me. If you're one of those people, would
> you mind responding, either on or off the list, to discuss it?  Why
> are you using XP to run a name server?  Is it possible you're still
> using the XP build out of inertia, but your OS would work equally
> well with the win32 build?  If you're really still running XP, do you
> have a plan for transitioning to something newer?
> 
> We want to support the needs of our users, but to do that we have to
> understand those needs, so please let us know what yours are.  Thanks,
> 
> --
> Evan Hunt -- e...@isc.org
> Internet Systems Consortium, Inc.
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: HA: RE: BIND 9 windows XP builds

HA: RE: BIND 9 windows XP builds

Re: BIND 9 windows XP builds

Re: BIND 9 windows XP builds

RE: BIND 9 windows XP builds

RE: BIND 9 windows XP builds

Re: BIND 9 windows XP builds

Re: BIND 9 windows XP builds

RE: BIND 9 windows XP builds

Re: [E] Re: BIND 9 windows XP builds

RE: [E] Re: BIND 9 windows XP builds

Re: BIND 9 windows XP builds

Re: BIND 9 windows XP builds

Re: BIND 9 windows XP builds

14 matches

Site Navigation

Mail list logo

Footer information