Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: OT: Re: WANAL (Re: What could have been done differently?)

  • From: Mike Lewinski
  • Date: Tue Jan 28 16:29:05 2003

On 1/28/03 11:57 AM, "Paul Vixie" <paul@vix.com> wrote:

> 
>>  What do you think of OpenBSD still installing BIND4 as part of the
>> default base system and  recommended as secure by the OpenBSD FAQ ?
>> (See Section 6.8.3 in <http://www.openbsd.org/faq/faq6.html#DNS> )
> 
> i think that bind4 was relatively easy for them to do a format string
> audit on, and that bind9 was comparatively huge, and that their caution
> is justified based on bind4/bind8's record in CERT advisories, and that
> for feature level reasons they will move to bind9 as soon as they can
> complete a security audit on the code.  (although in this case ISC and
> others have already completed such an audit, another pass never hurts.)


It is my understanding that this process has been completed, and BIND9
should ship as the default OpenBSD named in the 3.3 release:

http://deadly.org/article.php3?sid=20030121022208&mode=flat

We've been running BIND9 from the ports tree for over two years now and are
*very* happy with performance/stability.

Mike





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.