Subject: Re: NetBSD Security Advisory 2003-018: DNS negative cache poisoning
To: None <current-users@NetBSD.org>
From: David Maxwell <email@example.com>
Date: 12/18/2003 13:06:10
On Wed, Dec 17, 2003 at 03:29:48PM -0500, David Maxwell wrote:
> On Wed, Dec 17, 2003 at 02:19:23PM -0500, Chuck Yerkes wrote:
> > Again, BIND 9?
> > Is there any reason not to shout out NOW that people should get
> > their zone files into a BIND 9 compliant format in preparation
> > for a BIND 9 cutover?
I've had several questions about my comment regarding IPv6 and bind9.
Here's the text from src/doc/3RDPARTY which describes why NetBSD
includes the version of bind that it does currently.
Current Vers: 4.9.11/8.3.7/8.4.2/9.2.3
Maintainer: Paul Vixie <firstname.lastname@example.org>
Archive Site: ftp://ftp.isc.org/isc/bind/
Responsible: vixie, itojun
bind2netbsd script to import into src/dist/bind.
The Makefiles in src/usr.sbin/bind are not handled by the script.
do not try to use libc resolver from src/usr.sbin/bind, it adds
too much constraint between bind and libc, as well as problem with
_res declaration differences. DNSSEC portion is disabled.
On switching to BIND9: waiting for the release of 9.3.x, as 9.2.x has
some issues (A6 queries for glue, for instance).
David Maxwell, email@example.comfirstname.lastname@example.org --> Unless you have a solution
when you tell them things like that, most people collapse into a gibbering,
unthinking mass. This is the same reason why you probably don't tell your
boss about everything you read on BugTraq! - Signal 11