Subject: Re: NetBSD Security Advisory 2003-018: DNS negative cache poisoning
To: None <>
From: David Maxwell <>
List: current-users
Date: 12/18/2003 13:06:10
On Wed, Dec 17, 2003 at 03:29:48PM -0500, David Maxwell wrote:
> On Wed, Dec 17, 2003 at 02:19:23PM -0500, Chuck Yerkes wrote:
> > Again, BIND 9?
> > 
> > Is there any reason not to shout out NOW that people should get
> > their zone files into a BIND 9 compliant format in preparation
> > for a BIND 9 cutover?

I've had several questions about my comment regarding IPv6 and bind9.
Here's the text from src/doc/3RDPARTY which describes why NetBSD
includes the version of bind that it does currently.

Package:        bind/named
Version:        8.3.7
Current Vers:   4.9.11/8.3.7/8.4.2/9.2.3
Maintainer:     Paul Vixie <>
Archive Site:
Mailing List:
Responsible:    vixie, itojun
bind2netbsd script to import into src/dist/bind.
The Makefiles in src/usr.sbin/bind are not handled by the script.
do not try to use libc resolver from src/usr.sbin/bind, it adds
too much constraint between bind and libc, as well as problem with
_res declaration differences.  DNSSEC portion is disabled.
On switching to BIND9: waiting for the release of 9.3.x, as 9.2.x has
some issues (A6 queries for glue, for instance).

David Maxwell,| --> Unless you have a solution
when you tell them things like that, most people collapse into a gibbering, 
unthinking mass.  This is the same reason why you probably don't tell your 
boss about everything you read on BugTraq!    - Signal 11