Subject: Re: NetBSD Security Advisory 2003-018: DNS negative cache poisoning
To: None <current-users@NetBSD.org>
From: David Maxwell <david@crlf.net>
List: current-users
Date: 12/18/2003 13:06:10
On Wed, Dec 17, 2003 at 03:29:48PM -0500, David Maxwell wrote:
> On Wed, Dec 17, 2003 at 02:19:23PM -0500, Chuck Yerkes wrote:
> > Again, BIND 9?
> >
> > Is there any reason not to shout out NOW that people should get
> > their zone files into a BIND 9 compliant format in preparation
> > for a BIND 9 cutover?
I've had several questions about my comment regarding IPv6 and bind9.
Here's the text from src/doc/3RDPARTY which describes why NetBSD
includes the version of bind that it does currently.
Package: bind/named
Version: 8.3.7
Current Vers: 4.9.11/8.3.7/8.4.2/9.2.3
Maintainer: Paul Vixie <vixie@vix.com>
Archive Site: ftp://ftp.isc.org/isc/bind/
Mailing List:
Responsible: vixie, itojun
Notes:
bind2netbsd script to import into src/dist/bind.
The Makefiles in src/usr.sbin/bind are not handled by the script.
do not try to use libc resolver from src/usr.sbin/bind, it adds
too much constraint between bind and libc, as well as problem with
_res declaration differences. DNSSEC portion is disabled.
On switching to BIND9: waiting for the release of 9.3.x, as 9.2.x has
some issues (A6 queries for glue, for instance).
--
David Maxwell, david@vex.net|david@maxwell.net --> Unless you have a solution
when you tell them things like that, most people collapse into a gibbering,
unthinking mass. This is the same reason why you probably don't tell your
boss about everything you read on BugTraq! - Signal 11