Re: pulling up BIND 9.7 to netbsd-5?

To: Matthias Scheler <tron%zhadum.org.uk@localhost>
Subject: Re: pulling up BIND 9.7 to netbsd-5?
From: Steven Bellovin <smb%cs.columbia.edu@localhost>
Date: Tue, 14 Dec 2010 09:43:21 -0500

On Dec 14, 2010, at 9:19 04AM, Matthias Scheler wrote:

> On Mon, Dec 13, 2010 at 11:15:52AM -0600, Michael Graff wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> 
>> On 2010-12-01 7:18 AM, Geert Hendrickx wrote:
>>> Hi,
>>> 
>>> BIND on the NetBSD-5 branch is somewhat old (9.5.2) and doesn't support
>>> recent DNSSEC algorithms (RSASHA256, which the root zone is using) and
>>> NSEC3.
>>> 
>>> Could we consider pulling up BIND 9.7.x from current into the NetBSD-5
>>> branch?
>> 
>> Seconded.
> 
> I'm not convinced that is a good idea.
> 
> The last two BIND security problems didn't affect BIND 9.5. But they
> affected BIND 9.6 and 9.7.
> 
Were they actually unaffected, or did no one bother checking?  If the
were unaffected, was it because the problems were in newer code that
was added since 9.5?


                --Steve Bellovin, http://www.cs.columbia.edu/~smb

Follow-Ups:
- Re: pulling up BIND 9.7 to netbsd-5?
  - From: Matthias Scheler

References:
- pulling up BIND 9.7 to netbsd-5?
  - From: Geert Hendrickx
- Re: pulling up BIND 9.7 to netbsd-5?
  - From: Michael Graff
- Re: pulling up BIND 9.7 to netbsd-5?
  - From: Matthias Scheler

Prev by Date: Re: thank you for the updated compat_linux,rpm2pkg,emulators/suse113*, etc.
Next by Date: Re: pulling up BIND 9.7 to netbsd-5?
Previous by Thread: Re: pulling up BIND 9.7 to netbsd-5?
Next by Thread: Re: pulling up BIND 9.7 to netbsd-5?
Indexes:

Home | Main Index | Thread Index | Old Index