Re: About DNS (BIND) with Database

• Previous message: Emre Bastuz: "Traffic Shaping for NNTP on Username-basis"
• In reply to: Len Conrad: "Re: About DNS (BIND) with Database"
• Next in thread: Vahric MUHTARYAN: "RE: About DNS (BIND) with Database"
• Reply: Vahric MUHTARYAN: "RE: About DNS (BIND) with Database"
• Reply: Bill Vermillion: "Re: About DNS (BIND) with Database"
• Reply: Len Conrad: "Re: About DNS (BIND) with Database"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: "Len Conrad" <LConrad@Go2France.com>
Date: Tue, 18 Nov 2003 12:35:44 -0000

> >personally i wouldn't use bind, its had a bad security history.
>
> YEP, and it is VERY OLD HISTORY, but it goes back 3 years.
> So what's your gripe about security vulnerabilities in BIND since early
2001?
> If you don't have any concrete, recent examples, then stop the FUD.
> There are reasons some people don't want to use BIND, but security isn't
> one of them.

My apologies if this thread has hit a nerve, I wasn't picking at anyone. I'm
just giving my point of view.

The history may be old in terms of computing, but I won't how many
vulnerable systems are still out there? System admins that may not even know
how to upgrade or even know that the vulns exist.

bind advisories:
http://www.cert.org/advisories/CA-2002-19.html
http://www.cert.org/advisories/CA-2001-02.html
http://www.cert.org/advisories/CA-1999-14.html

Plus http://www.isc.org/products/BIND/bind-security.html isn't a very good
track record is it? Track records are pretty much all you have to go on with
software, unless you audit all the code yourself.

If people want to use bind or any other package, they do so at their choice.
I'm just saying in my opinion I think there are better alternative.

If you're happy using bind, use bind. If you're happy with windows 95, use
it.

Simon

_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

• Previous message: Emre Bastuz: "Traffic Shaping for NNTP on Username-basis"
• In reply to: Len Conrad: "Re: About DNS (BIND) with Database"
• Next in thread: Vahric MUHTARYAN: "RE: About DNS (BIND) with Database"
• Reply: Vahric MUHTARYAN: "RE: About DNS (BIND) with Database"
• Reply: Bill Vermillion: "Re: About DNS (BIND) with Database"
• Reply: Len Conrad: "Re: About DNS (BIND) with Database"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: how can I test the security of my Linux box ? ... Very few ppl are interested in going to jail for helping someone ... Just as BIND - use djbDNS instead of BIND. ... > SATAN is also another program to try on to test your security. ... Satan is quite old - Nessus will be much better nowadays. ... (comp.os.linux.security) Re: Waiting for BIND security announcement ... include the fixes that the security officer deems important enough to ... I can't speak for the security team, but I'm pretty sure that this ... There is even an option in the port to overwrite the base BIND ... name server to the big bad world while tracking RELENG_N_M ("release ... (freebsd-questions) Re: ADAM - New users reading data - best practices ... You bind to the directory (or the connection to the ... AUTHENTICATED USERS built-in security principal for your ACL entries. ... (microsoft.public.windows.server.active_directory) TCP/IP for HP OpenVMS Bind Version 8 Potential Denial ... SSRT3653 - TCP/IP for HP OpenVMS Bind Version 8 Potential Denial ... Software Security Response Team ... (comp.os.vms) [ GLSA 200609-11 ] BIND: Denial of Service ... ISC BIND contains two vulnerabilities allowing a Denial of Service ... lowered by restricting the clients that can ask for recursion. ... in which there are multiple SIG RRsets. ... Security is a primary focus of Gentoo Linux and ensuring the ... (Bugtraq)