Re: [SECURITY] [DSA-196-1] New BIND packages fix several vulnerabilities
Hello All
The latest bind fiasco seems a bit of a mess:
I only hope that these packages will plug the holes:
> These problems have been fixed in version 8.3.3-2.0woody1 for the current
> stable distribution (woody), in 8.2.3-0.potato.3 for the previous stable
> distribution (potato) and in version 8.3.3-3 for the unstable distribution
> (sid). The fixed packages for unstable will enter the archive today.
But I predict that there will be several more DSA's and upgrades
before the problem dies down.
With regards to this suggestion:
> We recommend that you upgrade your bind package immediately, update to
> bind9, or switch to another DNS server implementation.
We dropped sendmail many years ago and I think it may be time to drop
bind. What experiences do others have with alternate DNS servers?
Unfortunately DJB's software is not an option for us. We tried
working with his licence with qmail for a couple of years but we
ended up chasing our tales with custom installations, patches and a
general lack of progress and maintainablility. So we dropped qmail
for exim. It will have to be something with a DFSG compliant licence
that replaces our bind. (This is a pity, because DJB has written some
excellent software.)
Thanks
Ian
---------------------------------------------------------------------
Ian Forbes ZSD
http://www.zsd.co.za
Office: +27 21 683-1388 Fax: +27 21 674-1106
Snail Mail: P.O. Box 46827, Glosderry, 7702, South Africa
---------------------------------------------------------------------
Reply to: