[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: which dns server to use ?

Splash Tekalal wrote:
Apache is more elegant. The only thing that can equal BIND in terms of
bloat, root exploits and general ugliness is perhaps sendmail.

Now, maybe I'm just ignorant, but are there any root exploits on Bind9? (specifically 9.x, not anything older.. we know 8.x was unstable =P)


8.x was/is a stable branch, but there were security issues. These are fixed, and reason to install BIND 8.x with care (like chrooting, see the Securing Debian Manual). There is quite a difference between unstable (is usually referred to as development status) and insecure.

Bind 9.x had some security issues though. See http://www.securityfocus.com/cgi-bin/sfonline/vulns.pl

But for Bind counts the same for all software: you've got to keep up to date with issues and fix/upgrade them when found. That software has never had any issues doesn't mean there won't be any in the future.


Arend van Waart

Reply to: