David Wright wrote: > The constant reports of new BIND vulnerabilities, related to the fact that > BIND was not designed with security in mind. Paul Johnson wrote: > Bind9 is designed with security in mind, it's functionally very > similar to bind8, but on an entirely brand new code base. Think of it > as bind-without-suck 1.0 Yes. Bind9 is a new animal. It is backward compatible with bind8 which is good for those of us upgrading. But it is a complete rewrite. [I find it humorous that you and probably others are avoiding it because you think it similar to bind4 which was really bad about security and bind8 which was generally pretty good but did have some problems. Meanwhile, folks like me that are familar with the old have avoided bind9 specifically because it was a new and completely different code base than bind8 instead of being an upgrade of it.] Meanwhile, back at the debian ranch, put the security update directory in your sources.list file, subscribe to any of the low volumn security announcement mailing lists, then you can easily update if any problem is found. Hear of an advisory for any of the system components? apt-get install to the security fixed version. That is a strength of debian which perhaps other systems do not enjoy and so the greater problems for them when they are forced to update. David Wright wrote: > The complexity and that comes from trying to be able to do lots more > than I need. Hmm... You don't have to use that complexity. And if you don't then it is pretty straight forward as a program. As I mentioned in another note, bind is the messenger for DNS. DNS is DNS. A system that unites a global internet has been known to be a little much for people. But bind does a good job with it. And the folks on the DNS protocols mailing lists have always been responsive to questions. Bob
Attachment:
pgpSKONwjbVom.pgp
Description: PGP signature