Security firm warns of outdated software (DNS) ?
Barry Margolin
barmar at genuity.net
Thu Jun 15 00:51:25 UTC 2000
In article <h3r8i8.1n3.ln at littlepcworld.net>,
Richard F. Jr. <blademan at nni.com> wrote:
>Any one read this ?
>From C Net - News.com
>http://news.cnet.com/news/0-1005-200-2073583.html
Basically, all they're saying is that most sites aren't running BIND
8.2.2. I'm not surprised, since most organizations just use whatever
version of BIND comes with their OS. There's still a very significant
portion of the Internet running the stock named on SunOS 4.x servers, which
is BIND 4.8! I think Sun finally upgraded to 4.9.x somewhere around
Solaris 2.5, but didn't ship BIND 8 until Solaris 7. I know that when I
query our customers' primaries for version.bind, most of the time it
doesn't answer, meaning it's either pre-4.9.5 or non-BIND (unfortunately,
lots of them are using MS DNS, sigh...).
We're still running 8.1.2 on our servers because 8.2.2 changes the behavior
WRT "CNAME and other data". It used to be a warning but allowed the server
to load the zone and be authoritative, but now it's an error that causes
the zone to be rejected. We have a handful of customers with this problem
in their domains, and we don't want to screw them by upgrading our slave
servers (we've been trying to track them down and get them to fix it, so
that we can eventually upgrade).
I'm not sure why we haven't upgraded on our caching-only servers; it may
just be because the server administrators want to run the same version
everywhere.
--
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list