Bind9: Resolver Library Question

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Wed Jul 10 08:52:38 UTC 2002


Mark Olbert <mark at arcabama.com> wrote:

> I'm currently running bind 8.3.3 under linux 2.4.17. I'd like to
> upgrade to bind 9.x, but I'm unclear about what that involves for
> programs that require the resolver library. 

> I've read the commentary about how programs using the resolver library
> still need to be linked against the bind8 version, but I'm unsure how
> I'd do that in practice (while I routinely compile my own binaries I'm
> not too well versed in the details of linking, libraries,etc.).

> What's involved in "retaining" the 8.x resolver library? Or would I be
> better off waiting for further bind 9.x development before switching?

There is nothing you have to do to "retain" you old resolver. It's
built into libc, which is shared amongs most applications on your host.

Those applications that is statically linked will remain functional,
only when linking new applications you have an option to use another
resolver.

Installing a new version of bond does not force you to replace the
resolver in tha same machine, in fact this is often not done at all.


To protect yourself against the current threat of buffer overflow in the
resolver you could replace libc and relink all static binaries. Or
you could replace all nameservers with bind 9.2.1 and make shure that
no client will use another nameserver then your bind-9 ( bind-9
sanitizes the attack-strings making them harmless)

The latter is vastly less complicated then replacing all binaries.

> Thanx in advance!

> - Mark


-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.


More information about the bind-users mailing list