Does bind8.2.3 enough?

WebReactor Networks bind at webreactor.net
Sat Mar 2 18:10:11 UTC 2002


If security is your only concern then you should upgrade to the current
release of the major version (4.9.8, 8.3.1 or 9.2.0).

I wouldn't say that any software is truly secure, but the current release of
the major version is almost guaranteed to be *more* secure than an earlier
release of that same major version (8.3.1 will almost always be more secure
than 8.2.5, 8.2.5 better than 8.2.3, and so on).  I don't believe I've ever
heard of ISC introducing security problems with new releases of the same
major version.

Of course 9.2.0 is best of all.

  - John R. S. 


> From: xiao at info.sta.net.cn (David Xiao)
> Organization: http://groups.google.com/
> Newsgroups: comp.protocols.dns.bind
> Date: 2 Mar 2002 05:10:02 -0800
> To: comp-protocols-dns-bind at isc.org
> Subject: Does bind8.2.3 enough?
> 
> 
> I found different statements about bind's bugs on the web site of ISC
> like,
> 
> "...If you are running a version of BIND prior to version 8.2.5, we
> recommend you upgrade for security reasons. ..."
> "...Upgrading to BIND version 9.2.0 is strongly recommended. If that
> is not possible for your site, upgrading at least to BIND version
> 8.2.5 is imperative. ..."
> "...The following table summarizes the vulnerability to the bugs
> mentioned for all versions of BIND distributed by ISC. Upgrading to
> BIND version 8.2.3 or higher is strongly recommended for all users of
> BIND.  ..."
> 
> According ISC's current BIND Vulnerabilities Report, whether the
> bind8.2.3 is  secure or I should upgrade to 8.2.5 or 9.x?
> 
> 



More information about the bind-users mailing list