Understanding SERVFAIL (for google)

Ketil Froyn isc_bind at ketil.froyn.name
Thu Mar 31 06:57:24 UTC 2005

On Thu, 31 Mar 2005, Mark Andrews wrote:

> > > 	Before attempting to debug this upgrade.  Why anyone would
> > > 	want to continue running old code with lots of known bugs
> > > 	is beyond me.
> >
> > That's the trade off with tracking the Debian Stable packages with
> > only security updates, of course.
> 	If you want to be secure with externally accessable components
> 	then keeping them up to date is generally the best policy.
> 	Named, I am sure, is inspected by black hats at every release
> 	for fixes that may expose remote holes.  While we also do
> 	this and issue advisaries when we find something, we won't
> 	guarantee that we havn't missed a case.  Staying up to date
> 	limits your exposure.


> 	Sometimes I feel we should just issue a security advisary
> 	so that people will just upgrade.  Running old code is a
> 	security risk in its own right.


Only when you define "old" as meaning "a newer version exists which fixes
security problems". Time has nothing to do with it.

The points listed are excellent reasons to run the djbdns software. There
is a cost associated with repeatedly upgrading, and the risk of not
upgrading is high. Everyone must keep their software up to date, so why
not run software that works and remains unchanged?


Ketil Froyn
ketil at froyn.name

More information about the bind-users mailing list