BIND 8.2.4 vulnerability scope

Mike Mitchell Mike.Mitchell at
Thu Jan 4 14:52:34 UTC 2007

I have many multi-homed devices with various speed links.
The links may even be down at any point in time.
The admins of the devices like to use one name to reference
all of the IP addresses.  They use that one name to access
the device.  When using round-robin or cyclic, often the
non-optimal IP address is returned first in the order
and the connection is slow or the connection times out.

The correct place to address this problem is in the resolver,
but my group does not have administration authority over
the clients.

Our use of BIND goes back over 20 years, and we have a lot
of inertia/company culture to overcome.  At this point we're
dependent on 'rrset-order fixed'.  That was a requirement
when we switched from BIND 4 to BIND 8, and it's still a
requirement today.

Mike Mitchell
SAS Institute Inc.
Mike.Mitchell at
(919) 531-6793

-----Original Message-----
From: bert hubert [mailto:bert.hubert at] 
Sent: Thursday, January 04, 2007 8:06 AM
To: Mike Mitchell
Cc: bind-users at
Subject: Re: BIND 8.2.4 vulnerability scope

On Wed, Jan 03, 2007 at 10:09:59AM -0500, Mike Mitchell wrote:

> If you require 'rrset-order fixed;', like I do, then you're
> stuck with BIND 8 until an official release of BIND 9.4.
> I use BIND 8.4.7, released in December of 2005.

Can you disclose which application/use requires rrset-order fixed?


--      Open source, database driven DNS Software              Open and Closed source services

More information about the bind-users mailing list