DNS Cache Snooping?

Paul Vixie Paul_Vixie at isc.org
Tue Jun 24 22:57:54 UTC 2008


> Now it is no way to put 9.4 into RHEL5 because it could break
> existing configurations.

we've been upgrading in place from 9.3 to 9.4, and recommending our bind
support customers and the overall community to do the same, for a year or
two with no bad reports.  9.4 is intended to be fully backward-compatible
with 9.3.  if you know of some way in which it's not, please sing out.

> From my point of view it is not good solution to use your own BIND. It
> means that you have to watch security announcements. Also when you
> care about big number of machines (not one or two servers, I talk about
> 500 servers for example) keep those machines up2date is not so easy.

as i said, RH should provide an RPM for people who want to do this, but
failing that, every organization should be prepared to install updates,
which probably means every organization should have a template machine
that talks to their vendor's update system, and they should then rsync
their software from that machine into their production environment.

> Now reply to original topic. If you don't want use configuration which
> works with 9.3 series and you want use allow-query-cache I recommend
> use distro which includes 9.4 by default.

jeremy provided a method that would work fine for 9.3, so this is moot.



More information about the bind-users mailing list