Advice on balancing web traffic using geoip ACls

Scott A. Wozny sawozny at hotmail.com
Sun Feb 23 19:44:15 UTC 2020 

My apologies.  I now realize how important that "extended support" P2 is after the version number which I should have specified in my original email.  I assume that since OpenVAS credentialed scanning doesn't complain about it that the really important patches have been backported to it which is why RHEL / CentOS offer it in their package stores.  When I upgrade OS in the environment I'm sure my BIND version will advance with it.

Thanks,

Scott


________________________________
From: bind-users <bind-users-bounces at lists.isc.org> on behalf of Victoria Risk <vicky at isc.org>
Sent: February 23, 2020 2:35 PM
To: @lbutlr <kremels at kreme.com>
Cc: bind-users <bind-users at lists.isc.org>
Subject: Re: Advice on balancing web traffic using geoip ACls


On Feb 23, 2020, at 6:57 AM, @lbutlr <kremels at kreme.com<mailto:kremels at kreme.com>> wrote:

On 22 Feb 2020, at 18:25, Scott A. Wozny <sawozny at hotmail.com<mailto:sawozny at hotmail.com>> wrote:
I’m setting up hot-hot webserver clusters hosted on the west and east coasts of the US and would like to use Bind 9.11.4

I’d consider changing that version. While Bind 9.11 *is* still supported, it is EOL at the end of this year. If you really really want to run 9.11, at least run the latest patch level (9.11.6 should be coming really soon).

We will continue with security patches for 9.11 through the end of 2021, so 9.11 is not a bad choice for someone who doesn’t want to migrate for a long time.


9.14.10 is the current stable release and 9.11.15 is the current extended support release. Unless you know something is broken in 9.14.10 (unlikely) that would be the version to look at.

9.14 has just been replaced by 9.16, released just this past week. We will continue offering security releases for 9.14 for a 3-month period to support migration to 9.16. Someone doing a migration today should look at 9.16 rather than 9.14.


You absolutely should not be running a bind version several years old, as 9.11.4 is.

agreed


Victoria Risk
Product Manager
Internet Systems Consortium
vicky at isc.org<mailto:vicky at isc.org>





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200223/2e78021f/attachment.htm>

More information about the bind-users mailing list