Debian/Ubuntu: Why was the service renamed from bind9 to named?
marka at isc.org
Tue Jul 21 23:28:37 UTC 2020
> On 22 Jul 2020, at 08:23, @lbutlr <kremels at kreme.com> wrote:
> On 21 Jul 2020, at 06:37, Mark Andrews <marka at isc.org> wrote:
>> On 21 Jul 2020, at 18:23, @lbutlr <kremels at kreme.com> wrote:
>>> Bind is a poor choice for desktop use. Packages like unbound are much better for that sort of use, and it is fr less critical if those packages have security issues.
>> Anything that talks to the net is critical path from a security perspective.
> There are different levels of critical, and unbound is a lot further down that list that bind.
I would beg to differ. From an exposure perspective they are identical. They both ask questions onto the network and both have to parse and process those answers. They both produce similar CVSS scores, which are a much more objective way of analysis the need to pay attention to a security issues. BIND and UNBOUND both have had CVSS scores of 7.5
for packets of death.
A packet of death that does nothing else has a CVS 3.0 score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVSS, v3.0, a score of 0.0 receives a "None" rating; a 0.1-3.9 score gets a "Low" severity rating; a score of 4.0-6.9 is a "Medium" rating; score of 7.0-8.9 is a "High" rating; and a score of 9.0 - 10.0 is a "Critical" rating.
If it the fault leads to a potential remote compromise you get into the Critical range.
> We are born naked, wet and hungry; then it's all downhill.
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> bind-users mailing list
> bind-users at lists.isc.org
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users