please review Bv9ARM-book changes for integrating AusCERT AL-1999.004
Jeremy C. Reed
reed at reedmedia.net
Mon Apr 30 14:13:49 UTC 2007
On Sun, 29 Apr 2007, Danny Mayer wrote:
> > *** TODO: check this: A C source code patch must be applied
> > to all BIND 8.2.1 servers for the configuration
> > presented in this section to operate correctly. This
> > unsupported patch to BIND version 8.2.1 prevents BIND
> > returning REFUSED when it should be returning a
> > referral to a child zone.
> >
> > This patch is available from:
> >
> > ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.patch
> >
> > *** not available ***
> >
> > ???: is this integrated yet???
>
> You surely aren't going to recommend that any use BIND 8.2.1? It must be
> at least 8-9 years old and there are so many security issues that you
> really shouldn't recommend anything less than 9.3.x and preferably 9.4.0.
The Bv9ARM book is for BIND 9. No I am not recommending 8.x.
Note that this content is not my writing. The current document references
that document which makes the document inconvenient for a printed reading.
If the referenced URL contains critical or important information, then it
should be integrated into the Bv9ARM (and we have permission to reuse the
documented if desired). Basically I am just asking the members here: what
parts of that referenced URL should be included in the Bv9ARM and what
should be rewritten or improved?
I just want to clarify that the fix for 8.x made it to 9.x. Anyone know?
If I recall correctly, I was told it was not. (I think I asked AUSCERT
about it too.)
Jeremy C. Reed
More information about the bind-workers
mailing list