eivind at aminor.no
Sat Jun 11 22:09:48 UTC 2011
Paul Vixie wrote:
> i think bind needs something like this, but maybe it's an information
I'm not worried about it being information leak really, as long as it just
puts it into the regular logs anyway. But I'm not sure how much good it
really would do. Any sysadmin that cares enough to check her logs would
most likely also be able to keep on top of BIND version numbers. The ones
that really could do with being told "Oi, your BIND is too old! Sort it,
git!" probably won't check their logs anyway and won't notice anything.
Unless BIND starts replacing answers to all queries with a CNAME to
Also - how would such a check work? For example, some vendors like to
patch and package their modified versions of software - how would BIND
9.7.3-2.el6_1.P1.1:32.x86_64 know whether an upgrade to BIND 9.8.0-P2 is
needed or not, if the major security fixes has been backported to the
vendor provided version of BIND? I'll admit that's really more an issue
for the vendor to sort out though, but still.
So, in short: I'm not opposed to a version check like this, it won't do me
any harm - I'm just not sure it would actually be useful.
More information about the bind-workers