vixie at isc.org
Tue Jun 14 01:12:07 UTC 2011
> From: Mark Andrews <marka at isc.org>
> Date: Tue, 14 Jun 2011 11:04:09 +1000
> latest TXT <version list>
> supported TXT <version list> not eol and no known vulnerabilities
> 9.0.0 TXT <cve list>/"*"/"-" "*" no longer maintained (N years
> after eol)
> 9.4.1 TXT <cve list>/"*"/"-" "-" no known vulnerabilities.
> 9.4.2 TXT <cve list>/"*"/"-"
> 9.8.0b1 TXT <cve list>/"*"/"-" only listed until end of beta/rc period
i think you mean 0.0.9, 1.4.9, 2.4.9, and 0b1.8.9, in the above example.
(not that i'm sure this is what i'd recommend doing, but in any case let's
put the most significant label on the right if we put stuff in the dns.)
the thing that pains folks is that the qname will express their version
number. even if someone is comfortable having ISC receive this information
(which as michael graff pointed out would help us allocated resources since
we'd have some idea of how many people run each old version), they might
not be comfortable exposing this information in the clear to passive dns
and any deep packet inspection machinery that's on the path to ISC.
More information about the bind-workers