DNS Cache Snooping?
Chris Buxton
cbuxton at menandmice.com
Thu Jun 26 22:38:44 UTC 2008
RH could always do something like what we did...
We had reason to release a BIND 9.4.1-P1 package for our Mac OS X
customers. It looked for configuration options that were missing or
incorrect and fixed them:
- Set allow-recursion, if not defined at all, to the new default. This
makes it show up in the GUI, so that admins can see it. Document,
document, document.
- Prune any obsolete logging categories (leftovers from BIND 8),
because 9.4's behavior here is different than 9.3.
- Add an 'interface-interval' statement, because, well, it's
complicated. Short version: To work around named starting up deaf
during system boot.
In each case, any existing settings were left alone, other than
obsolete logging categories. We made as few changes as possible, and
documented everything. If the system already had an allow-recursion
statement, or an interface-interval statement, we left it alone. Valid
logging category statements were left alone. If we couldn't figure out
the configuration, we left it alone.
Now, knowing Red Hat's rationale for maintaining versions, I agree
that they should not just blindly update all their customers to 9.4.
Like Jeff Lightner, though, I would like to see RH offer two versions
of the BIND package - one for those who want 9.3.x, and another for
those wanting 9.4. They could even offer a new 9.5 package. However, I
recognize how much extra work would be involved, especially if this
strategy were employed for more packages than just BIND.
Chris Buxton
Professional Services
Men & Mice
On Jun 26, 2008, at 7:30 AM, Paul Vixie wrote:
>> I for one would be really upset if RHEL overwrote supposedly default
>> configurations as I noted in my Sun patch to st.conf email yesterday.
>
> can you offer some guideance here, then, for ISC and for RH? the
> default
> ACL for allow-query was *wrong* and had to be fixed for the good of
> the
> internet. we did this with a lot of soul searching and some
> fanfare. we
> put it into a new major release, since we knew it was an
> incompatibility.
> and, since it was a new major release, we also put other things into
> it,
> including some things that RHEL users might benefit from.
>
> how should RH and ISC cause these new features to reach these
> customers?
>
More information about the bind-users
mailing list