ISC BIND 9.4.2-P2-W1 is now available
Kevin Darcy
kcd at chrysler.com
Tue Sep 9 00:32:45 UTC 2008
Danny Mayer wrote:
> atomic at people.net.au wrote:
>
>> Evan Hunt wrote:
>>
>>>> The thing is we are on Bind 8.4.6, we really need to upgrade to a more
>>>> up to date version. Anything in 9.x.x ?
>>>>
>>>>
>>> All versions of BIND9 prior to the recent security patches (that is, up to
>>> 9.3.5, 9.4.2, and 9.5.0) ran on Windows 2000, but they're wide open to
>>> Kaminsky attacks. It would be inadvisable to use any of them for
>>> recursive DNS.
>>>
>>>
>>>
>> In other words, we are safe to upgrade to BIND 9.5.0 on Windows 2000 as
>> long as we do not use it as caching DNS server, correct?
>>
>> Peter
>>
>
> No. Only the -P2-W1 versions are safe and they do not run on Windows 2000.
>
>
In what way would it be unsafe to run a non-Kaminsky-patched
*authoritative-only* nameserver? My understanding is that Kaminsky only
applies to resolvers.
- Kevin
More information about the bind-users
mailing list