Pros/Cons for staying with 9.9 or going to 9.10

[Lawrence K. Chen, P.Eng.]

Currently running 9.9.4-P2, been trying to decide if I want to go to 9.10 or 
stay within 9.9.x?

Since 9.9.x is ESV could stay with this version for along time, plus its more 
likely if we go with an appliance....if its using bind, its probably more 
likely to be this version (have only looked at one that is bind based, and it 
was 9.6-ESV though.)

Not sure management realizes these days appliances tend to just be custom 
PCs, they still need to get software updates over time (or not...just as our 
DHCP servers are still running the same level of Solaris 9 and version 3.x 
DHCP when it was configured back in 2006.  They want to replace it with an 
appliance because its been getting less and less stable....)

Though usually an appliance has a (relatively) simple way to get updated.  
Compared to having to open a ticket to get me to update a system that I 
didn't setup or configure...so can't estimate how long that would take, but 
after the first update, I would think future updates to be pretty quick.

I usually have our bind servers updated to the latest security patch before 
our IT security group tells me that I need to update them (unless I determine 
that the patch isn't relevant now...ever since I rushed to a patch...that 
only applied had I upgraded preceding feature release... which I was going 
slow with, because it involved needing to make configuration changes...with 
more empty zones defaulting to on.  Someday I should dig through and clean up 
our entire config file....not just search for the "ADD NEW ZONES HERE" line 
and doing only that....

Like why (until I changed IPs of my servers) kept getting notifies for 
domains I didn't know if I was supposed to be secondary for....had made 
contact with admin before me, and he said we probably were secondary for 
them, but you'll have to ask the person before me on details like who to 
contact about it...or at least a monitored email account ... or non-domain 
dependent.  Had another case where the servers we had listed for them, either 
didn't respond or said they weren't authoritative for the domain.  Couldn't 
send email to their domain...which had come to my attention because another 
administrator had mail piling up for that domain.  After a few years, I 
finally got an email for their admin asking why their domain wasn't working 
off our servers, but my reply bounced.  Someday it might get fixed ;)

OTOH, management has also been looking at non-bind based appliances...so my 
days of using bind on anything might be numbered (my other site is using 
FreeBSD 9.2 for its DNS, eventually they might upgrade to 10.x.  Though I'm 
running 9.9.5 out of ports on these servers, so its possible I could continue 
to stay with bind on 10.x...though I would lose the replace base option.  
(though starting to wish I hadn't selected that option.)  The main reason for 
using ports bind, was to enable the 'filter-aaaa-on-v4' option.  Though 
someday they^H^H^H^H^H I might get ipv6 working.


-- 
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- & SafeZone Ally