Ancient BIND version?
Jim Reid
jim at rfc1035.com
Tue Apr 11 23:19:11 UTC 2000
>>>>> "Barry" == Barry Margolin <barmar at genuity.net> writes:
Barry> Hardly. He's running the version of named that was bundled
Barry> with SunOS 4.x, and even early Solaris 2.x releases. I'll
Barry> bet there are hundreds, maybe thousands, of sites on the
Barry> Internet that haven't bothered to upgrade their servers
Barry> beyond this.
Indeed.
Barry> Believe it or not, there are many places that don't upgrade
Barry> systems that seem to be working OK. They're probably also
Barry> running the SunOS 4.x version of sendmail, I'll bet.
Yeah, and I'll bet a significant number of them will still have
whatever root password - if there was one! - that was shipped with the
OS too... Oh, and lets not forget the ancient code that was shipped by
other vendors. There are probably hundreds or thousands of equally old
versions of BIND in AIX, HP-UX, Ultrix/OSF, SCO, IRIX, etc boxes out
there as well.
Ancient/dead code like this can be a mixed blessing. It will have
serious security holes. Old name servers don't do negative caching and
will hammer the root servers. OTOH, you can fix that by sending them
"creative" DNS answers which make them cache non-existent names for a
*long* time. :-)
More information about the bind-users
mailing list