Does bind8.2.3 enough?
Jim Reid
jim at rfc1035.com
Sun Mar 3 12:27:24 UTC 2002
>>>>> "David" == David Xiao <xiao at info.sta.net.cn> writes:
David> Oh,the meaning of security here I mentioned is the version
David> of BIND with vulnerability. Does bind8.2.3 have fixed all
David> the vulnerabilities found to the present?
The ISC web page makes it perfectly clear which known security
vulnerabilities exist in which old versions of BIND. Obviously no-one
can provide that information about unknown vulnerabilities which may
or may not exist. This does not mean it's OK to run old code that has
known security holes plugged. A number of bugs have been fixed since
8.2.3: read the CHANGES file in the BIND release. It would be foolish
to run older, more buggy code. Why do you seem to prefer to run old
code that has known bugs even when they are fixed in a later version?
It makes no sense for you to keep asking "is 8.2.3 OK?" when that
version has been superseded. For one thing you may need the bug fixes
that are in a later release. Or the new features in 8.3 or BIND9. For
another, nobody really cares about old code any more. If you persist
in running 8.2.3 and find a problem, the first thing you'll be told to
do is upgrade to the current version. You might as well do that now.
Just do the Right Thing and install the current release, OK?
More information about the bind-users
mailing list