A concern

Mark admin at asarian-host.net
Tue Sep 23 06:13:47 UTC 2003 

> BIND 9.2.3rc4 is now available.
>
> If you have installed BIND 9.1.3-P1, BIND 9.1.3-P2, BIND 9.2.2-P1,
> BIND 9.2.2-P2, BIND 9.2.3rc2 or BIND 9.2.3rc3 it is recommended that
> you upgrade.  These versions generate false postives when applying
> delegation-only tests.

I am probably going to alienate a few folks on this list for what I am about
to say. So, it may not even be the wisest thing to do; but I decided to say
it anyway.

New versions of BIND have been popping out like crazy, ever since the
Verisign hijacking. And something needed to be done, I fully agree. But I
must confess I am a bit distressed by what I call the "oops" factor. Every
day, since the day, I read how we are to install the latest version, because
the previous one either generated false positives, or something else was not
going right entirely.

Timid questions have been asked to clarify certain issues with these new
versions. And the answer has always been that now everything works fine.
Until the next day, or the same even, I see the announcement of yet a newer
version, which also warns against false positives in earlier versions, etc.

I will be the first to say I am not familiar with the deeper intricacies of
all this delegation-only stuff. But, all the eagerness despite, is it not
possible to err a bit on the side of caution when releasing new versions?
Even when the situation seems to scream for it. I mean, not every day a new
version, but, say, every week, until at least some stability can be
guaranteed? And here is where the "oops" factor comes in. I read comments
like, "Oh well, things just break a little when you use dig," or something
similar; accompanied with what, to my ear, seems a certain lack of
appreciation of the seriousness of the matter.

DNS is a serious matter. And I know the good people at ISC have been working
around the clock to combat a sticky situation which is obviously not of
their own making. And, while the opposite may seem the case, they do have my
gratitude for that. But when I read that this time the final, final version
is out, and now things are really, really fixed, and then, the next morning,
I read the exact same thing, only for yet a newer release, I begin to
scratch my head a bit. And then I begin to wonder whether perhaps it were
not wiser to test out these new candidate-releases for a wee bit longer than
a few hours, before advising the world to upgrade to them.

Feel free to disagree with me, as I'm sure many people will. My point was
not to "win" any argument of sorts anyway, only to express a concern I have.

Sincerely,

- Mark

More information about the bind-users mailing list