Understanding SERVFAIL (for google)
Bill Moseley
moseley at hank.org
Thu Mar 31 05:55:20 UTC 2005
On Thu, Mar 31, 2005 at 03:27:19PM +1000, Mark Andrews wrote:
> If you want to be secure with externally accessable components
> then keeping them up to date is generally the best policy.
> Named, I am sure, is inspected by black hats at every release
> for fixes that may expose remote holes. While we also do
> this and issue advisaries when we find something, we won't
> guarantee that we havn't missed a case. Staying up to date
> limits your exposure.
Makes sense. I know my machines are updated within a very short time
of receiving any Debian security announcements. But I don't like
running the old code. I do run a few backports on Stable, but I'm
always worried that something will conflict when they get updated.
We have all been waiting for a new Stable release.
> > Are you saying that the problem I'm seeing is due to running Debian's
> > version of Bind? Or just that the version in Debian Stable is not capable
> > of debugging the problem?
> Well there are bug fixes in there that may fix your problem.
Can I ask a bit more generic question and forget about the versions for
now? I'll assume that my specific problem is related to a bug in the
version I'm running.
In general, if dig shows SERVFAIL are there specific options that will
help detail why that's being reported?
--
Bill Moseley
moseley at hank.org
More information about the bind-users
mailing list