BIND 9.10.0b1 has been released.
Lawrence K. Chen, P.Eng.
lkchen at ksu.edu
Wed Feb 26 22:48:15 UTC 2014
On 02/26/14 10:01, Evan Hunt wrote:
> On Wed, Feb 26, 2014 at 12:44:37PM +0000, G.W. Haywood wrote:
>> Many of us seek no excitement at all in our working day.
>
> We're here for you, too. BIND 9.9 is an extended support version,
> it won't reach end-of-life until at least 2017, and we won't add new
> features to it unless there's a darned good reason. (Even then, we'll
> generally put them beind #ifdef's, as with --enable-rrl, so you can
> build without them.)
>
> Gotta put new stuff somewhere, though, or we'd all still be using
> BIND 4. :)
>
Except that security patches haven't been going into BIND 4 for some
time (though I vaguely recall hand patching security patches into bind
on RedHat 7.3 in response to the Kaminsky DNS Vulnerability.)
Which was after I had upgraded servers at work from Bind 9.3.x, because
upgrading from openssl 0.9.7 on those systems wasn't possible as it
would break other packages on there. Though the former admin said there
was probably a new flag I needed to use to make it build against that
ancient version of openssl.
I looked to see what package was the problem....pre-Solaris 10 we
deployed systems with our own build of sshd, and trying to remove and
add openssl/sshd while ssh'd into the box is hard. So, I upgraded those
systems from the console...later those machines were replaced with
Solaris 10 systems, where we stayed with the system sshd. So, upgrading
openssl is less scary....
It also helps what with Solaris 10, we went from bind in a chroot to
bind in a DNS only Solaris container (the only two packages that depend
on openssl are bind and nrpe.)
I recall there was some reason to upgrade from 9.6 to 9.7...so that we
didn't go to 9.6-ESV. Possibly DNSSEC related.
Of course, I'm looking at some of the new features in 9.10 and I'm
thinking that they might be something we'll want when its stable....
OTOH, our DHCP servers are still running v3.0.4. (since a month before I
started in 2006...) I had offered to upgrade them to something newer at
various times (and bring them under our configuration management system
-- like I'm doing for a smaller site. They already have all the common
configuration, pools/reservations, in separate files, but currently they
make edits by hand on each server separately....we've had outages due to
mismatches.), but they keep saying some year (since summer 2011) they'll
come up with money to replace them with appliances.
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- & SafeZone Ally
More information about the bind-users
mailing list