BIND 9 windows XP builds

[Paul Kosinski]

Yes, I suppose not every machine running BIND is connected to the
Internet. But how many are network inaccessible to every machine that
*is* connected to the Internet and might be compromised?

We run a local BIND for our LAN to avoid HOSTS files, but that same
machine is connected to the Internet -- and runs a different instance of
BIND to be authoritative for our domain. (No, not a separate machine,
it's a very small installation.)

So, how many BINDs are completely isolated from the Internet, even
under transitive closure of the internal network? It's surely a proper
subset of all instances of BIND, but I doubt if it's other than a quite
small subset.


On Tue, 18 Apr 2017 17:22:24 +0000
"Darcy Kevin (FCA)" <kevin.darcy at fcagroup.com> wrote:

> Unspoken and false assumption: that every machine running BIND is
> connected to the Internet.
> 
> I'm no fan of old, broken Microsoft OSes (or even the newer ones, for
> that matter), but let's be clear here: BIND is for anyone who doesn't
> want to maintain a "hosts" file. "Connected to the Internet" is a
> much smaller subset of *that* set.
> 
> 						- Kevin
> 
> -----Original Message-----
> From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf
> Of Paul Kosinski Sent: Monday, April 17, 2017 9:08 PM
> To: bind-users at lists.isc.org
> Subject: Re: BIND 9 windows XP builds
> 
> I can see somebody running XP for some "legacy" software that doesn't
> run nicely on newer versions of Windows, but I would think it
> extremely risky to have such a machine connected to the Internet.
> 
> Maybe whoever runs BIND on XP should consider converting that machine
> to Linux, and running BIND on Linux?
> 
> 
> On Mon, 17 Apr 2017 20:30:43 +0000
> Evan Hunt <each at isc.org> wrote:
> 
> > Greetings,
> > 
> > For some time ISC has been providing three Windows builds for each 
> > release of BIND 9: x64, win32, and windows XP.
> > 
> > Windows XP is well past its end of life and is no longer receiving 
> > security updates.  I'd like to stop supporting it after the
> > upcoming maintenance release, but it's been pointed out to me that
> > a significant number of people -- many thousands -- are downloading
> > the XP version every time we put out a new release.
> > 
> > This information surprised me. If you're one of those people, would 
> > you mind responding, either on or off the list, to discuss it?  Why 
> > are you using XP to run a name server?  Is it possible you're still 
> > using the XP build out of inertia, but your OS would work equally
> > well with the win32 build?  If you're really still running XP, do
> > you have a plan for transitioning to something newer?
> > 
> > We want to support the needs of our users, but to do that we have
> > to understand those needs, so please let us know what yours are.
> > Thanks,
> > 
> > --
> > Evan Hunt -- each at isc.org
> > Internet Systems Consortium, Inc.