BIND 9 windows XP builds

Darcy Kevin (FCA) kevin.darcy at fcagroup.com
Tue Apr 18 22:58:47 UTC 2017 

I guess I'm not so worried about a non-Internet-connected Windows XP box forwarding to an Internet-connected box that's running a modern (preferably non-Windows) OS. Assuming that the BIND versions are patched up to date, of course.

To be sure, all things must come to end, and XP support for BIND is no exception. But, the risk calculation runs something like: is there still enough critical mass of BIND-on-XP out there that there is a *bigger* risk incurred by no longer incorporating new security updates, or, has the population dwindled to the point where *only* the withdrawal of support will get the remainder to upgrade/replace/refresh their XP boxes?

											- Kevin



-----Original Message-----
From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Paul Kosinski
Sent: Tuesday, April 18, 2017 5:09 PM
To: bind-users at lists.isc.org
Subject: Re: BIND 9 windows XP builds

Yes, I suppose not every machine running BIND is connected to the Internet. But how many are network inaccessible to every machine that
*is* connected to the Internet and might be compromised?

We run a local BIND for our LAN to avoid HOSTS files, but that same machine is connected to the Internet -- and runs a different instance of BIND to be authoritative for our domain. (No, not a separate machine, it's a very small installation.)

So, how many BINDs are completely isolated from the Internet, even under transitive closure of the internal network? It's surely a proper subset of all instances of BIND, but I doubt if it's other than a quite small subset.


On Tue, 18 Apr 2017 17:22:24 +0000
"Darcy Kevin (FCA)" <kevin.darcy at fcagroup.com> wrote:

> Unspoken and false assumption: that every machine running BIND is 
> connected to the Internet.
> 
> I'm no fan of old, broken Microsoft OSes (or even the newer ones, for 
> that matter), but let's be clear here: BIND is for anyone who doesn't 
> want to maintain a "hosts" file. "Connected to the Internet" is a much 
> smaller subset of *that* set.
> 
> 						- Kevin
> 
> -----Original Message-----
> From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf 
> Of Paul Kosinski Sent: Monday, April 17, 2017 9:08 PM
> To: bind-users at lists.isc.org
> Subject: Re: BIND 9 windows XP builds
> 
> I can see somebody running XP for some "legacy" software that doesn't 
> run nicely on newer versions of Windows, but I would think it 
> extremely risky to have such a machine connected to the Internet.
> 
> Maybe whoever runs BIND on XP should consider converting that machine 
> to Linux, and running BIND on Linux?
> 
> 
> On Mon, 17 Apr 2017 20:30:43 +0000
> Evan Hunt <each at isc.org> wrote:
> 
> > Greetings,
> > 
> > For some time ISC has been providing three Windows builds for each 
> > release of BIND 9: x64, win32, and windows XP.
> > 
> > Windows XP is well past its end of life and is no longer receiving 
> > security updates.  I'd like to stop supporting it after the upcoming 
> > maintenance release, but it's been pointed out to me that a 
> > significant number of people -- many thousands -- are downloading 
> > the XP version every time we put out a new release.
> > 
> > This information surprised me. If you're one of those people, would 
> > you mind responding, either on or off the list, to discuss it?  Why 
> > are you using XP to run a name server?  Is it possible you're still 
> > using the XP build out of inertia, but your OS would work equally 
> > well with the win32 build?  If you're really still running XP, do 
> > you have a plan for transitioning to something newer?
> > 
> > We want to support the needs of our users, but to do that we have to 
> > understand those needs, so please let us know what yours are.
> > Thanks,
> > 
> > --
> > Evan Hunt -- each at isc.org
> > Internet Systems Consortium, Inc.

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list