BIND 9 windows XP builds

Paul Kosinski bind at iment.com
Tue Apr 18 23:41:05 UTC 2017 

I would think that a Internet-connected box that is severely
compromised (e.g., has malware running with maximal privileges) is
about as bad as having the LAN that the box is on connected to the
Internet directly (without a Firewall etc.).

In particular, such a box could be remote controlled to attack XP in
whatever way XP is vulnerable to attacks from the Internet at large.


On Tue, 18 Apr 2017 22:58:47 +0000
"Darcy Kevin (FCA)" <kevin.darcy at fcagroup.com> wrote:

> I guess I'm not so worried about a non-Internet-connected Windows XP
> box forwarding to an Internet-connected box that's running a modern
> (preferably non-Windows) OS. Assuming that the BIND versions are
> patched up to date, of course.
> 
> To be sure, all things must come to end, and XP support for BIND is
> no exception. But, the risk calculation runs something like: is there
> still enough critical mass of BIND-on-XP out there that there is a
> *bigger* risk incurred by no longer incorporating new security
> updates, or, has the population dwindled to the point where *only*
> the withdrawal of support will get the remainder to
> upgrade/replace/refresh their XP boxes?
> 
> 											-
> Kevin
> 
> 
> 
> -----Original Message-----
> From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf
> Of Paul Kosinski Sent: Tuesday, April 18, 2017 5:09 PM
> To: bind-users at lists.isc.org
> Subject: Re: BIND 9 windows XP builds
> 
> Yes, I suppose not every machine running BIND is connected to the
> Internet. But how many are network inaccessible to every machine that
> *is* connected to the Internet and might be compromised?
> 
> We run a local BIND for our LAN to avoid HOSTS files, but that same
> machine is connected to the Internet -- and runs a different instance
> of BIND to be authoritative for our domain. (No, not a separate
> machine, it's a very small installation.)
> 
> So, how many BINDs are completely isolated from the Internet, even
> under transitive closure of the internal network? It's surely a
> proper subset of all instances of BIND, but I doubt if it's other
> than a quite small subset.
> 
> 
> On Tue, 18 Apr 2017 17:22:24 +0000
> "Darcy Kevin (FCA)" <kevin.darcy at fcagroup.com> wrote:
> 
> > Unspoken and false assumption: that every machine running BIND is 
> > connected to the Internet.
> > 
> > I'm no fan of old, broken Microsoft OSes (or even the newer ones,
> > for that matter), but let's be clear here: BIND is for anyone who
> > doesn't want to maintain a "hosts" file. "Connected to the
> > Internet" is a much smaller subset of *that* set.
> > 
> > 						- Kevin
> > 
> > -----Original Message-----
> > From: bind-users [mailto:bind-users-bounces at lists.isc.org] On
> > Behalf Of Paul Kosinski Sent: Monday, April 17, 2017 9:08 PM
> > To: bind-users at lists.isc.org
> > Subject: Re: BIND 9 windows XP builds
> > 
> > I can see somebody running XP for some "legacy" software that
> > doesn't run nicely on newer versions of Windows, but I would think
> > it extremely risky to have such a machine connected to the Internet.
> > 
> > Maybe whoever runs BIND on XP should consider converting that
> > machine to Linux, and running BIND on Linux?
> > 
> > 
> > On Mon, 17 Apr 2017 20:30:43 +0000
> > Evan Hunt <each at isc.org> wrote:
> > 
> > > Greetings,
> > > 
> > > For some time ISC has been providing three Windows builds for
> > > each release of BIND 9: x64, win32, and windows XP.
> > > 
> > > Windows XP is well past its end of life and is no longer
> > > receiving security updates.  I'd like to stop supporting it after
> > > the upcoming maintenance release, but it's been pointed out to me
> > > that a significant number of people -- many thousands -- are
> > > downloading the XP version every time we put out a new release.
> > > 
> > > This information surprised me. If you're one of those people,
> > > would you mind responding, either on or off the list, to discuss
> > > it?  Why are you using XP to run a name server?  Is it possible
> > > you're still using the XP build out of inertia, but your OS would
> > > work equally well with the win32 build?  If you're really still
> > > running XP, do you have a plan for transitioning to something
> > > newer?
> > > 
> > > We want to support the needs of our users, but to do that we have
> > > to understand those needs, so please let us know what yours are.
> > > Thanks,
> > > 
> > > --
> > > Evan Hunt -- each at isc.org
> > > Internet Systems Consortium, Inc.

>

More information about the bind-users mailing list