ISC Security Vulnerability Policy Updated
At ISC we are updating our security vulnerability disclosure policy.Read post
We have begun offering some additional binary packages for BIND 9 on an experimental basis. We already offer binaries for Windows users, which are very popular, and we have been hearing that some users of other operating systems would also like packages from ISC.
For all open source users
We want to make sure that BIND users have access to binaries that include all of ISC’s latest bug fixes, the dependencies for key features like DNSTAP, and no other patches or fixes that ISC does not support.
For ISC Support Subscribers specifically
We would like to offer support subscribers a CentOS image that has no downstream patches that ISC has not created or tested. Eventually we want to provide ISC Support Subscribers with an option for updating directly from a private ISC repository during the Advance Notification period immediately prior to announcing a BIND 9 security vulnerability. We will continue to supply ISC Support Subscribers who receive Advance Security Notifications with security patches or updated tarballs for everyone who wishes to build their own.
We also want to provide ISC Support Subscribers who use the -S Supported Preview version of BIND (aka the Subscription Edition) with an executable, since this version is not publicly available via the usual open source package sites. We plan to provide a CentOS package for BIND 9 -S edition soon.
|OS||Architecture||How is this different from the official package?||ISC package location|
|Windows||32-bit and 64-bit||n/a||https://www.isc.org/download|
|CentOS 6 & 7||i386, x86_64, ppc64le||Minimal changes from official ISC releases. Includes DNSTAP||copr.fedorainfracloud.org: BIND 9 Extended Support Version (ESV), BIND 9 Stable version, BIND 9 Development version|
|Ubuntu 14.04, 16.04 & 18.04||Based on the official Debian package, includes downstream patches not from ISC. Includes DNSTAP.||Launchpad:BIND 9 Extended Support Version (ESV), BIND 9 Stable version, BIND 9 Development version|
|Fedora 27 & 28||i386, x86_64, ppc64le||Minimal changes from official ISC releases. Includes DNSTAP||copr.fedorainfracloud.org: BIND 9 Extended Support Version (ESV), BIND 9 Stable version, BIND 9 Development version|
Debian – Ondřej Surý, Director of DNS Engineering at ISC, has joined the official Debian BIND 9 package maintainers’ team.
CentOS 6 & 7 – packages with upcoming security patches incorporated will be available during the Advance Notification period to ISC support customers.
We plan to provide a CentOS version of the BIND-S subscription edition for support customers. It will not be available to the general public.
The advantages of using an ISC package are:
The disadvantages of switching to an ISC package include:
These are obviously two very different approaches: do you prefer the “reset” we are doing with CentOS, or the “easy migration path” we are following with Debian, Ubuntu, and Fedora?
Please share your comments on the firstname.lastname@example.org mailing list. To report a bug, please open an issue on our BIND 9 GitLab instance at https://gitlab.isc.org/isc-projects/bind9.
What's New from ISC