[55397] in North American Network Operators' Group
Re: OT: Re: WANAL (Re: What could have been done differently?)
daemon@ATHENA.MIT.EDU (Paul Vixie)
Tue Jan 28 13:59:42 2003
From: Paul Vixie <paul@vix.com>
To: nanog@merit.edu
In-Reply-To: Message from Rafi Sadowsky <rafi-nanog@meron.openu.ac.il>
of "Tue, 28 Jan 2003 20:53:59 +0200."
<Pine.GSO.4.21.0301282028370.21274-100000@meron.openu.ac.il>
Date: Tue, 28 Jan 2003 18:57:54 +0000
Errors-To: owner-nanog-outgoing@merit.edu
> What do you think of OpenBSD still installing BIND4 as part of the
> default base system and recommended as secure by the OpenBSD FAQ ?
> (See Section 6.8.3 in <http://www.openbsd.org/faq/faq6.html#DNS> )
i think that bind4 was relatively easy for them to do a format string
audit on, and that bind9 was comparatively huge, and that their caution
is justified based on bind4/bind8's record in CERT advisories, and that
for feature level reasons they will move to bind9 as soon as they can
complete a security audit on the code. (although in this case ISC and
others have already completed such an audit, another pass never hurts.)
