[dns-operations] New subscribers

Paul Vixie vixie at isc.org
Tue Dec 28 15:42:55 UTC 2010


> Date: Tue, 28 Dec 2010 07:55:07 -0600
> From: Lyle Giese <lyle at lcrcomputer.net>
> ...
> I started a small home based ISP operation around 2000 and installed
> Bind8.something(current at the time) and discovered that I had a version
> that could be crashed with a magic packet/query. ...

i'm so sorry about that!  i remember that bug.  at that time my day job
was mfn/abovenet, and i remember annoying my customers there by probing our
entire address space looking for vulnerable bind8 versions... talk about
a conflict of interest, eh?

> ... That sent me down the path of learning how to monitor services and
> get notified of outages(now using Nagios for this).
> 
> It also taught me to install from source and always use the latest
> production code to prevent these as best I can. Now on the path to
> learn DNSSEC and IPv6 (I have native IPv6 here from my upstream
> provider)

if that bind8 bug taught you all that, then some good came of it after
all.  your policies as expressed above are best practices as far as i'm
concerned... BIND really ought to have a startup version check option so
that people running out of date or vulnerable versions will get
notifications from their own installed software about it.

note, you and i are in the minority as far as installing from source,
most folks either depend on their OS versions for updates, or they
install from some kind of binary package manager (rpm or the local
equivilent.)

> I am always looking to learn more about new technology in all areas that
> concern my operations here, whether it be BIND, email services, Apache
> or related stuff.
> 
> Lyle Giese
> LCR Computer Services, Inc.

in that case you may be interested in <http://bind10.isc.org/>.

paul



More information about the dns-operations mailing list