[dns-operations] online version checks
Florian Weimer
fweimer at bfk.de
Fri Dec 31 12:19:12 UTC 2010
* Joe Greco:
> Some of us already automate checking versions of DNS servers in our
> network monitoring systems, but finding out when you really need to
> upgrade vs a minor feature update is still a bit of an art form; as
> Paul said, most DNS servers only get restarted very infrequently, and
> I do not get paid to run around upgrading nameservers just because
> someone added a new feature we don't use/need anyways.
For a growing number of people, running outdated code is a compliance
issue. This is particularly true if a scanner vendor decides to infer
a vulnerability based on some form of probing.
> I'd *like* to be able to have better ways to monitor nameservers, but
> some of what would be most useful really requires support in the code
> itself, or from ISC.
It's a bit difficult to put things in the code itself without getting
guaranteed conflicts when applying patches. ($Id$ and stuff like that
have this problem.) A directory containing patch marker files might
work, though. But then you're clearly beyond a single,
mostly-sequential version number.
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the dns-operations
mailing list