[dns-operations] online version checks

Graeme Fowler graeme at graemef.net
Tue Jan 4 08:55:16 UTC 2011


On Mon, 2011-01-03 at 16:30 -0700, wllarso wrote:
>  Don't take a sledge hammer approach to this issue.

To chime in with a view from someone who definitely falls well below the
rank of "guru", I have to refer back to some of the messages a long way
back up-thread...

The people who would use a new lookup type, record type or something
which allows them to be notified of new releases and *actually act upon
it* are the very same folks who already do so via mailing lists and so
on; the same folks who happily roll their own software, monitor their
systems and so on.

It might be worth checking with the ClamAV people to see just how many
outdated versions they detect nowadays, given that Clam bleats on every
start/restart/reload/invocation/run of freshclam if it's more than N
versions out of date. That gets spewed into logs, summarised in LogWatch
messages - and ignored by many.

I'm not dismissing the discussion, but I am from a very lowly viewpoint
agreeing that the proposals being made here will only really benefit
people who already take notice anyway. The rest of the world, sadly,
won't see the messages or act upon them.

Yep, that's a rather jaded viewpoint, I'm afraid - but (again referring
back) having seen almost an entire datacentre of Cobalt RaQ systems
rooted in 2000/2001 because the customers updated neither BIND nor
OpenSSH *even though they were notified* makes me cynical as to the
results of the effort involved.

Graeme





More information about the dns-operations mailing list