
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
174
|
Chapter 6: Securing Domain Name Services (DNS)
Making Sense out of BIND Versions
Three major versions of BIND are presently in use, despite the ISC’s best efforts to
retire at least one of them. BIND v9 is the newest version and its current minor-ver-
sion number is, as of this writing, 9.2.3.
For a variety of practical and historical reasons, however, the BIND user community
and most Unix vendors/packagers have been slow to embrace BIND v9, so BIND v8
is still in widespread use. Due to two nasty buffer-overflow vulnerabilities in BIND
v8 that can lead to root compromise, it is essential that anyone using BIND v8 use its
latest version, currently 8.4.4, or better still, upgrade to BIND v9, which shares no
code with BIND v8 or earlier.
Speaking of earlier versions, although BIND v8.1 was released in May 1997, some
users continue using BIND v4. In fact, a few Unix vendors and packagers still bun-
dle BIND v4 with their operating systems. This is due mainly to stability problems
and security issues with BIND v8 and mistrust of BIND v9. Accordingly, the Inter-
net Software Consortium has continued, reluctantly, to issue occaisional security
patches for Version 4, despite having ceased other development of that code version
some years ago.
So, which version should you use? In my opinion, ...