Re: What about BIND 9.3.4 in FreeBSD in base system ?

Doug Barton wrote:
> Chuck Swiger wrote:
>> Doug Barton wrote:
[ ... ]
> Right. As I understood it, you were arguing in favor of MFC'ing a fix to 
> RELENG_5 because you have machines from that branch in a production 
> setting.  If I misunderstood your point, I apologize.

I would like CVE-2007-0493 fixed in RELENG_5 and RELENG_5_5, specifically, yes 
please.

More generally, I would like BIND to deal with hundreds (or-- preferably but 
not required-- thousands) of outstanding recursive queries without dumping 
core or becoming non-responsive.  Have you attempted to reproduce the issue 
via the adns port or anything else which generates lots of queries?

>> When the number of machines one deals with in a given environment 
>> changes from single-digit, to dozens, to hundreds, to tens of 
>> thousands, keeping machines updated to a bug-free, stable environment 
>> is more important than chasing features off the latest branch.
> 
> Yes, I understand those issues quite well. I used to manage hundreds of 
> name servers for a company that had many 10s of thousands of machines. 
> And I think that you are basically making my point, which is that users 
> in a serious production environment are probably not using the BIND that 
> comes with FreeBSD in an off the shelf configuration.

It would be safe to say that almost all people using BIND are not using a 
completely off-the-shelf configuration, unless you count the few only running 
as "caching-only".

-- 
-Chuck
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"