Re: [cobalt-users] Is BIND Secure?

[Goetz Lohmann <goetz.lohmann@xxxxxx>]

aljuhani schrieb:

>I just found that article on the linuxsecurity.com and thought to have some other opinions about it.
>
>http://www.linuxsecurity.com/articles/server_security_article-6680.html
>
>Regards,
>
>  
>
your choice ;-)
but note <cite>"... the djbdns package *may* be the answer."</cite>
means not
"... the djbdns package *IS* be the answer." ... good luck with djbdns
on RaQ ...

as Ian mentioned ... <cite from www.securityfocus.com>
"... You can upgrade BIND to the latest version in the 9.x series, which
is not vulnerable to this attack.
Alternatively you may try using djbdns <http://cr.yp.to/djbdns.html>,
... The djbdns software comes with a security guarantee,
basically offering a monetary reward to anyone who publicly discloses
legitimate *buffer-overflow*
vulnerabilities in djbdns. Although the guarantee doesn't cover
cache-poisoning attacks,..."
</cite>

By th way, the StackGuard compiled version of Bind 8 should be relativ
safe against buffer-overflows

It's not that I dislike djbdns ... it might be a great product ... but
depending on your question if Bind
has a security hole and should replaced by something else ... then the
answer is ... Bind 9 is as
far as we today know relativly safe ... you MUST not change ... but you
can if you dislike Bind ;-)

regards

-- 

¸,ø¤°`°¤ø,¸_¸,ø¤°`°¤ø,¸_¸,ø¤°°¤ø,¸_¸,ø¤°`°¤ø,¸_¸,ø¤°°¤ø,¸

Götz Lohmann  |  D-Mannheim  |  Web-Developer & Sys-Admin
---------------------------------------------------------
He's the fellow that people wonder what he does and why
the company needs him, until he goes on vacation.
¸,ø¤°`°¤ø,¸_¸,ø¤°`°¤ø,¸_¸,ø¤°°¤ø,¸_¸,ø¤°`°¤ø,¸_¸,ø¤°°¤ø,¸