http://www.cert.org/advisories/CA-2002-19.html and Bind 9 replacement

[Nick Gray <nagray_(_at_)_austin_(_dot_)_rr_(_dot_)_com>]

All,

	I was wondering if I could get some ideas/opinions/assistance on this. 
This CERT advisory addresses a  couple of security vulnerabilities in the 
resolver (domain name lookup) libraries. I thought the response from 
OpenBSD (If you are not familiar with the advisories, Cert gives each OS in 
kind, a chance to post a response to the problem) was confusing at best and 
failed to address the issue. After a bit of rambling on code sharing, it 
sounded as if it indicated that users may want to convert to Bind 9. Since 
the advisory indicates that Bind 9 was not affected by this advisory, that 
is fine with me.

What I would like to know, is how do I successfully remove Bind 4.x out of 
the system. I have installed 9 on one of the systems and removed the actual 
/usr/bin/named. but on my other servers I am not running DNS, and It seems 
to me that I really should go through and remove the old files and libs to 
ensure that they are not being used. I am pretty sure that this problem is 
a resolver problem that would be a risk whether you are running a DNS 
server or not

Maybe I missed the instructions in the package, but I dont think so. I 
actually installed both the 3.0 pakage and the 3.1 package and noted the 
both versions had a migrate document and that the 3.1 version had something 
like a Migrate_4to9 document. Both of these documents focused on config 
file formats and didn't address how to "Clean" an OS installed version out 
of the system

 :-)

Nick
--
Nix

Vidae Credendes!
Senior Network Engineer
Bruzenak inc.
nagray_(_at_)_bruzenak_(_dot_)_com