[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

http://www.cert.org/advisories/CA-2002-19.html and Bind 9 replacement


I was wondering if I could get some ideas/opinions/assistance on this. This CERT advisory addresses a couple of security vulnerabilities in the resolver (domain name lookup) libraries. I thought the response from OpenBSD (If you are not familiar with the advisories, Cert gives each OS in kind, a chance to post a response to the problem) was confusing at best and failed to address the issue. After a bit of rambling on code sharing, it sounded as if it indicated that users may want to convert to Bind 9. Since the advisory indicates that Bind 9 was not affected by this advisory, that is fine with me.

What I would like to know, is how do I successfully remove Bind 4.x out of the system. I have installed 9 on one of the systems and removed the actual /usr/bin/named. but on my other servers I am not running DNS, and It seems to me that I really should go through and remove the old files and libs to ensure that they are not being used. I am pretty sure that this problem is a resolver problem that would be a risk whether you are running a DNS server or not

Maybe I missed the instructions in the package, but I dont think so. I actually installed both the 3.0 pakage and the 3.1 package and noted the both versions had a migrate document and that the 3.1 version had something like a Migrate_4to9 document. Both of these documents focused on config file formats and didn't address how to "Clean" an OS installed version out of the system



Vidae Credendes!
Senior Network Engineer
Bruzenak inc.