[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

http://www.cert.org/advisories/CA-2002-19.html and Bind 9 replacement



All,

I was wondering if I could get some ideas/opinions/assistance on this. This CERT advisory addresses a couple of security vulnerabilities in the resolver (domain name lookup) libraries. I thought the response from OpenBSD (If you are not familiar with the advisories, Cert gives each OS in kind, a chance to post a response to the problem) was confusing at best and failed to address the issue. After a bit of rambling on code sharing, it sounded as if it indicated that users may want to convert to Bind 9. Since the advisory indicates that Bind 9 was not affected by this advisory, that is fine with me.

What I would like to know, is how do I successfully remove Bind 4.x out of the system. I have installed 9 on one of the systems and removed the actual /usr/bin/named. but on my other servers I am not running DNS, and It seems to me that I really should go through and remove the old files and libs to ensure that they are not being used. I am pretty sure that this problem is a resolver problem that would be a risk whether you are running a DNS server or not

Maybe I missed the instructions in the package, but I dont think so. I actually installed both the 3.0 pakage and the 3.1 package and noted the both versions had a migrate document and that the 3.1 version had something like a Migrate_4to9 document. Both of these documents focused on config file formats and didn't address how to "Clean" an OS installed version out of the system

 :-)

Nick
--
Nix

Vidae Credendes!
Senior Network Engineer
Bruzenak inc.
nagray_(_at_)_bruzenak_(_dot_)_com