HPE Community
Operating System - HP-UX
1825552 Members
2530 Online
109681 Solutions
New Discussion юеВ

Deciding on a version of BIND

 
SOLVED
Go to solution
Leon A. Howorth
Advisor

тАО11-06-2001 02:16 PM

тАО11-06-2001 02:16 PM

Deciding on a version of BIND

My existing DNS configuration consists of BIND 4.8.3 on HP-UX 10.20. It has been stable and somewhat easy to administer; however, I have an opportunity to set up a whole new nameserver configuration on one or more new HP-UX machines, and am trying to decide what version of HP-UX and BIND I want to use. I am considering the following choices:
1. HP-UX 11.0 and the bundled BIND 4.9.7
2. HP-UX 11.0 and BIND 8.2.4 available from sources other than HP
3. HP-UX 11.11 and the available BIND 9.1.3 from HP

I'm leaning more towards #1 or #3. I would appreciate opinions from those more experienced with these versions of BIND. Thanks

0 Kudos
Reply
5 REPLIES 5
Scott Van Kalken
Esteemed Contributor

тАО11-06-2001 02:20 PM

тАО11-06-2001 02:20 PM

Re: Deciding on a version of BIND

My opinion is to go for an HP version of BIND because then you're not running an unsupported product.

I would never have said this a few years ago when I was a namespace admin, I was always "run the official distribution". I'm a bit more laid back about it now.

BIND is BIND is BIND. However, just be aware that the new format of the files may cause a bit of head scratching for an hour or two if you're not familiar with them.

Scott.
Reply
Craig Rants
Honored Contributor

тАО11-06-2001 02:40 PM

тАО11-06-2001 02:40 PM

Re: Deciding on a version of BIND

My recommendation would be to get the most stable, secure version. What I means is...

1) Check on the CERT page for BIND vulnerabilites for each version. An see what patches/fixes have been put out for them.
2) Make sure that if you upgrade any legacy systems would be supported. Older versions of BIND supported stuff like fake iquery where new ones may not support it by default.

Most importantly thought, if you feel comfortable with your version, and you believe it is secure, then keep using it.

Just my thoughts.
C

"In theory, there is no difference between theory and practice. But, in practice, there is. " Jan L.A. van de Snepscheut
0 Kudos
Reply
ramesh_6
Frequent Advisor

тАО11-06-2001 07:20 PM

тАО11-06-2001 07:20 PM

Re: Deciding on a version of BIND

Hi

I will first try and check which version of BIND to use in the BIND web site www.isc.org
You should remember that version 4.x you are using is having a lot of bugs and security loopholes. There is a stable version of BIND8.X available in www.isc.org and you can go for that. The creators of BIND also recommend to upgrade all the versions of BIND to the stable 8.x

Initially you will find the configuration file name changed from named.boot to named.conf. In the configuration file also format has entirely changed from 4.x to 8.x. In 8.x you can have the most wanted zone delegation and forwarders easily defined.

There is one comfortables in going for BIND 8.x becos you can use you old database files with 8.x

www.isc.org also contains a Bind Operations Guide (BOG) which will be helpful in implementing BIND8.x. If you understand the named.conf file then there wont be nothing simpler than BIND8.

Hope this helps

Ramesh
0 Kudos
Reply
harry d brown jr
Honored Contributor

тАО11-06-2001 07:32 PM

тАО11-06-2001 07:32 PM

Solution

Re: Deciding on a version of BIND

There has to be at least a hundred security issues with any version of bind less that 8. Option three is the only way to go. Plus you get 64bit, real threads, a product supported by HP (who knows their own os better?) and an OS that won't be obsolete in a year.

live free or die
harry
Live Free or Die
Reply
Sachin Patel
Honored Contributor

тАО11-07-2001 06:05 AM

тАО11-07-2001 06:05 AM

Re: Deciding on a version of BIND

Hi Leon,
No to 1 (security problem).
yes to 2 or 3. We are using 8.2.3 from many months. I have just finished upgrading from 4.x to 8.2.3

Sachin
Is photography a hobby or another way to spend $
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.