From: "Paul Smedley" Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTPS id 880908 for ecs-isp@2rosenthals.com; Mon, 13 Jul 2020 18:02:42 -0400 Received: from secmgr-va.2rosenthals.com ([50.73.8.217]:51586 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.82_1-5b7a7c0-XX) (envelope-from ) id 1jv6X1-0002Vx-1G for ecs-isp@2rosenthals.com; Mon, 13 Jul 2020 18:02:39 -0400 Received: from mail-ed1-f42.google.com ([209.85.208.42]:34541) by mail2.2rosenthals.com with esmtps (TLSv1.2:AES128-GCM-SHA256:128) (Exim 4.82_1-5b7a7c0-XX) (envelope-from ) id 1jv6Wy-00076S-1B for ecs-isp@2rosenthals.com; Mon, 13 Jul 2020 18:02:36 -0400 Received: by mail-ed1-f42.google.com with SMTP id a8so15145680edy.1 for ; Mon, 13 Jul 2020 15:02:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smedley-id-au.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=JbXKS4kMrERfrt/ohIkC8POyS1vKiKFKZhqgDHojltE=; b=vn1jgmA2e80JbQg3FjPpyR1q78/xvhfRD6DFyyNyZ7/gZPjQOPL39GrbxsSqPRtCYl bXrT2+6+imgtWsjPU9wPwXCT97JE7v8K6S09hYd6UfKO0kqgK24/mz3v0t426LzsYfvG bPffkQJ2/9cmyv1nomtpLE9d8neIlQRODvd8TTxZq1/+vhKun8suNn73Us5/Jq8SWPYq kDjLEdews/3j05Wsoj9oohNAzVuh8WN5afcaz79ZylMSPKNrcRuZFVhbTMcYTqo9T1Y+ GmTCTitz6OuvH8H+EX+St/lLwmQTIclcSw0Y4eD7Ild0gzXAQmLZUOCg1ZLIxUWls6iV AkSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=JbXKS4kMrERfrt/ohIkC8POyS1vKiKFKZhqgDHojltE=; b=KMMgiuysolgTO36QOekC3VNqSb/EDZUiTfQTRMNGv7jVQyFVYvJm+E1es8DFFEQ14+ kffjLgG/QtW4+QTqhnru+nPe2odOhLdPSLRzg2s3T1z1FNwaE3rw52BY54Bm5+Cn1um1 Xr0k/VV0hINl+mYXr498lhEQZkIggxTtOZHkbeO3WACWaTg1ngC5/UVBJRkdYnsdImi2 QKZVAMZ+tSNewFJaJcPusZgWpzI0fgIrEJcT8/Ktm+YDQ//vJCvNxd7iADhCsb9WqqnC RBAP9q9kJr1zPv87TQXT6F1S3wVp7nCTGBx/lZlAPcsDQ9uGY9NrtX8SP0FgZ5KHOZUg 0jCg== X-Gm-Message-State: AOAM533P9PNCU8H62Mv3L4prTgs9nLecMDBuSpavJADibnPL2FPZFpYI kw9H5hcJp1MnY/gNk1p/xGdcrQD6VCrq5qUuiJ3XpoYd X-Google-Smtp-Source: ABdhPJyISEzM+I5ROQRCetVWx5g45ZhAeriAlH06Fcuh8/Bk/d7lAi1nZYc8vHstTgvlli4skYt/fQ9VwEInf/VpEPM= X-Received: by 2002:a05:6402:947:: with SMTP id h7mr1412980edz.213.1594677754909; Mon, 13 Jul 2020 15:02:34 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: Date: Tue, 14 Jul 2020 07:32:23 +0930 Message-ID: Subject: Re: [eCS-ISP] [BULK] [eCS-ISP] Bind 9.11.20 To: eCS ISP Mailing List Content-Type: multipart/alternative; boundary="0000000000001ce92a05aa59d995" --0000000000001ce92a05aa59d995 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Dan and Lewis, In addition to Lewis's comments - as I recall - newer bind versions don't provide the options of disabling ipv6 support - so we need to provide enough stubs of ipv6 headers to let it compile and work. I did this for openvpn (which similarly doesn't give an option to disable ipv6) - but ironically, it was this added header support that was causing the 100% cpu usage with Bind 9.11.x. For the above reasons, I focussed on maintaining 9.11.x as this is EOL December 2021 - which gives us plenty of time to come up with a solution for the next ESV version. Cheers, Paul On Tue, 14 Jul 2020 at 02:05, Lewis G Rosenthal wrote: > Hi, Dan... > > On 07/13/20 12:01 pm, Dan Napier wrote: > > Hello Friends > > > > Did I miss something, I seem to be way ahead of the curve. Running > 9.12.4 I am not a Math Major, so I might be wrong, but isn=E2=80=99t 9.= 11.20 a > lower rev? > > 9.12.4 seems to run dandy, reports ip4 and ip6 addresses, does not hog > cpu. Did I do something wrong? > > > > As you will note here: > > https://bind.isc.org/ > > 9.11 is an ESV (Extended Service Release). 9.11.20 is indeed newer than > 9.12.4. > > BIND 9.12.4 was a maintenance release, specifically to address issues > disclosed in CVE-2018-5744, CVE-2018-5745, and CVE-2019-6465. > > 9.11.20, OTOH, addresses all security issues up through CVE-2020-8619: > > https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_11/README.md > > Not every higher version number necessarily denotes a *newer* or more > secure > one. 9.12 was a development branch; 9.11 is a stable one. > > 9.16 is current, and will eventually become an ESV (I believe), so at som= e > point, that should become our target. > > GL HTH > > -- > Lewis > ------------------------------------------------------------- > Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA > Rosenthal & Rosenthal, LLC www.2rosenthals.com > visit my IT blog www.2rosenthals.net/wordpress > ------------------------------------------------------------- > > > =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-= =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > To switch to the INDEX mode, E-mail to > Send administrative queries to > To subscribe (new addresses), E-mail to: and > reply to the confirmation email. > Web archives are publicly available at: http://lists.2rosenthals.com > > This list is hosted by Rosenthal & Rosenthal, LLC > P.O. Box 281, Deer Park, NY 11729-0281. Non- > electronic communications related to content > contained in these messages should be directed > to the above address. (CAN-SPAM Act of 2003) > > =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-= =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D > > --=20 Cheers, Paul --0000000000001ce92a05aa59d995 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Dan and Lewis,

In addition to Lewis&= #39;s comments - as I recall - newer bind versions don't provide the op= tions of disabling ipv6 support - so we need to provide enough stubs of ipv= 6 headers to let it compile and work.

I did this f= or openvpn (which similarly doesn't give an option to disable ipv6) - b= ut ironically, it was this added header support that was causing the 100% c= pu usage with Bind 9.11.x.

For the above reasons, = I focussed on maintaining 9.11.x as this is EOL December 2021 - which gives= us plenty of time to come up with a solution for the next ESV version.

Cheers,

Paul

=
On Tue, 14= Jul 2020 at 02:05, Lewis G Rosenthal <ecs-isp@2rosenthals.com> wrote:
Hi, Dan...

On 07/13/20 12:01 pm, Dan Napier wrote:
> Hello Friends
>
> Did I miss something, I seem to be way ahead of the curve.=C2=A0 Runni= ng 9.12.4=C2=A0 =C2=A0I am not a Math Major, so I might be wrong, but isn= =E2=80=99t 9.11.20 a lower rev?
> 9.12.4 seems to run dandy, reports ip4 and ip6 addresses, does not hog= cpu.=C2=A0 Did I do something wrong?
>

As you will note here:

http= s://bind.isc.org/

9.11 is an ESV (Extended Service Release). 9.11.20 is indeed newer than 9.1= 2.4.

BIND 9.12.4 was a maintenance release, specifically to address issues
disclosed in CVE-2018-5744, CVE-2018-5745, and CVE-2019-6465.

9.11.20, OTOH, addresses all security issues up through CVE-2020-8619:

https://gitlab.isc.org/isc-projects/= bind9/-/blob/v9_11/README.md

Not every higher version number necessarily denotes a *newer* or more secur= e
one. 9.12 was a development branch; 9.11 is a stable one.

9.16 is current, and will eventually become an ESV (I believe), so at some =
point, that should become our target.

GL HTH

--
Lewis
-------------------------------------------------------------
Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA
Rosenthal & Rosenthal, LLC=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 www.2rosenthals.com
visit my IT blog=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 www.2rosenthals.net/wordpress
-------------------------------------------------------------


=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D= -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D
This message is sent to you because you are subscribed to
=C2=A0 the mailing list <ecs-isp@2rosenthals.com>.
To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals.com>
To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2rosenthals.com>=
To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosenthals.com> Send administrative queries to=C2=A0 <ecs-isp-request@2rosenthals.com><= br> To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals.com> and re= ply to the confirmation email.
Web archives are publicly available at: http://lists.2rosenthals.com=

This list is hosted by Rosenthal & Rosenthal, LLC
P.O. Box 281, Deer Park, NY 11729-0281. Non-
electronic communications related to content
contained in these messages should be directed
to the above address. (CAN-SPAM Act of 2003)

=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D= -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D



--
Cheers,

Paul=
--0000000000001ce92a05aa59d995--