ecs-isp@2rosenthals.com Messaggio archiviato #102

Da: "Paul Smedley" <ecs-isp@2rosenthals.com> Intestazioni complete
Messaggio non codificato
Oggetto: Re: [eCS-ISP] [BULK] [eCS-ISP] Bind 9.11.20
Data: Tue, 14 Jul 2020 07:32:23 +0930
A: eCS ISP Mailing List <ecs-isp@2rosenthals.com>

Hi Dan and Lewis,

In addition to Lewis's comments - as I recall - newer bind versions don't provide the options of disabling ipv6 support - so we need to provide enough stubs of ipv6 headers to let it compile and work.

I did this for openvpn (which similarly doesn't give an option to disable ipv6) - but ironically, it was this added header support that was causing the 100% cpu usage with Bind 9.11.x.

For the above reasons, I focussed on maintaining 9.11.x as this is EOL December 2021 - which gives us plenty of time to come up with a solution for the next ESV version.

Cheers,

Paul

On Tue, 14 Jul 2020 at 02:05, Lewis G Rosenthal <ecs-isp@2rosenthals.com> wrote:
Hi, Dan...

On 07/13/20 12:01 pm, Dan Napier wrote:
> Hello Friends
>
> Did I miss something, I seem to be way ahead of the curve.  Running 9.12.4   I am not a Math Major, so I might be wrong, but isn’t 9.11.20 a lower rev?
> 9.12.4 seems to run dandy, reports ip4 and ip6 addresses, does not hog cpu.  Did I do something wrong?
>

As you will note here:

https://bind.isc.org/

9.11 is an ESV (Extended Service Release). 9.11.20 is indeed newer than 9.12.4.

BIND 9.12.4 was a maintenance release, specifically to address issues
disclosed in CVE-2018-5744, CVE-2018-5745, and CVE-2019-6465.

9.11.20, OTOH, addresses all security issues up through CVE-2020-8619:

https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_11/README.md

Not every higher version number necessarily denotes a *newer* or more secure
one. 9.12 was a development branch; 9.11 is a stable one.

9.16 is current, and will eventually become an ESV (I believe), so at some
point, that should become our target.

GL HTH

--
Lewis
-------------------------------------------------------------
Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA
Rosenthal & Rosenthal, LLC                www.2rosenthals.com
visit my IT blog                www.2rosenthals.net/wordpress
-------------------------------------------------------------


=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message is sent to you because you are subscribed to
  the mailing list <ecs-isp@2rosenthals.com>.
To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals.com>
To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2rosenthals.com>
To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosenthals.com>
Send administrative queries to  <ecs-isp-request@2rosenthals.com>
To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals.com> and reply to the confirmation email.
Web archives are publicly available at: http://lists.2rosenthals.com

This list is hosted by Rosenthal & Rosenthal, LLC
P.O. Box 281, Deer Park, NY 11729-0281. Non-
electronic communications related to content
contained in these messages should be directed
to the above address. (CAN-SPAM Act of 2003)

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=



--
Cheers,

Paul

Isriviti: Feed, Riassunto, Indice.
Disiscriviti
Scrivi a ListMaster