From: "Paul Smedley" Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTPS id 880919 for ecs-isp@2rosenthals.com; Mon, 13 Jul 2020 18:04:12 -0400 Received: from secmgr-va.2rosenthals.com ([50.73.8.217]:51705 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.82_1-5b7a7c0-XX) (envelope-from ) id 1jv6YT-0002eQ-1a for ecs-isp@2rosenthals.com; Mon, 13 Jul 2020 18:04:09 -0400 Received: from mail-ed1-f47.google.com ([209.85.208.47]:37597) by mail2.2rosenthals.com with esmtps (TLSv1.2:AES128-GCM-SHA256:128) (Exim 4.82_1-5b7a7c0-XX) (envelope-from ) id 1jv6YP-00078L-2m for ecs-isp@2rosenthals.com; Mon, 13 Jul 2020 18:04:06 -0400 Received: by mail-ed1-f47.google.com with SMTP id g20so15156323edm.4 for ; Mon, 13 Jul 2020 15:04:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smedley-id-au.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=a1eEu+HGaZ5KjI8+xZnERhNAk0wrNw9s0HQKbp1ZF/A=; b=ogZUODROEcsTVw8HmgevvlBr4+/qsVdUiqm9Bg4FHZIy8+av8c3SAtocEnguyJtNr9 TKh5HA17p8mv+xjR3QBqHtxkTKXCRSxsAjH9fK9OZlmy1fINNoCpKI+JblFmSFGewR0s lBvl0CAb+2l/gTKOdUPi2iq50qjVg8cds+TNJEoNgd2Z2KKuNRHVs9nfIOB+ywqKuNbK 0CNFxsRUGTBtWTUmeaL44XQJYb55/AO/69nFWfFz9zQOgV0A5KvPDwZYsmf4KaUy9PwF eJnZJjai5hPEqmuJ3h+Gv5pxN3gk/duoqN6Raxgd+/crzu4mun3fobQ7SW1O6vFO4b1L necQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=a1eEu+HGaZ5KjI8+xZnERhNAk0wrNw9s0HQKbp1ZF/A=; b=FW5+xsFivIekXIsimef+gcWfn6/UHx8LbWm7HhV8Zy+jvgbPGaTi7UMGY9dB7sqQaz J2nrrwGhdIzs18Nk/vEpO0QRV1X8JGZJsKcA34IqG0tF4aTXYDFXGExBsJwvOighiLyY /exyTl14z6xz7I7akbrqn27V768NoNNZvUKXkdBWoUuqUBBsiGPAV2VSzhPorZUTmpPY 7WZOmTkRe5D8uNyjEvbsQQqQpOAHpyPpTmZj5tMSfx7p0AWhsVwBj+x2ms4cLl6bEq3q GgikCbs49TXbYLGLE98+2jVf09ScRDpt7d1lhVIyJW/8vIyWe4hKE63mJIjR30Dtkmn1 APFw== X-Gm-Message-State: AOAM530ybb5HrVudZhjVdMHmzy6tDdmVld30jFJvL+bTb67Hf/LtDgMt LTCQ1LHr8ilVtD5QbEZVP+7zAgRHuSI+ANjA7aTELBUVsO0= X-Google-Smtp-Source: ABdhPJwj22J2mXF6AFTxuPniyeUBOdYMRmfo6gqwD+BcFIz1VxDdhCnUiSAEHZDwKmK7QYEBp7GFCyvK1WomBZSa1Lc= X-Received: by 2002:a05:6402:b23:: with SMTP id bo3mr1436996edb.331.1594677843713; Mon, 13 Jul 2020 15:04:03 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: Date: Tue, 14 Jul 2020 07:33:52 +0930 Message-ID: Subject: Re: [eCS-ISP] [BULK] [eCS-ISP] Bind 9.11.20 To: eCS ISP Mailing List Content-Type: multipart/alternative; boundary="00000000000068001405aa59def2" --00000000000068001405aa59def2 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable re: the status of 9.16: The end of life date for BIND 9.16 has not yet been determined. At some point in the future, BIND 9.16 will be designated as an Extended Support Version (ESV). Until then, the current ESV is BIND 9.11, which will be supported until at least December 2021. See https://kb.isc.org/docs/aa-00896 for details of ISC=E2=80=99s software support policy. On Tue, 14 Jul 2020 at 07:32, Paul Smedley wrote: > Hi Dan and Lewis, > > In addition to Lewis's comments - as I recall - newer bind versions don't > provide the options of disabling ipv6 support - so we need to provide > enough stubs of ipv6 headers to let it compile and work. > > I did this for openvpn (which similarly doesn't give an option to disable > ipv6) - but ironically, it was this added header support that was causing > the 100% cpu usage with Bind 9.11.x. > > For the above reasons, I focussed on maintaining 9.11.x as this is EOL > December 2021 - which gives us plenty of time to come up with a solution > for the next ESV version. > > Cheers, > > Paul > > On Tue, 14 Jul 2020 at 02:05, Lewis G Rosenthal > wrote: > >> Hi, Dan... >> >> On 07/13/20 12:01 pm, Dan Napier wrote: >> > Hello Friends >> > >> > Did I miss something, I seem to be way ahead of the curve. Running >> 9.12.4 I am not a Math Major, so I might be wrong, but isn=E2=80=99t 9= .11.20 a >> lower rev? >> > 9.12.4 seems to run dandy, reports ip4 and ip6 addresses, does not hog >> cpu. Did I do something wrong? >> > >> >> As you will note here: >> >> https://bind.isc.org/ >> >> 9.11 is an ESV (Extended Service Release). 9.11.20 is indeed newer than >> 9.12.4. >> >> BIND 9.12.4 was a maintenance release, specifically to address issues >> disclosed in CVE-2018-5744, CVE-2018-5745, and CVE-2019-6465. >> >> 9.11.20, OTOH, addresses all security issues up through CVE-2020-8619: >> >> https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_11/README.md >> >> Not every higher version number necessarily denotes a *newer* or more >> secure >> one. 9.12 was a development branch; 9.11 is a stable one. >> >> 9.16 is current, and will eventually become an ESV (I believe), so at >> some >> point, that should become our target. >> >> GL HTH >> >> -- >> Lewis >> ------------------------------------------------------------- >> Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA >> Rosenthal & Rosenthal, LLC www.2rosenthals.com >> visit my IT blog www.2rosenthals.net/wordpress >> ------------------------------------------------------------- >> >> >> =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-= =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> To switch to the INDEX mode, E-mail to >> Send administrative queries to >> To subscribe (new addresses), E-mail to: >> and reply to the confirmation email. >> Web archives are publicly available at: http://lists.2rosenthals.com >> >> This list is hosted by Rosenthal & Rosenthal, LLC >> P.O. Box 281, Deer Park, NY 11729-0281. Non- >> electronic communications related to content >> contained in these messages should be directed >> to the above address. (CAN-SPAM Act of 2003) >> >> =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-= =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D >> >> > > -- > Cheers, > > Paul > --=20 Cheers, Paul --00000000000068001405aa59def2 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
re: the status of 9.16:

The en= d of life date for BIND 9.16 has not yet been determined. At some point in = the future, BIND 9.16 will be designated as an Extended Support Version (ES= V). Until then, the current ESV is BIND 9.11, which will be supported until= at least December 2021. See=C2=A0https://kb.isc.org/docs/aa-00896=C2=A0= for details of ISC=E2=80=99s software support policy.=C2=A0=C2=A0

On Tue, 14 Jul 2020 at 07:32, Paul Smedley <paul@smedley.id.au> wrote:
Hi Dan and Lewis,
<= br>
In addition to Lewis's comments - as I recall - newer bin= d versions don't provide the options of disabling ipv6 support - so we = need to provide enough stubs of ipv6 headers to let it compile and work.

I did this for openvpn (which similarly doesn't = give an option to disable ipv6) - but ironically, it was this added header = support that was causing the 100% cpu usage with Bind 9.11.x.
For the above reasons, I focussed on maintaining 9.11.x as this= is EOL December 2021 - which gives us plenty of time to come up with a sol= ution for the next ESV version.

Cheers,
=
Paul

On Tue, 14 Jul 2020 at 02:05, Lewis G Rosenthal &l= t;ecs-isp@2ros= enthals.com> wrote:
Hi, Dan...

On 07/13/20 12:01 pm, Dan Napier wrote:
> Hello Friends
>
> Did I miss something, I seem to be way ahead of the curve.=C2=A0 Runni= ng 9.12.4=C2=A0 =C2=A0I am not a Math Major, so I might be wrong, but isn= =E2=80=99t 9.11.20 a lower rev?
> 9.12.4 seems to run dandy, reports ip4 and ip6 addresses, does not hog= cpu.=C2=A0 Did I do something wrong?
>

As you will note here:

http= s://bind.isc.org/

9.11 is an ESV (Extended Service Release). 9.11.20 is indeed newer than 9.1= 2.4.

BIND 9.12.4 was a maintenance release, specifically to address issues
disclosed in CVE-2018-5744, CVE-2018-5745, and CVE-2019-6465.

9.11.20, OTOH, addresses all security issues up through CVE-2020-8619:

https://gitlab.isc.org/isc-projects/= bind9/-/blob/v9_11/README.md

Not every higher version number necessarily denotes a *newer* or more secur= e
one. 9.12 was a development branch; 9.11 is a stable one.

9.16 is current, and will eventually become an ESV (I believe), so at some =
point, that should become our target.

GL HTH

--
Lewis
-------------------------------------------------------------
Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA
Rosenthal & Rosenthal, LLC=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 www.2rosenthals.com
visit my IT blog=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 www.2rosenthals.net/wordpress
-------------------------------------------------------------


=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D= -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D
This message is sent to you because you are subscribed to
=C2=A0 the mailing list <ecs-isp@2rosenthals.com>.
To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals.com>
To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2rosenthals.com>=
To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosenthals.com> Send administrative queries to=C2=A0 <ecs-isp-request@2rosenthals.com><= br> To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals.com> and re= ply to the confirmation email.
Web archives are publicly available at: http://lists.2rosenthals.com=

This list is hosted by Rosenthal & Rosenthal, LLC
P.O. Box 281, Deer Park, NY 11729-0281. Non-
electronic communications related to content
contained in these messages should be directed
to the above address. (CAN-SPAM Act of 2003)

=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D= -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D



--
Cheers,

Paul


--
Cheers,

Paul=
--00000000000068001405aa59def2--