Poštni seznam arhiviranih sporočil

Od: "Paul Smedley" <ecs-isp@2rosenthals.com> Glava
Izvorno E-sporočilo
Zadeva: Re: [eCS-ISP] [BULK] [eCS-ISP] Bind 9.11.20
Datum: Tue, 14 Jul 2020 07:33:52 +0930
Za: eCS ISP Mailing List <ecs-isp@2rosenthals.com>

re: the status of 9.16:

The end of life date for BIND 9.16 has not yet been determined. At some point in the future, BIND 9.16 will be designated as an Extended Support Version (ESV). Until then, the current ESV is BIND 9.11, which will be supported until at least December 2021. See https://kb.isc.org/docs/aa-00896 for details of ISC’s software support policy.  

On Tue, 14 Jul 2020 at 07:32, Paul Smedley <paul@smedley.id.au> wrote:
Hi Dan and Lewis,

In addition to Lewis's comments - as I recall - newer bind versions don't provide the options of disabling ipv6 support - so we need to provide enough stubs of ipv6 headers to let it compile and work.

I did this for openvpn (which similarly doesn't give an option to disable ipv6) - but ironically, it was this added header support that was causing the 100% cpu usage with Bind 9.11.x.

For the above reasons, I focussed on maintaining 9.11.x as this is EOL December 2021 - which gives us plenty of time to come up with a solution for the next ESV version.

Cheers,

Paul

On Tue, 14 Jul 2020 at 02:05, Lewis G Rosenthal <ecs-isp@2rosenthals.com> wrote:
Hi, Dan...

On 07/13/20 12:01 pm, Dan Napier wrote:
> Hello Friends
>
> Did I miss something, I seem to be way ahead of the curve.  Running 9.12.4   I am not a Math Major, so I might be wrong, but isn’t 9.11.20 a lower rev?
> 9.12.4 seems to run dandy, reports ip4 and ip6 addresses, does not hog cpu.  Did I do something wrong?
>

As you will note here:

https://bind.isc.org/

9.11 is an ESV (Extended Service Release). 9.11.20 is indeed newer than 9.12.4.

BIND 9.12.4 was a maintenance release, specifically to address issues
disclosed in CVE-2018-5744, CVE-2018-5745, and CVE-2019-6465.

9.11.20, OTOH, addresses all security issues up through CVE-2020-8619:

https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_11/README.md

Not every higher version number necessarily denotes a *newer* or more secure
one. 9.12 was a development branch; 9.11 is a stable one.

9.16 is current, and will eventually become an ESV (I believe), so at some
point, that should become our target.

GL HTH

--
Lewis
-------------------------------------------------------------
Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA
Rosenthal & Rosenthal, LLC                www.2rosenthals.com
visit my IT blog                www.2rosenthals.net/wordpress
-------------------------------------------------------------


=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message is sent to you because you are subscribed to
  the mailing list <ecs-isp@2rosenthals.com>.
To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals.com>
To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2rosenthals.com>
To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosenthals.com>
Send administrative queries to  <ecs-isp-request@2rosenthals.com>
To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals.com> and reply to the confirmation email.
Web archives are publicly available at: http://lists.2rosenthals.com

This list is hosted by Rosenthal & Rosenthal, LLC
P.O. Box 281, Deer Park, NY 11729-0281. Non-
electronic communications related to content
contained in these messages should be directed
to the above address. (CAN-SPAM Act of 2003)

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=



--
Cheers,

Paul


--
Cheers,

Paul

Naročiti: Poročilo (Feed), Izvleček (Digest), Indeks.
Odjava
E-pošta za mojstra za sezname