From: "Dan Napier" Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTPS id 891092 for ecs-isp@2rosenthals.com; Tue, 14 Jul 2020 19:49:30 -0400 Received: from secmgr-va.2rosenthals.com ([50.73.8.217]:37457 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.82_1-5b7a7c0-XX) (envelope-from ) id 1jvUfp-0001fl-0j for ecs-isp@2rosenthals.com; Tue, 14 Jul 2020 19:49:21 -0400 Received: from kaliss.dnacih.com ([173.60.91.115]:51600) by mail2.2rosenthals.com with esmtp (Exim 4.82_1-5b7a7c0-XX) (envelope-from ) id 1jvUfe-0007io-27 for ecs-isp@2rosenthals.com; Tue, 14 Jul 2020 19:49:11 -0400 X-CTCH-RefID: str=0001.0A02020C.5F0E4481.0027,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0 X-CTCH-RefID: str=0001.0A02020C.5F0E4477.0002,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0 X-ASG-Debug-ID: 1594770536-10137641384dd150001-4YkuuC Received: from mailadmin.dnacih.com (mailadmin.dnacih.com [64.60.60.115]) by kaliss.dnacih.com with ESMTP id nAhntf8rhwSahNx8 for ; Tue, 14 Jul 2020 16:48:56 -0700 (PDT) X-Barracuda-Envelope-From: dan@cihcsp.com X-Barracuda-Effective-Source-IP: mailadmin.dnacih.com[64.60.60.115] X-Barracuda-Apparent-Source-IP: 64.60.60.115 Received: from [64.60.60.114] (account dan@cihcsp.com) by cihcsp.com (CommuniGate Pro IMAP 6.2.12) with XMIT id 6922771 for ecs-isp@2rosenthals.com; Tue, 14 Jul 2020 16:48:49 -0700 Subject: RE: [eCS-ISP] [BULK] [eCS-ISP] Bind 9.11.20 Date: Tue, 14 Jul 2020 16:48:49 -0700 X-ASG-Orig-Subj: RE: [eCS-ISP] [BULK] [eCS-ISP] Bind 9.11.20 Message-Id: In-Reply-To: MIME-Version: 1.0 Thread-Topic: [eCS-ISP] [BULK] [eCS-ISP] Bind 9.11.20 Priority: Normal Importance: normal X-MSMail-Priority: normal X-Priority: 3 Sensitivity: Normal Thread-Index: AdZaOVIBYkV+EGhyQRW3R1Gz8vIzzA== To: "eCS ISP Mailing List" X-Mailer: CommuniGate Pro MAPI Connector 1.52.54.18/1.54.12.28 Content-Type: multipart/alternative; boundary="----_=_NextPart_26962_00029358.00011478" X-Barracuda-Connect: mailadmin.dnacih.com[64.60.60.115] X-Barracuda-Start-Time: 1594770536 X-Barracuda-URL: https://173.60.91.115:443/cgi-mod/mark.cgi X-Barracuda-BRTS-Status: 1 X-Virus-Scanned: by bsmtpd at dnacih.com X-Barracuda-Scan-Msg-Size: 11986 X-Barracuda-Spam-Score: 0.00 X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=7.0 tests=HTML_MESSAGE, MISSING_MIMEOLE X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.83203 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 HTML_MESSAGE BODY: HTML included in message 0.00 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE ------_=_NextPart_26962_00029358.00011478 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Paul I just installed the 9.11 Porsche it does report ipv6 even in the OS2 com= mand line The server is reporting ipv6 addresses, so I guess if the system = is able to do with it it runs. So far I have not seen any 100 CPU usage. = I will keep a close watch. Thanks for all your effort. Dan From: eCS ISP Mailing List [mailto:ecs-isp@2rosenthals.com] Sent: Monday, July 13, 2020 3:02 PM To: eCS ISP Mailing List Subject: Re: [eCS-ISP] [BULK] [eCS-ISP] Bind 9.11.20 Hi Dan and Lewis, In addition to Lewis's comments - as I recall - newer bind versions don't p= rovide the options of disabling ipv6 support - so we need to provide enough= stubs of ipv6 headers to let it compile and work. I did this for openvpn (which similarly doesn't give an option to disable i= pv6) - but ironically, it was this added header support that was causing th= e 100% cpu usage with Bind 9.11.x. For the above reasons, I focussed on maintaining 9.11.x as this is EOL Dece= mber 2021 - which gives us plenty of time to come up with a solution for th= e next ESV version. Cheers, Paul On Tue, 14 Jul 2020 at 02:05, Lewis G Rosenthal > wrote: Hi, Dan... On 07/13/20 12:01 pm, Dan Napier wrote: > Hello Friends > > Did I miss something, I seem to be way ahead of the curve. Running 9.12.= 4 I am not a Math Major, so I might be wrong, but isn=E2=80=99t 9.11.20 a= lower rev? > 9.12.4 seems to run dandy, reports ip4 and ip6 addresses, does not hog cp= u. Did I do something wrong? > As you will note here: https://bind.isc.org/ 9.11 is an ESV (Extended Service Release). 9.11.20 is indeed newer than 9.1= 2.4. BIND 9.12.4 was a maintenance release, specifically to address issues disclosed in CVE-2018-5744, CVE-2018-5745, and CVE-2019-6465. 9.11.20, OTOH, addresses all security issues up through CVE-2020-8619: https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_11/README.md Not every higher version number necessarily denotes a *newer* or more secure one. 9.12 was a development branch; 9.11 is a stable one. 9.16 is current, and will eventually become an ESV (I believe), so at some point, that should become our target. GL HTH -- Lewis ------------------------------------------------------------- Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA Rosenthal & Rosenthal, LLC www.2rosenthals.com visit my IT blog www.2rosenthals.net/wordpress ------------------------------------------------------------- =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D= -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D This message is sent to you because you are subscribed to the mailing list >. To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > To switch to the INDEX mode, E-mail to > Send administrative queries to > To subscribe (new addresses), E-mail to: > and reply to the confirmation email. Web archives are publicly available at: http://lists.2rosenthals.com This list is hosted by Rosenthal & Rosenthal, LLC P.O. Box 281, Deer Park, NY 11729-0281. Non- electronic communications related to content contained in these messages should be directed to the above address. (CAN-SPAM Act of 2003) =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D= -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D -- Cheers, Paul --=20 This email was Anti Virus checked by Astaro Security Gateway. http://www.so= phos.com ------_=_NextPart_26962_00029358.00011478 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

Paul

 

I just installed the 9.11=C2=A0 Porsche=C2=A0 it does r= eport ipv6 even in the OS2 command line The server is reporting ipv6 addres= ses, so I guess if the system is able to do with it it runs.=C2=A0 So far I= have not seen any 100 CPU usage.=C2=A0 I will keep a close watch.=C2=A0 Th= anks for all your effort.

Da= n

 

From: eCS ISP Mailing List [mailto:ecs-isp@2rosenthals.c= om]
Sent: Monday, July 13, 2020 3:02 PM
To: eCS ISP Ma= iling List <ecs-isp@2rosenthals.com>
Subject: Re: [eCS-ISP]= [BULK] [eCS-ISP] Bind 9.11.20

 

Hi Dan and Lewis,

 

In addition to Lewis's comments - as I recall - newer bind versions d= on't provide the options of disabling ipv6 support - so we need to provide = enough stubs of ipv6 headers to let it compile and work.

 

I did this for openvpn (which similarly doesn't give an option to dis= able ipv6) - but ironically, it was this added header support that was caus= ing the 100% cpu usage with Bind 9.11.x.

 

For the a= bove reasons, I focussed on maintaining 9.11.x as this is EOL December 2021= - which gives us plenty of time to come up with a solution for the next ES= V version.

 <= /p>

Cheers,

 

Paul

 

=

On Tue, 14 Jul 2020 at 02:05, Lewis G Rosenthal <ecs-isp@2rosenthals.com> wr= ote:

Hi, Dan...

On 07/13/20 12:01 pm, Dan Napier wrote:> Hello Friends
>
> Did I miss something, I seem to be way= ahead of the curve.  Running 9.12.4   I am not a Math Major= , so I might be wrong, but isn=E2=80=99t 9.11.20 a lower rev?
> 9.12.= 4 seems to run dandy, reports ip4 and ip6 addresses, does not hog cpu. = ; Did I do something wrong?
>

As you will note here:

https://bind.isc.org/=

9.11 is an ESV (Extended Service Release). 9.11.20 is indeed newer = than 9.12.4.

BIND 9.12.4 was a maintenance release, specifically to = address issues
disclosed in CVE-2018-5744, CVE-2018-5745, and CVE-2019-= 6465.

9.11.20, OTOH, addresses all security issues up through CVE-20= 20-8619:

https://gitlab.isc.org/isc-projects/bin= d9/-/blob/v9_11/README.md

Not every higher version number necess= arily denotes a *newer* or more secure
one. 9.12 was a development bran= ch; 9.11 is a stable one.

9.16 is current, and will eventually becom= e an ESV (I believe), so at some
point, that should become our target.<= br>
GL HTH

--
Lewis
--------------------------------------= -----------------------
Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA
Ro= senthal & Rosenthal, LLC             = ;   www.2rose= nthals.com
visit my IT blog           =     www.2rosenthals.net/wordpress
-------------------------------= ------------------------------


=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-= =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D= -=3D-=3D-=3D-=3D-=3D-=3D
This message is sent to you because you are sub= scribed to
  the mailing list <ecs-isp@2rosenthals.com>.
To unsubscr= ibe, E-mail to: <ecs-isp-off@2rosenthals.com>
To switch to the DIGEST = mode, E-mail to <ecs-isp-digest@2rosenthals.com>
To switch to the IND= EX mode, E-mail to <ecs-isp-index@2rosenthals.com>
Send administrative= queries to  <ecs-isp-request@2rosenthals.com>
To subscribe (ne= w addresses), E-mail to: <ecs-isp-on@2rosenthals.com> and reply to the confi= rmation email.
Web archives are publicly available at: http://lists.2rosenthals.com<= br>
This list is hosted by Rosenthal & Rosenthal, LLC
P.O. Box 28= 1, Deer Park, NY 11729-0281. Non-
electronic communications related to c= ontent
contained in these messages should be directed
to the above ad= dress. (CAN-SPAM Act of 2003)

=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-= =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D= -=3D-=3D-=3D-=3D-=3D

=

 <= /p>

--

Cheers,

 

Paul

--=20
This email was Anti Virus checked by Astaro Security Gateway. http://www.so=
phos.com
------_=_NextPart_26962_00029358.00011478--