Monday September 10, 2007 
Recent Entries
- Cloud space
- BIND training with the ISC
- Unified Differences (udiff) with in-line line numbers.
- XP has Point to Focus
- Music Man
- ut-where update
- location, location, and size matters.
- Window raise on frame only
- test
- Solaris x86 for the beginner: Videos
Today's Page Hits: 239
Monday September 10, 2007 An upgrade to BIND 9.3.4-P1 is available for Solaris 10 Operating Environment by installing patch 119783-05 for SPARC or 119784-05 for x86 architectures.
BIND 9.3.4 provided a number of new features over BIND 8 which was supplied with the Solaris 8 and 9 Operating Environments. Additionally BIND 9.3.4 provides a number of compatibility features not available in BIND 9.2.4 (the FCS version of BIND in Solaris 10 OE). For details of all the changes refer to the migration notes.
Summary of Differences between BIND 9.3 from BIND 9.2
BIND 9.3 has a number of new features over 9.2 including:
DNSSEC is now Delegation Signer (DS) based, RFC4033, RFC4034 and RFC4035. This collection of RFCs is otherwise known as DNSSEC-bis.
DNSSEC Look-aside Validation (DLV) (experimental), RFC4431
check-names is now implemented.
rrset-order is more complete.
IPv4/IPv6 transition support, "dual-stack-servers".
IXFR deltas can now be generated when loading master files, "ixfr-from-differences".
It is now possible to specify the size of a journal, "max-journal-size".
It is now possible to define a named set of master servers to be used in masters clause, "masters".
The advertised EDNS UDP size can now be set, "edns-udp-size".
New Name Server SMF properties. With the introduction of BIND 9.3.4 new Name Server smf(1) properties have been introduced to provide an SMF compliant method for setting BIND 9.3.4 command line options. Changing the "start method" property of the BIND 9 service is no longer recommended.
Post a Comment:
Comments are closed for this entry.
While I'm familiar with product lifecycles and practices, it would interest me to know why it takes so long to upgrade from one release of BIND to another?
Meanwhile BIND 9.4.1-P1 is available. Several security fixes were introduced between 9.3.4-P1 and 9.4.1-P1.
How does SUNW, and in which time frame, plan to address this issue?
Posted by UX-admin on September 10, 2007 at 12:16 PM GMT+00:00 #
The security issues addressed in BIND 9.4.1-P1 have either been addressed in 9.3.4-P1 or did not exist in 9.3.4 in the first place (the issues were introduced in BIND 9.4.0). For details refer to http://www.isc.org/index.pl?/sw/bind/bind-security.php
I'll put some thought into your other questions and post a reply some other time. In the mean time if there are certain features that you would like to use in BIND 9.4 I'd be interested to know.
Posted by Stacey Marshall on September 10, 2007 at 12:57 PM GMT+00:00 #
Oh wow, now there's a *pile* of security vulnerabilities for 9.4.x.
Lovely!
Fix? ISC: "upgrade to 9.5.a6".
To answer your question, I'm not really interested in any superfly TNT features; the practice in the industry is to always run the latest BIND because the recommendation is always to upgrade to the latest revision, as per above.
I myself am actually flying on a lower revision than 9.4.x, which I won't disclose for security reasons. However, that revision which I run has been patched.
As a security engineer and a paranoid git, it's a professional deformation...
Posted by UX-admin on September 11, 2007 at 05:48 PM GMT+00:00 #
For the benefit of the wider audience security issues found in 9.4.1 have been addressed in 9.4.1-P1. There is no need to upgrade to the next minor (9.x) version.
For further information on ISC releases refer to http://www.isc.org/index.pl?/sw/bind/versions_and_support.php
Posted by Stacey Marshall on September 12, 2007 at 01:06 PM GMT+00:00 #