Hi Bob On Tue, Oct 18, 2016 at 03:26:00PM -0400, Bob Harold wrote: > On Tue, Oct 18, 2016 at 3:26 AM, Mukund Sivaraman <m...@isc.org> wrote: > > > > > Firstly, RPZ in BIND 9.9 (vanilla) is broken, unmaintained and should > > not be used by anyone. If you know people using BIND 9.9 (vanilla) for > > RPZ, please ask them to upgrade to 9.10 at least. RPZ in 9.9 > > subscription branch is OK. > > > > > Is RPZ in BIND 9.8 ok to use? (Using RedHat 9.8.2 plus they backport > security patches.)
BIND 9.8 is not OK to use according to us for any purpose. It has
reached end-of-life.
Some distros insist on continuing to ship obsolete versions of BIND with
maintenance patches that include mainly publicly known security
bugfixes, but still containing security and other bugs that have long
been fixed in current BIND versions. These distributions have their
reasons to do so, but the point remains that such obsolete versions of
BIND are buggy and unsupported by us.
(What's worse is that such bug reports are sent to us and waste our
developer time which is quite limited as-is, because we have to look at
crash reports and such to ensure that current versions of BIND don't
suffer from it.)
If you are using a non-current version of BIND (currently maintained
public versions are the latest versions in the 9.9, 9.10 and 9.11
series), then:
(a) contact whoever's providing/supporting that package for support.
(b) switch to a current version of BIND (preferred).
Mukund
signature.asc
Description: PGP signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
