Yes, I suppose not every machine running BIND is connected to the Internet. But how many are network inaccessible to every machine that *is* connected to the Internet and might be compromised?
We run a local BIND for our LAN to avoid HOSTS files, but that same machine is connected to the Internet -- and runs a different instance of BIND to be authoritative for our domain. (No, not a separate machine, it's a very small installation.) So, how many BINDs are completely isolated from the Internet, even under transitive closure of the internal network? It's surely a proper subset of all instances of BIND, but I doubt if it's other than a quite small subset. On Tue, 18 Apr 2017 17:22:24 +0000 "Darcy Kevin (FCA)" <kevin.da...@fcagroup.com> wrote: > Unspoken and false assumption: that every machine running BIND is > connected to the Internet. > > I'm no fan of old, broken Microsoft OSes (or even the newer ones, for > that matter), but let's be clear here: BIND is for anyone who doesn't > want to maintain a "hosts" file. "Connected to the Internet" is a > much smaller subset of *that* set. > > - Kevin > > -----Original Message----- > From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf > Of Paul Kosinski Sent: Monday, April 17, 2017 9:08 PM > To: bind-users@lists.isc.org > Subject: Re: BIND 9 windows XP builds > > I can see somebody running XP for some "legacy" software that doesn't > run nicely on newer versions of Windows, but I would think it > extremely risky to have such a machine connected to the Internet. > > Maybe whoever runs BIND on XP should consider converting that machine > to Linux, and running BIND on Linux? > > > On Mon, 17 Apr 2017 20:30:43 +0000 > Evan Hunt <e...@isc.org> wrote: > > > Greetings, > > > > For some time ISC has been providing three Windows builds for each > > release of BIND 9: x64, win32, and windows XP. > > > > Windows XP is well past its end of life and is no longer receiving > > security updates. I'd like to stop supporting it after the > > upcoming maintenance release, but it's been pointed out to me that > > a significant number of people -- many thousands -- are downloading > > the XP version every time we put out a new release. > > > > This information surprised me. If you're one of those people, would > > you mind responding, either on or off the list, to discuss it? Why > > are you using XP to run a name server? Is it possible you're still > > using the XP build out of inertia, but your OS would work equally > > well with the win32 build? If you're really still running XP, do > > you have a plan for transitioning to something newer? > > > > We want to support the needs of our users, but to do that we have > > to understand those needs, so please let us know what yours are. > > Thanks, > > > > -- > > Evan Hunt -- e...@isc.org > > Internet Systems Consortium, Inc. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
