I guess I'm not so worried about a non-Internet-connected Windows XP box
forwarding to an Internet-connected box that's running a modern (preferably
non-Windows) OS. Assuming that the BIND versions are patched up to date, of
course.
To be sure, all things must come to end, and XP support for BIND is no
exception. But, the risk calculation runs something like: is there still enough
critical mass of BIND-on-XP out there that there is a *bigger* risk incurred by
no longer incorporating new security updates, or, has the population dwindled
to the point where *only* the withdrawal of support will get the remainder to
upgrade/replace/refresh their XP boxes?
- Kevin
-----Original Message-----
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Paul
Kosinski
Sent: Tuesday, April 18, 2017 5:09 PM
To: bind-users@lists.isc.org
Subject: Re: BIND 9 windows XP builds
Yes, I suppose not every machine running BIND is connected to the Internet. But
how many are network inaccessible to every machine that
*is* connected to the Internet and might be compromised?
We run a local BIND for our LAN to avoid HOSTS files, but that same machine is
connected to the Internet -- and runs a different instance of BIND to be
authoritative for our domain. (No, not a separate machine, it's a very small
installation.)
So, how many BINDs are completely isolated from the Internet, even under
transitive closure of the internal network? It's surely a proper subset of all
instances of BIND, but I doubt if it's other than a quite small subset.
On Tue, 18 Apr 2017 17:22:24 +0000
"Darcy Kevin (FCA)" <kevin.da...@fcagroup.com> wrote:
> Unspoken and false assumption: that every machine running BIND is
> connected to the Internet.
>
> I'm no fan of old, broken Microsoft OSes (or even the newer ones, for
> that matter), but let's be clear here: BIND is for anyone who doesn't
> want to maintain a "hosts" file. "Connected to the Internet" is a much
> smaller subset of *that* set.
>
> - Kevin
>
> -----Original Message-----
> From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf
> Of Paul Kosinski Sent: Monday, April 17, 2017 9:08 PM
> To: bind-users@lists.isc.org
> Subject: Re: BIND 9 windows XP builds
>
> I can see somebody running XP for some "legacy" software that doesn't
> run nicely on newer versions of Windows, but I would think it
> extremely risky to have such a machine connected to the Internet.
>
> Maybe whoever runs BIND on XP should consider converting that machine
> to Linux, and running BIND on Linux?
>
>
> On Mon, 17 Apr 2017 20:30:43 +0000
> Evan Hunt <e...@isc.org> wrote:
>
> > Greetings,
> >
> > For some time ISC has been providing three Windows builds for each
> > release of BIND 9: x64, win32, and windows XP.
> >
> > Windows XP is well past its end of life and is no longer receiving
> > security updates. I'd like to stop supporting it after the upcoming
> > maintenance release, but it's been pointed out to me that a
> > significant number of people -- many thousands -- are downloading
> > the XP version every time we put out a new release.
> >
> > This information surprised me. If you're one of those people, would
> > you mind responding, either on or off the list, to discuss it? Why
> > are you using XP to run a name server? Is it possible you're still
> > using the XP build out of inertia, but your OS would work equally
> > well with the win32 build? If you're really still running XP, do
> > you have a plan for transitioning to something newer?
> >
> > We want to support the needs of our users, but to do that we have to
> > understand those needs, so please let us know what yours are.
> > Thanks,
> >
> > --
> > Evan Hunt -- e...@isc.org
> > Internet Systems Consortium, Inc.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
