Hi there, On Fri, 18 Dec 2020, Leroy Tennison wrote:
... switching from an rpm world to a deb world ... Not an enormous change but significant.
Indeed. I'd suggest that if it's just about BIND, it's easier to grab the source and build it. That way you don't ever have to wait for the package maintainer (not that you'll usually have to wait long), you do get to make your own decisions, and there'll be fewer nasty surprises. This has been my routine for more than a decade - I just did it this evening on our primary. The secondaries are somebody else's problem. $ wget https://downloads.isc.org/isc/bind9/9.11.26/bind-9.11.26.tar.gz $ tar xzvf bind-9.11.26.tar.gz $ cd bind-9.11.26/ $ ./configure --enable-ipv6 --prefix=/usr/local --sysconfdir=/etc --with-openssl ... $ make # make install # kill $(pidof /usr/local/sbin/named) ; sleep 2 ; /usr/local/sbin/named -u named I don't think 'apt-get update/upgrade' would have been any quicker. You might want to check signatures etc., but it is an 'https' download link. If you have a lot of machines and no Puppet, you can of course make your own package in a few minutes. You'll want to subscribe to the announce@ list. If there's no CVE, I usually wait for a couple of days after the announcement... -- 73, Ged. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
