[governance] alternate distribution master (was Sense of the Senate Resolution)

Paul Vixie paul at vix.com
Thu Oct 20 13:27:54 EDT 2005


# 3. They are running older BIND version, so can't deploy latest DNSSEC spec.
# ...
# ;; ANSWER SECTION:
# VERSION.BIND.           0       CH      TXT     "8.2.4-REL"
# ...
# Should be 9.3.x

while i agree that 9.x is better software, there are some people whose
needs are met by 8.x.  it's true that to deploy dnssec they'll need 9.x,
but it's also true that until the admins of ARPA and "." deploy dnssec,
deploying it in E164.ARPA would be a meaningless waste of time and effort.

that having been said, 8.2.4 is old and vulnerable, and shouldn't be used.
if you have to run 8.2.x, use 8.2.5.  if you have to run 8.x but not nec'ily
8.2.x, run 8.4.6.  see http://www.isc.org/sw/bind/ for more information.

in any case, don't bash ITU for not running dnssec-capable nameservers.  yet.

_______________________________________________
governance mailing list
governance at lists.cpsr.org
https://ssl.cpsr.org/mailman/listinfo/governance



More information about the Governance mailing list