Kevin Darcy napisal(a):
> Last time I built BIND on an unfamiliar platform (AIX if you must know),
> I had some failing tests as you describe. Turns out, named was actually
> *dying* during the tests and that's why some of the tests were failing.

[...]
> So, yeah, this might be very serious. named dying in production might be
> rather inconvenient. You might want to dig deeper into why those
> particular tests are failing.


If the DNS operation would be otherwise correct, I don't see a big problem
in named dying as I can always set up a cron job to restart it when it dies.
The question it, can failure of these tests indicate that DNS operation can
be somehow incorrect?

As for "forward" and "upforwd", I'm not using any forwarders in the BIND
config, so I guess these tests aren't important for me - am I right?
As for "lwresd", is it possible to use BIND 9 with BIND 8 resolver library,
so lwresd doesn't need to be run? And if I use it in that configuration,
what about the recent vulnerability? Is the problem in the BIND daemon code
itself, or in the resolver library? In other words, will the newest named
with an old resolver library be vulnerable or not?
The two remaining failing tests are "cacheclean" and "rrsetorder" - I don't
understand their impact on the overall operation of BIND. Can someone
explain?
Regards,
Jaroslaw Rafa
raj@ap.krakow.pl
--
Zapraszam na moja nowa strone: http://www.ap.krakow.pl/~raj/