Updating BIND - SCO

This is a discussion on Updating BIND - SCO ; in view of this warning: http://news.com.com/DNS+servers--an+...3-5816061.html shouldn't I be updating my DNS server on 506: $ /etc/named -v named 8.2.2-P7 Mon Feb 26 23:38:33 PST 2001 SCO BUILD What's the most economical way to go about doing this? Thanks! -- ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Updating BIND

  1. Updating BIND

    in view of this warning:
    http://news.com.com/DNS+servers--an+...3-5816061.html
    shouldn't I be updating my DNS server on 506:

    $ /etc/named -v
    named 8.2.2-P7 Mon Feb 26 23:38:33 PST 2001
    SCO BUILD

    What's the most economical way to go about doing this?

    Thanks!

    --
    _________________________________________
    Nachman Yaakov Ziskind, FSPA, LLM awacs@ziskind.us
    Attorney and Counselor-at-Law http://ziskind.us
    Economic Group Pension Services http://egps.com
    Actuaries and Employee Benefit Consultants

  2. Re: Updating BIND


    ----- Original Message -----
    From: "Nachman Yaakov Ziskind"
    Newsgroups: comp.unix.sco.misc
    To:
    Sent: Thursday, August 04, 2005 3:13 PM
    Subject: Updating BIND


    > in view of this warning:
    > http://news.com.com/DNS+servers--an+...3-5816061.html
    > shouldn't I be updating my DNS server on 506:
    >
    > $ /etc/named -v
    > named 8.2.2-P7 Mon Feb 26 23:38:33 PST 2001
    > SCO BUILD
    >
    > What's the most economical way to go about doing this?


    Or turn it off.
    You are probably not even running it already so you're probably already
    safer that having a newer, but running, server.
    Does either /etc/named.conf or /etc/named.boot exist?
    if not then you're safe because named isn't running and won't start up at
    boot or with "/etc/tcp start"

    If it is running it's probably ok to turn it off.
    You don't have any resolv.conf on the sco box so nothing on the sco box is
    even using dns, let alone it's self as the the nameserever.
    That just leaves the possibility of other boxes that can reach the sco box
    by the dns port.
    Probably you aren't allowing the internet to reach the sco box by that port,
    and probably you aren't telling any boxes on your network that the sco box
    is the prefered nameserver, and so, just disable named altogether on the sco
    box. I never use it myself.

    mv /etc/named.boot /etc/named.boot.disabled
    mv /etc/named.conf /etc/named.conf.disabled

    Then reboot or kill any running ndc and/or named processes.
    ps -eo pid,comm |awk '/named|ndc/{system("kill $1")}'

    When you later want the sco box to be able to use dns to resolve hostnames
    like a normal pc or server with access to the internet, just create
    /etc/resolv.conf and in it specify the same nameservers you use for the pc's
    and other servers. Often the router will forward dns automagically so you
    don't even have to bother finding out and keeping up to date the isps
    nameserver ip's, just plug in the routers lan ip and the router gets it's
    own dns settings automatically from the isp via dhcp or pppoe or even if you
    have to manually set up the router for a t1 or static dsl, it's still handy
    to only have to update the one device instead of every lan machine.

    ---snip---
    hostresorder local bind
    nameserver
    ---snip---

    or
    ---snip---
    hostresorder local bind
    nameserver
    nameserver
    ---snip---

    and continue leaving named completely disabled.

    There are named security patches but I don't know offhand which patch has
    the most current named. It's time consuming figuring out which sco update
    package supercedes which other package for a particular component of the
    package. There is at least one security update that is explicitly
    named/advertized as specifically a security update, specifically to named.
    Yet there may be a newer named with even more & newer security fixes
    included as just one of many components in some other more general purpose
    package. Sometimes it's the other way around, where a newer version of a
    large general purpose package that happens to also fix some security issue,
    is only found listed/advertized as a security update on the seperate
    dedicated security updates page.

    That's why the suggestion to see if it's ok to just turn off named and be
    done. That only takes a few seconds and you won't have to wonder if you
    really got the latest thing or didn't actually inadvertantly downgrade
    something, etc...

    Brian K. White -- brian@aljex.com -- http://www.aljex.com/bkw/
    +++++[>+++[>+++++>+++++++<<-]<-]>>+.>.+++++.+++++++.-.[>+<---]>++.
    filePro BBx Linux SCO FreeBSD #callahans Satriani Filk!


  3. Re: Updating BIND Reply-To: scomsc@xenitec.on.ca

    Nachman Yaakov Ziskind enscribed:
    | in view of this warning:
    | http://news.com.com/DNS+servers--an+...3-5816061.html
    | shouldn't I be updating my DNS server on 506:
    |
    | $ /etc/named -v
    | named 8.2.2-P7 Mon Feb 26 23:38:33 PST 2001
    | SCO BUILD
    |
    | What's the most economical way to go about doing this?

    So, don't use forwarders.
    Don't use excessive long cache expiration times.

    Or get a minimal server and run FreeBSD 5.4 on it and you can have the dubious
    pleasure of configuring BIND 9.

    --
    ================================================== ========================
    Tom Parsons tom@tegan.com
    ================================================== ========================

  4. Re: Updating BIND Reply-To: scomsc@xenitec.on.ca

    In article <20050804165812.03978@tegan.com>,
    Tom Parsons wrote:
    >Nachman Yaakov Ziskind enscribed:
    >| in view of this warning:
    >| http://news.com.com/DNS+servers--an+...3-5816061.html
    >| shouldn't I be updating my DNS server on 506:
    >|
    >| $ /etc/named -v
    >| named 8.2.2-P7 Mon Feb 26 23:38:33 PST 2001
    >| SCO BUILD
    >|
    >| What's the most economical way to go about doing this?
    >
    >So, don't use forwarders.
    >Don't use excessive long cache expiration times.


    >Or get a minimal server and run FreeBSD 5.4 on it and you can
    >have the dubious pleasure of configuring BIND 9.


    BIND 9 will also run on the FreeBSD 4.x series. On one of the freebsd
    lists, there are several people having trouble with the 5.x series,
    which had so many changes it was almost like the different between
    System III and SysVR4. Man recommnd waiting until 6.x goes stable
    - in about 6 months, and remaining on 4.11 until then. 4.11 is
    guaranteed to be supported through February 2007.

    By then 6.x will be stable and 7 will be in process.



    --
    Bill Vermillion - bv @ wjv . com

+ Reply to Thread