[THANK YOU]
The following individuals assisted me with these questions and I did
log a couple of sequence numbers too. Of course the best help comes
from this mailing list as usual and the list remains my first choice for
assistance.
Jay Leafey
J. Bacher
Edward J. Branley
William H. Magill
Oisin McGuinne
Rich Boren
system administration account at <sysadmin_at_astro.su.se>
#C010821-3144 UNIX Team they redirected me to the Internet Team.
#C010821-3353 Internet Team and its allways nice to talk to someone
via the phone too.
[SUMMARY]
============================================================
[Q] Which BIND version is native to Tru64 UNIX 5.1
============================================================
If you run named with the '-v' switch you get back the version number.
On
one of my Tru64 V5.1 systems:
# /sbin/named -v
named 8.2.2-P5-plus-CA-2000-20-plus-CA-2001-02
Thanks Jay. :)
I see the following
#/sbin/named -v
named 8.2.2-P5
Your version string looks cooler than my. What's up with that I'm
Tru64 UNIX 5.1 patch kit-003.
===============================================================
[Q] My next question is do I still need to apply this patch?
I thought the jumbo patch kit-003 fixed just about every thing!
===============================================================
Hello,
the answer to your question is yes - you need to re-install the
security patch identified for V5.1 in the security advisory after any
re-install or upgrade until the release of the next PK (BL18)*
*This set of fixes will be included in the next PK kit (BL18).
ps: this re-install process applies to all affected Tru64 versions
noted
in the security advisories (case id:
SSRT1-38U,SSRT1-66U,SSRT1-68U,SSRT1-69U)
for BIND.
regards
rich boren
Software Security Response Team
Compaq Global Services
security-ssrt_at_compaq.com
JOIN OUR SECURITY ADVISORY MAILING LIST!
http://www.support.compaq.com/patches/mailing-list.shtml
Thanks Rich. :)
Hmmmmmm, if BL17 equals patch kit-003 then BL18 might equal patch
kit-004. According to my contacts #C010821-3144 at the UNIX team and
#C010821-3353 at the Internet team, patch kit-004 should be available at
the end of September or the first of October. However they advise me to
install the BIND security patch now.
===============================================================
[Q] What other options do I have concerning BIND?
===============================================================
Option 1: move out of a supported category and build the latest
release of BIND yourself.
======
You can find the latest version at '
http://www.isc.org', which lists
9.1.3 as the current release in the v9
family and 8.2.4 as the current production release in the v8.x chain.
Unless there are some features in BIND9 that you really need I would
just
stick with BIND8 for now. The current Compaq-supported version works
just fine for us, but make sure you keep up with the security patches!
Thanks again Jay :)
Option2: move out of a supported category and build djbdns yourself?
======
The following URLs may also be of interest to you:
http://cr.yp.to/djbdns/blurb/unbind.html
http://cr.yp.to/djbdns.html
Thanks Mr. system administration account at <sysadmin_at_astro.su.se> :)
I won't assume you are D. J. Bernstein, Associate Professor in the
Department of Mathematics, Statistics, and Computer Science at the
University of Illinois at Chicago but I will assume you appreciate the
work he/she did on their djbdns. I followed the links you suggested and
their work looks extensive and creditable. I am not an expert in this
field nor do I even consider myself a novice so I really can't judge
anyones work output. But I will say their djbdns project looks like a
well documented and workable solution. I did not do any actual
expirements with the code though, it was just a look through.
Wow, I operate in the private IP space behind a firewall and I don't
have a true Internet presence to speak of. If I did, I might consider
upgrading into and Option1 or and Option2 as illustrated above, but
since I don't have that true Internet presence to speak of, I think I
will continue with the Compaq Engineer supported branch of BIND 8.2.2-P5
and apply the latest patch to BIND which you can read about at the
following URL.
http://ftp.support.compaq.com/patches/public/Readmes/unix/ssrt1-66u_v5_1.README
This way if I have any problems and I call Compaq support they won't be
able to say sorry can't help you the branch of code you are chosing to
use is not supported .
Sincerely
Kevin Criss
Received on Wed Aug 22 2001 - 16:01:40 NZST