BIND 9 first impressions
BIND 9 has been released. After a fortnight of running it on my secondary nameserver, the architectural improvements are real and the operational migration is manageable. A first writeup.
Notes from the field
Writing
Long-form thinking on cyber defence, detection, and resilience — from Slackware-era honeypots through to AI-driven SOC analytics.
Showing posts tagged dns — 4 results.
BIND 8.2.3 and the discipline of yet another patch
ISC has released BIND 8.2.3 with another set of security fixes. The catalogue of BIND advisories now reads as its own small genre. A short note on what is new and on what the steady drumbeat of advisories implies.
BIND keeps biting: the NXT vulnerability and the question of what 'patched' means
Another major BIND advisory in three months. The NXT-record buffer overflow is being exploited in the wild before most operators have patched. A reflection on how 'patched' is not the boolean condition we treat it as.
BIND 8 vulnerabilities and the discipline of running DNS
DNS is critical infrastructure. The reference implementation that everyone runs has had a punishing year of advisories. A walk through what BIND has been doing wrong and what an operator can do about it.