Re: [NANOG] RE: [NANOG] Re: Reasons why BIND isn't being upgraded

[Pim van Riezen <pi () vuurwerk nl>]

On Fri, 2 Feb 2001, Roeland Meyer wrote:

> > Pete Elke's point about preproduction testing could  perhaps be
> > turned from a combative tone to the constructive without loss of
> > information.
>
> Isn't that why NSI is running a stealth master root server ... so they _are
> able_ to do pre-production testing of zone files? In the past few years,
> there were a lot of root server outages that would have been prevented by
> that practice.

To be honest, yes it wuold've saved me some extra frustration if I had
known there would be such issues. Yes, a test situation is ideal to get
these changes figured out. I just counted on it to be a trivial upgrade
and it wasn't. Perhaps, in the interest of Internet Security, it would not
be a bad idea if ISC or someone else were to come with an 8.2.2-P8 to
address _just_ the security issues to lower the barrier-of-entry to a
secure version of bind8.

Security fixes are very urgent on my list, I didn't want to lose any time
getting it out of ther door. That's what bit me and now I know that the
next time there's a Panic about vulnerabilities in BIND, being vulnerable
for an extra hour while testing out the patches off-site on a test system
may be worth the risk.

Cheers,
Pi