Bind9: Resolver Library Question

[Mark Olbert]

I'm currently running bind 8.3.3 under linux 2.4.17. I'd like to
upgrade to bind 9.x, but I'm unclear about what that involves for
programs that require the resolver library.

I've read the commentary about how programs using the resolver library
still need to be linked against the bind8 version, but I'm unsure how
I'd do that in practice (while I routinely compile my own binaries I'm
not too well versed in the details of linking, libraries,etc.).

What's involved in "retaining" the 8.x resolver library? Or would I be
better off waiting for further bind 9.x development before switching?

Thanx in advance!

- Mark

[p...@icke-reklam.ipsec.nu]

Mark Olbert <ma...@arcabama.com> wrote:

There is nothing you have to do to "retain" you old resolver. It's
built into libc, which is shared amongs most applications on your host.

Those applications that is statically linked will remain functional,
only when linking new applications you have an option to use another
resolver.

Installing a new version of bond does not force you to replace the
resolver in tha same machine, in fact this is often not done at all.

To protect yourself against the current threat of buffer overflow in the
resolver you could replace libc and relink all static binaries. Or
you could replace all nameservers with bind 9.2.1 and make shure that
no client will use another nameserver then your bind-9 ( bind-9
sanitizes the attack-strings making them harmless)

The latter is vastly less complicated then replacing all binaries.

> Thanx in advance!

> - Mark

--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.