I l@ve RuBoard Previous Section Next Section

1.10 Choosing a Version of BIND

1.10.1 Problem

You need to choose which version of BIND to build and install.

1.10.2 Solution

First, decide whether you'll compile your own version of BIND or use a version supplied by your operating system vendor. If you need to run a version of BIND supported by your vendor, that will limit your choices. Often, the version shipped with your operating system isn't very recent. See if your vendor offers a patch that will upgrade that version to something more current -- preferably at least BIND 8.2.3.

If you're willing to compile your own version of BIND, all you really need to decide is whether you want to run BIND 8 or BIND 9. For most administrators and most name servers, BIND 9 is a better choice. The latest released version of BIND 9 as of this writing, 9.2.1, supports nearly every feature that the latest version of BIND 8, 8.3.3, supports. Only administrators running extremely busy name servers (those receiving thousands of queries per second) or those that require one of the few features supported only by BIND 8 should consider running it.

Whether you choose to run BIND 8 or BIND 9, use the latest released version. Earlier versions inevitably contain bugs fixed in the newer version, and some contain dangerous vulnerabilities. Check the ISC's BIND Vulnerabilities web page, at http://www.isc.org/products/BIND/bind-security.html, to make sure the version you're considering isn't vulnerable.

1.10.3 Discussion

I have sympathy for administrators compelled by corporate policy to run a vendor-supported version of BIND -- I come from a big corporate environment myself. Otherwise, I'd issue a blanket recommendation that everyone run the latest released version of BIND. Just be sure you understand what your vendor's support includes. Some vendors limit their support of BIND to fixing bugs in the code. If you're counting on their help with configuration issues, you may be out of luck.

1.10.4 See Also

The ISC's BIND Vulnerabilities web page at http://www.isc.org/products/BIND/bind-security.html and "Getting BIND" in Chapter 3 of DNS and BIND.

    I l@ve RuBoard Previous Section Next Section