On Thu, Feb 10, 2011 at 3:02 PM, Ray Van Dolson <rayvd at bludgeon.org> wrote: > On Thu, Feb 10, 2011 at 02:59:48PM -0600, Larry Vaden wrote: >> On Thu, Feb 10, 2011 at 2:06 PM, Johnny Hughes <johnny at centos.org> wrote: >> > >> > There are any number of 3rd party repos that maintain many newer >> > packages, so getting things into CentOSPlus is not the only option. >> >> I would very much appreciate your referral to a repo that has a current BIND. > > I'm not aware of one. Would you consider using a Fedora RPM? You > could rebuild from the F14 SRPM for EL6. Probably would work pretty > well. > > You'd have to track security updates and such of course on your own... Back when rural T1s were $1500/month and BSD licenses were still the subject of litigation and high $, each basic function an ISP must provide was a purpose built box and the OS was chosen with great sway to the function's authors' choice. To harden the ISP functions against exploits in a later stage, we used FreeBSD and RedHat for the same function (e.g, ns1 was FreeBSD, ns2 was RedHat) so a miscreant could only take out half of the purpose built boxen. . Eventually, we outsourced the configuration of the most important function, DNS, to miceandmen.com and they used the latest Fedora along with the latest BIND source compiled off site so that miscreants didn't find much to exploit. Now, with all basic functions back in house, YES, wrt the DNS function, FC14, which includes bind-9.7.2-5.P3.fc14 is interesting and must be considered along with CentOS plus Paul Vixie/ISC's latest source code for BIND now that we have listened to what the CentOS community has to say. kind regards/ldv