[CentOS] BInd Problem or Update SSL ?

Fri Feb 18 22:17:17 UTC 2011
Larry Vaden <vaden at texoma.net>

On Fri, Feb 18, 2011 at 3:15 PM, Always Learning <centos at g7.u22.net> wrote:
> Don't understand what you mean by 'within our /19'. Have your IP ranges
> changed?  If your Bind date is corrupt, why not re-install Centos and
> then restore the domains data from one of your regular backups?

Our network consists of aaa.bbb.ccc.0/19.  That's CIDR notation for
8,192 addresses.

> Is it a wise business decision to use C 4.8 instead of C 5 or the latest
> which is C 5.5 ?

IMHO, fully updated purpose-built servers running 4.8 should have more
or less the same vulnerablity profile as 5.5 IFF RH is doing a good
job of backporting security fixes.

I am supported in that statement by my mentor at FedEx but NOT by my
mentor at Internet2.

The open ?s about human error wrt the SRPMs in SL6 could arguably lead
to a different conclusion.


> I believe C6 will include an updated Bind.

Yes, it will be based on a later release.

> Larry, why can't you install the latest OpenSSL ?

We installed openssl-1.0.0c Jan 23 20:30 27 minutes after filing the
original post IIRC.

kind regards/ldv/vaden at texoma.net