[Info-vax] New VSI Roadmap (yipee!)
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Sun Mar 1 12:54:17 EST 2015
On 2015-03-01 17:05:38 +0000, Kerry Main said:
> You assume they are using VMS Bind - I have no idea, but if not, then
> they don't care. They may also be using Multinet or TCPware which if
> they are, Process likely provided a fix.
Ayup; there are folks which prefer to avoid using various of the TCP/IP
Services services, utilizing different tools and different platforms.
HP TCP/IP Services includes a port of ISC BIND.
The current ECO kit (V5.7 ECO 4) appears to include "BIND 9.3.1 (Sep 7 2012)".
Per <https://www.isc.org/blogs/isc-software-lifetimes/> 9.3.0 was
released in September, 2004. ISC deprecated the 9.3 series in 2008.
The ISC extended support for the rather newer BIND 9.6 series ended
over a year ago. Presently, ISC is encouraging 9.9 for extended
support, and the current 9.10 series.
> No OS platform is 100% secure - they will all have issues at one time
> or another. My concern with commodity OS's is the scale and number
> of security patches and the huge impact it has on Operations groups.
Not getting patches can have an effect on operations groups, as well.
Per
<https://kb.isc.org/article/AA-00913/74/BIND-9-Security-Vulnerability-Matrix.html>,
there are a ~dozen known vulnerabilities in this 9.3.1 release, and
there are obviously other vulnerabilities in the ISC BIND releases that
superseded 9.3.1.
Whether any of these vulnerabilities apply to the OpenVMS BIND port
would require investigation, but the ISC descriptions of the
vulnerabilities do imply that a number of the patches would apply to
the OpenVMS port.
Folks running a DNS server from a different source — that are not using
the TCP/IP Services BIND server port for DNS services beyond the
resolver, and outside of any resolver-specific issues — are not
effected.
What services and what versions VSI might provide with their "new
TCP/IP stack", we shall eventually learn. On no evidence and no inside
information, I'd tend to assume that VSI have worked a deal for a
Process IP stack.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list