Re: [44net] DNS Flag Day, Feb 1st, 2019

26 Jan 2019

...
  /But on our
AMPRnet gateway (which has Debian Jessie) />>/there is a DNS server/resolver (bind
9.9.5) / Ouch.  Bind v9.9.5 is ~10 years old... sure Debian applies patches, but
man that's way too old, even ISC would heavily advise against it.   Why
can't that gateway be upgraded to Stretch or Buster?  I'm willing to
help if help is needed. 
Debian Jessie is only some 3.5 years old and it is fully supported.
We keep it uptodate.  When you think the package is too old you better
contact Debian instead.

I know how to update the system, but it involves work, downtime, and risk.
And when I do this on sunday afternoons (a convenient time for me to do it)
I get nagged about interruptions in the AMPRnet/HAMnet service during times
others are using it.  So it has to be planned at some time when it is not
used so much and I still have time to do it.  Other less critical systems
will likely be done first, also to gain experience with this particular
version upgrade.

...
 I can assure you that that your thoughts are correct on
this.  Debian
will patch patch patch bind v9.5.5, right up to the end of LTS support,
but never move to a newer major version. It's not in their mindset to
do such. ;-) 
It is how most distributions work.  What we will have to see is whether
they will patch this change into their version of bind or will just ignore
it because it is not a security issue.  Same for the "stretch" version.
The "Buster" version will maybe get an update.  But even that is not so
certain as it is currently at version 9.11.5 so not the leading version
either.

Rob

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Re: [44net] DNS Flag Day, Feb 1st, 2019