Again, BIND 9?

It's been working well for me for a couple years now.  Mostly
seemless migration (I *had* to add zone TTLs where BIND 8 had them
still optional).

Is there any reason not to shout out NOW that people should get
their zone files into a BIND 9 compliant format in preparation
for a BIND 9 cutover?

Well, I'll do it myself:

Make sure your zones have a "$TTL nnnn" line as the first line in
your zone file (ie:  "$TTL 86400" or "$TTL 1d").


Quoting NetBSD Security Officer (security-officer@NetBSD.org):
>        NetBSD Security Advisory 2003-018
>        =================================
> 
> Topic:        DNS negative cache poisoning
...
>       pkgsrc:         bind8 packages prior to 8.4.3
>                   bind9 packages unaffected
> 
> Severity: Denial of service resolving DNS entries
> 
> Fixed:        NetBSD-current:     Nov 27, 2003
>               NetBSD-1.6 branch:  Nov 28, 2003 (1.6.2 will include the fix)
>                            (1.6.2_RC3 includes the fix)
>               NetBSD-1.5 branch:  Nov 28, 2003
>               pkgsrc bind8:       bind8-8.4.3 will correct this issue
> 

...
> BIND 9 is not affected by these vulnerabilities.  Upgrading to BIND 9
> is recommended.  BIND 9 is available in the NetBSD Pkgsrc Collection
> (pkgsrc/net/bind9).  Configuration files differ between BIND 8 and
> 9.  Plan such a migration appropriately.