What do you think of OpenBSD still installing BIND4 as part of the
default base system and recommended as secure by the OpenBSD FAQ ?
(See Section 6.8.3 in <OpenBSD FAQ: Networking; )
i think that bind4 was relatively easy for them to do a format string
audit on, and that bind9 was comparatively huge, and that their caution
is justified based on bind4/bind8's record in CERT advisories, and that
for feature level reasons they will move to bind9 as soon as they can
complete a security audit on the code. (although in this case ISC and
others have already completed such an audit, another pass never hurts.)