If it's BIND 9.8.2 from the CentOS updates repositories, it's patched. It won't contain non-security related features of later versions, but it has been patched for any security related stuff. The internal patch/version level of the package is denoted in the RPM's filename for EL.
On Fri, Oct 3, 2014 at 9:57 AM, Ken Hohhof via Af <[email protected]> wrote: > I don’t think so. > > *From:* Adam Moffett via Af <[email protected]> > *Sent:* Friday, October 03, 2014 8:34 AM > *To:* [email protected] > *Subject:* Re: [AFMUG] DNS server for guys who dont want to be gurus > > It may be 9.8.2 with security fixes backported from later versions. > > > I would disagree, didn’t Steve say the latest he updated to was 9.8.2? > > https://kb.isc.org/article/AA-00913/0/BIND-9-Security-Vulnerability-Matrix.html > > ISC shows 9.8.8 EOL as of September 2014, so 9.8.2 is quite a few versions > old. With all the DNS amplification attacks and these zero day exploits > coming out all the time, I’d want to be pretty current, plus I believe 9.10 > gives you RRL in your toolbox to deal with attacks although I’ll admit I > haven’t had time to experiment with it. > > > *From:* Mike Hammett via Af <[email protected]> > *Sent:* Friday, October 03, 2014 6:10 AM > *To:* [email protected] > *Subject:* Re: [AFMUG] DNS server for guys who dont want to be gurus > > The server based distributions like CentOS\RHEL and Debian generally are > close to current regarding security updates even if they don't have the > latest version. > > > > ----- > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > ------------------------------ > *From: *"Ken Hohhof via Af" mailto:[email protected] <[email protected]> > > *To: *[email protected] > *Sent: *Thursday, October 2, 2014 5:30:01 PM > *Subject: *Re: [AFMUG] DNS server for guys who dont want to be gurus > > You need a named.conf that defines the slave zones and the IP address of > the master. > > But first step is to download/compile/install the latest version of BIND, > it’s actually quite easy. I doubt you can get the version you want via yum > update because CentOS is based on RHEL which is always a few steps behind. > Given the DNS attacks, you want the latest BIND. You might then want to > lock out the package from being updated by yum. > > > *From:* That One Guy via Af <[email protected]> > *Sent:* Thursday, October 02, 2014 4:36 PM > *To:* [email protected] > *Subject:* Re: [AFMUG] DNS server for guys who dont want to be gurus > > So Im at a new Centos with webmin fresh bind install. > We have one master, one slave server > I have never set up bind, this was done before me. > If I were to take down the old slave server and bring this one up on its > IP will the master update this one, or is there a config I need to move > over. Im more comfotable doing the slave first. > These are all webmin, but the original is ubuntu and the new is centos > > On Thu, Oct 2, 2014 at 2:00 PM, Paul Stewart via Af <[email protected]> wrote: > >> I always install CentOS bare bones …. “minimal server” is what the >> installation will call it. This way you can install whatever you like >> after installation and not worry about removing many dozen packages you >> don’t need… >> >> >> >> Just my preference anyways…. >> >> >> >> *From:* Af [mailto:[email protected]] *On Behalf Of *That One Guy via >> Af >> *Sent:* Thursday, October 02, 2014 2:24 PM >> *To:* [email protected] >> *Subject:* Re: [AFMUG] DNS server for guys who dont want to be gurus >> >> >> >> 2 questions in this >> >> 1. when running through the current centos installation, what do i select >> for the server type, for powercode it says select basic server >> >> 2. is there a guide for building dedicated centos servers based on server >> purpose? I assume there are packages I dont need to install if its only got >> this purpose >> >> >> >> On Thu, Oct 2, 2014 at 1:13 PM, Paul Stewart via Af <[email protected]> wrote: >> >> CentOS+BIND+Webmin J I can’t remember but Usermin might be the part >> you’re looking for specific to users updating their own DNS….. >> >> >> >> >> >> >> >> *From:* Af [mailto:[email protected]] *On Behalf Of *That One Guy via >> Af >> *Sent:* Thursday, October 02, 2014 1:21 PM >> *To:* [email protected] >> *Subject:* [AFMUG] DNS server for guys who dont want to be gurus >> >> >> >> Is there a good, simple package for locally hosted DNS Servers for people >> like me who dont want to get too far into managing the linux at a granular >> level? we are used to the webmin interface. It would be nice if it had the >> option to set up client accounts for some clients to manage their own DNS >> but not view others, but thats in no way a deal breaker >> >> >> >> -- >> >> All parts should go together without forcing. You must remember that the >> parts you are reassembling were disassembled by you. Therefore, if you >> can't get them together again, there must be a reason. By all means, do not >> use a hammer. -- IBM maintenance manual, 1925 >> >> >> >> >> >> -- >> >> All parts should go together without forcing. You must remember that the >> parts you are reassembling were disassembled by you. Therefore, if you >> can't get them together again, there must be a reason. By all means, do not >> use a hammer. -- IBM maintenance manual, 1925 >> > > > > -- > All parts should go together without forcing. You must remember that the > parts you are reassembling were disassembled by you. Therefore, if you > can't get them together again, there must be a reason. By all means, do not > use a hammer. -- IBM maintenance manual, 1925 > > > >
