Re: vulnerability of bind

Tue, 14 Dec 2010 11:10:58 -0800 

A question like this comes along avery few weeks....
Just download the latest bind source from: http://www.isc.org/software/bind , configure, make, make test, install. 


This is my cheat sheet (I do this every few months on ~10 servers -- I  
keep meaning to set up a puppet / similar script to take care of this  
for me, but never seem to manage to collect enough toits):



-----
== Get source ==

   ftp://ftp.isc.org/isc/bind9/

Unzip / untar source.

  cd /usr/local/src/bind
  sudo wget ftp://ftp.isc.org/isc/bind9/9.7.2-P3/bind-9.7.2-P3.tar.gz

Now get and validate the GPG signature.
  sudo wget ftp://ftp.isc.org/isc/bind9/9.7.2-P3/bind-9.7.2-P3.tar.gz.sha256.asc
  gpg --verify bind-9.7.2-P3.tar.gz.sha256.asc bind-9.7.2-P3.tar.gz

Assuming all is good:
  sudo tar -xvzf bind-9.7.2-P3.tar.gz
  sudo rm bind-9.7.2-P3.tar.gz.*
  sudo chown -R wkumari.wkumari bind-9.7.2-P3/

  cd bind-9.7.2-P3/

Make sure you have the required dependencies

  sudo apt-get install openssl libssl-dev gcc

And now build
  ./configure --with-openssl=yes --with-randomdev=/dev/urandom
  make

And lets run some tests:
  make test

Check and install the new version:

  named -v
  which named
  make install
  named -v


Restart bind:
  sudo /etc/init.d/bind9 stop
  sudo /etc/init.d/bind9 start
  dig www.kumari.net +dnssec @localhost

----



Obviously, replace the versions with something sane, and the user /  
check domain with something else...



Oh, also tell your package manager that you no longer want it to do,  
well, whatever it thinks it is doing...



W


On Dec 14, 2010, at 1:28 PM, fakessh @ wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hello bind network



I just realized that my version of bind and vulnerable and I'm  
wondering

if by upgrading to version 9.5.2-P4 I would always be vulnerable



i use centos 5.5 and use
http://www.pramberger.at/peter/services/repository/rhel5/ deposit


thanks
- --
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
gpg --keyserver pgp.mit.edu --recv-key 092164A7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iD8DBQFNB7dLtXI/OwkhZKcRAhA7AJ9P5y0Lp5KpX3rNmas4rEnNX33FMwCfdQUq
Bg9aAabFVLPFYYk8zLeTLUE=
=jhLX
-----END PGP SIGNATURE-----
_______________________________________________
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users



_______________________________________________
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users





















					Reply via email to