RE: Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477

2015-09-07 Thread stavrostseriotis 
Ok here is what I did:

. After extracting the package I looked out at directories
/usr/local/bin and /usr/local/sbin as mentioned in the procedure but I found
that there are no files there.

. I run configure command without openssl because I had trouble with
the openssl library when it was enabled. Also since I am not currently using
DNSSEC I guess that this is not a problem.

. Then I run make and I didn't get any error.

. I run make install and I didn't get any error again.

. Stopped named service

. I copied the /etc/named.conf file and then created another empty
file as instructed with the correct permissions.

. Started named service. It started normally without any error and
also the process that was up is the same as before.

. When I do named -V and also rpm -q bind I still see the same
versions as before.

 

Yes I know that if I was using the RedHat package I wouldn't had this
problem because I already do this for other linux machines. Just this
machine is old and when it was configured to work as nameserver the guys did
it this way. Now we are in the process to build a new machine for nameserver
with RedHat subscription and everything but until that happens it will be
best if we can get rid of this security vulnerability cause I don't know how
long it will take.

 

Thank you for your responses.

 

From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Timothe Litt
Sent: Monday, September 07, 2015 2:29 PM
To: bind-users@lists.isc.org
Subject: Re: Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477

 


Subject: 

Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477


From: 

stavrostseriotis  



Date: 

07-Sep-15 05:24

 


To: 

bind-users@lists.isc.org

 

Hello,

 

I have a RedHat 5.11 machine and currently I am facing the issue with BIND
vulnerability CVE-2015-5477. I cannot update my BIND using yum because I
didn't install BIND from RedHat at the first place so I need to do it
manually.

I downloaded the package of version 9.9.7-P2 from isc website but since it
is not an rpm file I have to build it myself.

I followed the instructions I found on website
https://deepthought.isc.org/article/AA-00768/0/Getting-started-with-BIND-ho
but it does not change the version of bind. I don't know what I am doing
wrong.

I am wondering if you can give me a little guideline on how to build and
install the new version.

 

Thank you

"does not change the version of bind" - as reported how?  By named -V?  Or
by a DNS query to version.bind CH TXT?

If the former, you probably have more than one named executable - with the
old one earlier in your PATH.  "which named" should help.  If the latter,
did you remember to restart named?  And did the restart succeed?  And does
your startup process have the same PATH as your terminal?  (Often they do
not.)

Re-read the instructions - and pay special attention to how you run
configure.  The default is to build/install in /usr/local/*bin - which is
not the default for most distributions' startup files.

I strongly recommend keeping track of each step as you build (a big
scrollback buffer helps).  Either write your own instructions, or turn it
into a script.  There are enough steps that it's easy to make a mistake -
and you will be re-building bind again to upgrade.  Plus, if you ask for
help, you will be able to provide the details of what you did.  Without
details of what you did and what you see, people can't provide specific
help.

Note that RedHat usually has a number of patches (often for SeLinux and
systemd) that you won't get if you build yourself from ISC sources.  

Or remove bind and switch to the RedHat version.  You're paying RedHat to do
the maintenance, so unless you have local patches or very special
requirements, you might as well let them do the work.  

Typically, if you really need the latest from ISC on RedHat you're better
off getting the SRC RPM from RedHat & modifying the rpmbuild config file to
fetch the latest ISC source, then build RPMs.  If you stay with the same ISC
code stream, you won't have too many patch conflicts to resolve.  After
you've done this once or twice, you'll want to revisit you need for local
changes - either decide they're not that important, or offer them to ISC.
Maintaining a private version is work.




Timothe Litt
ACM Distinguished Engineer
--
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed. 

 

 




The information in this e-mail and any of its attachments is confidential
and intended only for the individual to whom it is addressed. If you are
not the intended recipient you should immediately notify the sender and
delete the message and all of its attachments. Do not copy through
any means or use for any reason or reveal its c

Re: Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477

2015-09-07 Thread Carl Byington 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


> I have a RedHat 5.11 machine and currently I am facing the issue with
> BIND vulnerability CVE-2015-5477. I cannot update my BIND using yum
> because I didn't install BIND from RedHat at the first place so I need
> to do it manually.

You might look at http://www.five-ten-sg.com/mapper/bind - links to a
source rpm for 9.10.2-P4 that compiles and runs on RHEL/Centos 5 (and
others).


-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEARECAAYFAlXuUZgACgkQL6j7milTFsHm/QCffLw4Q1uEAv+F1FM/RgYSLuR5
xzkAni5YNcmGw3Y8Kxql3w34ZeddcUmH
=jf5M
-END PGP SIGNATURE-



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

SOLVED - Re: Secondarying DLZ zones

2015-09-07 Thread Robert Moskowitz 

At least the 'right' way with turning down the SOA TTL for the zone.

This is one of the set it and forget it items (at least for me), and 
once I started reading finding enough articles on secondaries it was an 
oh yeah moment.


On 09/07/2015 04:09 PM, Robert Moskowitz wrote:
On the Samba list, I was told that it is working (bug from2 years ago, 
still open, was fixed):


https://bugzilla.samba.org/show_bug.cgi?id=9634

But Notify does not work:

"yes it does work. But the DLZ bind will not notify any slaves, when 
the repository changes. This can be painful, especially for longer TTL 
values."


Is there some way to get the secondary to check frequently, like once 
an hour?


On 09/07/2015 03:12 PM, Robert Moskowitz wrote:

It seems I have this working, but...

I have a regular Centos7 Bind 9.9 server that I want to secondary a 
Samba AD (Also Centos7) DLZ zone.


On the DNS server (192.168.192.5) I have:

zone "home.htt" {
type slave;
file "slaves/bak.home.htt";
masters {192.168.192.2; };
};

On the Samba AD I have:

dlz "AD DNS Zone" {
# For BIND 9.9.x
 database "dlopen /usr/lib/samba/bind9/dlz_bind9_9.so";
};

And it seems works.

On 192.168.192.2 I saw:

Sep  7 14:00:05 homebase named[1133]: client 192.168.192.5#51888 
(home.htt): transfer of 'home.htt/IN': AXFR started
Sep  7 14:00:05 homebase named[1133]: client 192.168.192.5#51888 
(home.htt): transfer of 'home.htt/IN': AXFR ended



On the DNS server, 192.168.192.5, I can resolve hosts in the home.htt 
zone.


But there is no slaves/bak.home.htt file.  Perhaps my notes are old 
from when I did this some years back (and static master zone), but I 
would think that there should be the slaves/bak.home.htt file?


I also need to implement Notify for changes to the home.htt zone.

thanks


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
unsubscribe from this list


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
unsubscribe from this list


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How are DNS Records added dynamically in DNS Servers?

2015-09-07 Thread Mark Andrews 

In message <55ed6354.8060...@runbox.com>, Ken Peng writes:
> Stephane, May I ask why not using outlook for email?
>
> On 2015/9/7  18:09, Stephane Bortzmeyer wrote:
> > By not using outlook.com for email

Because outlook.com's nameservers are not EDNS compliant which
breaks anyone attempting to use EDNS extensions unless they hack
around this.  BIND 9.11 will be using such extensions.

Yes, Microsoft were informed last about this nearly a year ago.

See http://ednscomp.isc.org/ednscomp/fcbe08d33f for details about
what is broken.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Secondarying DLZ zones

2015-09-07 Thread Robert Moskowitz 
On the Samba list, I was told that it is working (bug from2 years ago, 
still open, was fixed):


https://bugzilla.samba.org/show_bug.cgi?id=9634

But Notify does not work:

"yes it does work. But the DLZ bind will not notify any slaves, when the 
repository changes. This can be painful, especially for longer TTL values."


Is there some way to get the secondary to check frequently, like once an 
hour?


On 09/07/2015 03:12 PM, Robert Moskowitz wrote:

It seems I have this working, but...

I have a regular Centos7 Bind 9.9 server that I want to secondary a 
Samba AD (Also Centos7) DLZ zone.


On the DNS server (192.168.192.5) I have:

zone "home.htt" {
type slave;
file "slaves/bak.home.htt";
masters {192.168.192.2; };
};

On the Samba AD I have:

dlz "AD DNS Zone" {
# For BIND 9.9.x
 database "dlopen /usr/lib/samba/bind9/dlz_bind9_9.so";
};

And it seems works.

On 192.168.192.2 I saw:

Sep  7 14:00:05 homebase named[1133]: client 192.168.192.5#51888 
(home.htt): transfer of 'home.htt/IN': AXFR started
Sep  7 14:00:05 homebase named[1133]: client 192.168.192.5#51888 
(home.htt): transfer of 'home.htt/IN': AXFR ended



On the DNS server, 192.168.192.5, I can resolve hosts in the home.htt 
zone.


But there is no slaves/bak.home.htt file.  Perhaps my notes are old 
from when I did this some years back (and static master zone), but I 
would think that there should be the slaves/bak.home.htt file?


I also need to implement Notify for changes to the home.htt zone.

thanks


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
unsubscribe from this list


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: DNSSEC ZSK key rollover, why is my zone double signed?

2015-09-07 Thread Robert Senger 
Hi Holger,

thanks, I just checked and can confirm your results, everything is fine
now. No manual action done.

But when I look at the dnsviz.net's analysis, I see this

http://dnsviz.net/d/microscopium.de/Ve0Nnw/dnssec/

15 hours ago (analyzed 2015-09-07 04:07:59 UTC), and this

http://dnsviz.net/d/microscopium.de/dnssec/

4 hours ago (analyzed 2015-09-07 15:03:18 UTC).

Your checks at Mon Sep 07 11:50:31 CEST 2015 are in between these two
analyzes.

Doesn't the first analysis show a double signed zone?

However, I'll leave it like it is for now, and see what happens next
week ;)

Thanks again,

Robert



Am Montag, den 07.09.2015, 12:48 +0200 schrieb Holger Zuleger:
> On 05.09.2015 11:53, Robert Senger wrote:
> > Hi all,
> > 
> > I am having trouble with the DNSSEC ZSK rollover for one of my zones.
> > Key rollover for all zones was scheduled at Thursday September 3,
> > 22:00:00 CEST. While everything worked well for most zones, one zone
> > became double signed. Below I've pasted public keys for one good and for
> > the double signed zone, and links to dnsviz.net that show what has
> > happened.
> >
> 
> > Double signed zone:
> > 
> > root@prokyon:/etc/bind# cat Kmicroscopium.de.+008+18903.key 
> > ; This is a zone-signing key, keyid 18903, for microscopium.de.
> > ; Created: 20150827010002 (Thu Aug 27 03:00:02 2015)
> > ; Publish: 2015082718 (Thu Aug 27 20:00:00 2015)
> > ; Activate: 2015082720 (Thu Aug 27 22:00:00 2015)
> > ; Inactive: 2015090320 (Thu Sep  3 22:00:00 2015)
> > ; Delete: 2015091020 (Thu Sep 10 22:00:00 2015)
> > microscopium.de. IN DNSKEY 256 3 8 
> > AwEAAcH+5fi77XDBXYagvneBQNiPGGrohgXXf5t0DY1+rt6GUzBkEIle 
> > QdonDdjWmyHoANUZ/VStOgpZJFGQrp3LxtgtvZZbFq9EfQ4waMWQWY36 
> > pxhDyac1X72dm3Eb+378GnR8SeIT+/NJDOEr9+yWrOd/FEM7le3JJyV5 
> > qQrgP70R9QsMHRbttOJxd0qAHWod/vrY3uegx54i3REVpZwtxS3nhuUl 
> > kqxMbILTFiDV6LpI4bAasTc7Es08vs2op0fy/wT36x0ma2SttgWDOL+e 
> > jLqgWF5qiMYqrXScggPOTTaMiW0rPBKntpqkifl0G56IOOKAkVzqk4ME C3Ve3tBcY0M=
> > root@prokyon:/etc/bind# cat Kmicroscopium.de.+008+03234.key 
> > ; This is a zone-signing key, keyid 3234, for microscopium.de.
> > ; Created: 20150903110745 (Thu Sep  3 13:07:45 2015)
> > ; Publish: 2015090318 (Thu Sep  3 20:00:00 2015)
> > ; Activate: 2015090320 (Thu Sep  3 22:00:00 2015)
> > ; Inactive: 2015091020 (Thu Sep 10 22:00:00 2015)
> > ; Delete: 2015091720 (Thu Sep 17 22:00:00 2015)
> > microscopium.de. IN DNSKEY 256 3 8 
> > AwEAAdT8E9n/mCorGHF4u4GBJnQ+4QzRDXQlhZjCLhRCxNAVWKaaLBYJ 
> > Vzx0uvtc8/W7+wX/Sax/S5EK1ym/74tzXH7q323t8gLEt78ZERHF5zEU 
> > DAvGEa+/Evf/h1M72FLOFjVpAhHfSc3JKfUYi8hrws7kZ4twMsEIepso 
> > dSMfa9N7WpQPkfjIAaY/kSxVcapCvKzmleiSU1Q2hRvduOwfTjE90xxg 
> > OfGzA7C+sCIT09pqtemluzYdOs1NaONrkaUD3ad+InqAne/a8xhnjZfD 
> > Nz57oxaYsffgiMahUVNTzMZukLbn30soRatdGEgEFmYvpSrrgDX3ceu3 3sNSzDhwIKE=
> I'm pretty much sure that this zone is *not* double signed.
> Using dig I'm getting this:
> 
> $ dig +dnssec +multi +nocrypto soa microscopium.de
> 
> ; <<>> DiG 9.11.0pre-alpha <<>> +dnssec +multi +nocrypto soa microscopium.de
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6796
> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 1460
> ; COOKIE: c8bb9ae44c57653ceb701b8b55ed5cfb6c8039aa6b918c0e (good)
> ;; QUESTION SECTION:
> ;microscopium.de. IN SOA
> 
> ;; ANSWER SECTION:
> microscopium.de.  3453 IN SOA mydnssec.eu. hostmaster.microscopium.de. (
>   2015082120 ; serial
>   14400  ; refresh (4 hours)
>   3600   ; retry (1 hour)
>   604800 ; expire (1 week)
>   3600   ; minimum (1 hour)
>   )
> microscopium.de.  3453 IN RRSIG SOA 8 2 3600 (
>   20150914082528 20150907072528 3234 
> microscopium.de.
>   [omitted] )
> 
> ;; Query time: 0 msec
> ;; SERVER: 127.0.1.1#53(127.0.1.1)
> ;; WHEN: Mon Sep 07 11:46:35 CEST 2015
> ;; MSG SIZE  rcvd: 433
> 
> 
> So the key used for signing "regular" RR sets is the one with tag 3234.
> 
> 
> $ dig +dnssec +multi +nocrypto dnskey microscopium.de
> 
> ; <<>> DiG 9.11.0pre-alpha <<>> +dnssec +multi +nocrypto dnskey
> microscopium.de
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32278
> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 1460
> ; COOKIE: 4e815a77f7ec0e42e149deeb55ed5de727d5ab9235815cf7 (good)
> ;; QUESTION SECTION:
> ;microscopium.de. IN DNSKEY
> 
> ;; ANSWER SECTION:
> microscopium.de.  3096 IN DNSKEY 256 3 8 (
>   [key id = 18903]
>   ) ; ZSK; alg = RSASHA256; key id = 18903
> microscopium.de

Secondarying DLZ zones

2015-09-07 Thread Robert Moskowitz 

It seems I have this working, but...

I have a regular Centos7 Bind 9.9 server that I want to secondary a 
Samba AD (Also Centos7) DLZ zone.


On the DNS server (192.168.192.5) I have:

zone "home.htt" {
type slave;
file "slaves/bak.home.htt";
masters {192.168.192.2; };
};

On the Samba AD I have:

dlz "AD DNS Zone" {
# For BIND 9.9.x
 database "dlopen /usr/lib/samba/bind9/dlz_bind9_9.so";
};

And it seems works.

On 192.168.192.2 I saw:

Sep  7 14:00:05 homebase named[1133]: client 192.168.192.5#51888 
(home.htt): transfer of 'home.htt/IN': AXFR started
Sep  7 14:00:05 homebase named[1133]: client 192.168.192.5#51888 
(home.htt): transfer of 'home.htt/IN': AXFR ended



On the DNS server, 192.168.192.5, I can resolve hosts in the home.htt zone.

But there is no slaves/bak.home.htt file.  Perhaps my notes are old from 
when I did this some years back (and static master zone), but I would 
think that there should be the slaves/bak.home.htt file?


I also need to implement Notify for changes to the home.htt zone.

thanks


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477

2015-09-07 Thread /dev/rob0 
On Mon, Sep 07, 2015 at 12:24:36PM +0300, stavrostseriotis wrote:
> I have a RedHat 5.11 machine and currently I am facing the issue 
> with BIND vulnerability CVE-2015-5477. I cannot update my BIND 
> using yum because I didn't install BIND from RedHat at the first 
> place so I need to do it manually.

Did you keep notes on what you did originally?  This would be an 
excellent time to refer to those notes.

> I downloaded the package of version 9.9.7-P2 from isc website but 
> since it is not an rpm file I have to build it myself.

Before you go any further you might as well grab the P3 version.
CVEs-2015-5722 & -5986 are fixed therein.  Granted those are not as 
serious as CVE-2015-5477 (which has a trivial exploit published), but 
it cannot hurt to have the later fixes.

I concur with the other posters; rpmbuild is the best way to deviate 
from Red Hat's own packages.  You will see that a contributor to this 
list maintains SRPMs for the latest BIND 9 releases.  With the SRPM 
and rpmbuild it's not much more effort to stay current than it is to 
"yum upgrade bind9" from Red Hat's repo of long-past-EOL software.

There's nothing wrong with such deviation; in fact it's extremely 
important to do so for your mission critical software.  But it 
requires a better understanding of the OS than you seem to have.

> I am wondering if you can give me a little guideline on how to 
> build and install the new version.

I would suggest that you invest some time in learning Red Hat basic 
administration skills, and with it some shell basics, and you will 
become able to diagnose and fix these problems on your own.

Good luck.
-- 
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477

2015-09-07 Thread Timothe Litt 
> Subject:
> Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477
> From:
> stavrostseriotis 
> Date:
> 07-Sep-15 05:24
>
> To:
> bind-users@lists.isc.org
>
>
> Hello,
>
>  
>
> I have a RedHat 5.11 machine and currently I am facing the issue with
> BIND vulnerability CVE-2015-5477. I cannot update my BIND using yum
> because I didn’t install BIND from RedHat at the first place so I need
> to do it manually.
>
> I downloaded the package of version 9.9.7-P2 from isc website but
> since it is not an rpm file I have to build it myself.
>
> I followed the instructions I found on website
> https://deepthought.isc.org/article/AA-00768/0/Getting-started-with-BIND-ho
> but it does not change the version of bind. I don’t know what I am
> doing wrong.
>
> I am wondering if you can give me a little guideline on how to build
> and install the new version.
>
>  
>
> Thank you
>
"does not change the version of bind" - as reported how?  By named -V? 
Or by a DNS query to version.bind CH TXT?

If the former, you probably have more than one named executable - with
the old one earlier in your PATH.  "which named" should help.  If the
latter, did you remember to restart named?  And did the restart
succeed?  And does your startup process have the same PATH as your
terminal?  (Often they do not.)

Re-read the instructions - and pay special attention to how you run
configure.  The default is to build/install in /usr/local/*bin - which
is not the default for most distributions' startup files.

I strongly recommend keeping track of each step as you build (a big
scrollback buffer helps).  Either write your own instructions, or turn
it into a script.  There are enough steps that it's easy to make a
mistake - and you will be re-building bind again to upgrade.  Plus, if
you ask for help, you will be able to provide the details of what you
did.  Without details of what you did and what you see, people can't
provide specific help.

Note that RedHat usually has a number of patches (often for SeLinux and
systemd) that you won't get if you build yourself from ISC sources. 

Or remove bind and switch to the RedHat version.  You're paying RedHat
to do the maintenance, so unless you have local patches or very special
requirements, you might as well let them do the work. 

Typically, if you really need the latest from ISC on RedHat you're
better off getting the SRC RPM from RedHat & modifying the rpmbuild
config file to fetch the latest ISC source, then build RPMs.  If you
stay with the same ISC code stream, you won't have too many patch
conflicts to resolve.  After you've done this once or twice, you'll want
to revisit you need for local changes - either decide they're not that
important, or offer them to ISC.  Maintaining a private version is work.

Timothe Litt
ACM Distinguished Engineer
--
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed. 





smime.p7s
Description: S/MIME Cryptographic Signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477

2015-09-07 Thread Reindl Harald 



Am 07.09.2015 um 11:24 schrieb stavrostseriotis:

I have a RedHat 5.11 machine and currently I am facing the issue with
BIND vulnerability CVE-2015-5477. I cannot update my BIND using yum
because I didn’t install BIND from RedHat at the first place so I need
to do it manually.

I downloaded the package of version 9.9.7-P2 from isc website but since
it is not an rpm file I have to build it myself.

I followed the instructions I found on website
https://deepthought.isc.org/article/AA-00768/0/Getting-started-with-BIND-ho
but it does not change the version of bind. I don’t know what I am doing
wrong.

I am wondering if you can give me a little guideline on how to build and
install the new version.


you need to install the new build at the same build-prefix as the 
running one while you from the begin should have built your own RPM with 
rpmbuild and a SPEC-file based on the redhat rpm-spec




signature.asc
Description: OpenPGP digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How are DNS Records added dynamically in DNS Servers?

2015-09-07 Thread Ken Peng 

Stephane, May I ask why not using outlook for email?

On 2015/9/7 星期一 18:09, Stephane Bortzmeyer wrote:

By not using outlook.com for email

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How are DNS Records added dynamically in DNS Servers?

2015-09-07 Thread Stephane Bortzmeyer 
On Mon, Sep 07, 2015 at 03:33:00PM +0530,
 Harshith Mulky  wrote 
 a message of 60 lines which said:

> How do System administrators add DNS Zone records in DNS Servers?

By not using outlook.com for email :-) No, I'm kidding, there are
several ways:

> Is there a specific way the records are added in DNS Servers dynamically?

* a program that you write in the langage of your choice. Every
programming langage has a DNS library and most allows dynamic updates.

* by using an already-written program which does dynamic updates. Many
DHCP servers can do so, for instance.

* using the shell with nsupdate:

#!/bin/sh

nsupdate -kKexample-dyn-update.+157+18685.private -d

Re: How are DNS Records added dynamically in DNS Servers?

2015-09-07 Thread Ken Peng 

sure. we use nsupdate for adding records dynamically.


On 2015/9/7 星期一 18:03, Harshith Mulky wrote:

Just a query,

How do System administrators add DNS Zone records in DNS Servers?

I do testing at campus, and I do everything, by manually adding the Records

Is there a specific way the records are added in DNS Servers dynamically?




___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

How are DNS Records added dynamically in DNS Servers?

2015-09-07 Thread Harshith Mulky 
Just a query,

How do System administrators add DNS Zone records in DNS Servers?

I do testing at campus, and I do everything, by manually adding the Records

Is there a specific way the records are added in DNS Servers dynamically?


  ___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477

2015-09-07 Thread stavrostseriotis 
Hello,

 

I have a RedHat 5.11 machine and currently I am facing the issue with BIND
vulnerability CVE-2015-5477. I cannot update my BIND using yum because I
didn't install BIND from RedHat at the first place so I need to do it
manually.

I downloaded the package of version 9.9.7-P2 from isc website but since it
is not an rpm file I have to build it myself.

I followed the instructions I found on website
https://deepthought.isc.org/article/AA-00768/0/Getting-started-with-BIND-ho
but it does not change the version of bind. I don't know what I am doing
wrong.

I am wondering if you can give me a little guideline on how to build and
install the new version.

 

Thank you

 

 



 



 

https://encrypted-tbn3.gstatic.com/images?q=tbn:ANd9GcS79CaU_8S9mEhkzaW9lc1m
vRchvB_mtZkfc1JH78T5dJvTx4sz

 

Cooperative Computer Society (S.E.M) Ltd

1306 Nicosia

P.O.B. 25037 CY

Tel: +357 22 553 300

Fax: +357 22 672 774

  www.semltd.com.cy

 

Stavros Tseriotis

Official D'

OS and Databases Management

  stavrostserio...@semltd.com.cy

 

 

 

 

 




The information in this e-mail and any of its attachments is confidential
and intended only for the individual to whom it is addressed. If you are
not the intended recipient you should immediately notify the sender and
delete the message and all of its attachments. Do not copy through
any means or use for any reason or reveal its content to anyone. This
message cannot be guaranteed to be secure or error-free or delivered
on time. The sender bears no responsibility for any virus, loss, disruption
or any other damage caused to the sender by the content of this email.
This email has been scanned by an antivirus.


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users