A question like this comes along avery few weeks
Just download the latest bind source from: http://www.isc.org/software/bind
, configure, make, make test, install.
This is my cheat sheet (I do this every few months on ~10 servers -- I
keep meaning to set up a puppet / similar script to take care of this
for me, but never seem to manage to collect enough toits):
-
== Get source ==
ftp://ftp.isc.org/isc/bind9/
Unzip / untar source.
cd /usr/local/src/bind
sudo wget ftp://ftp.isc.org/isc/bind9/9.7.2-P3/bind-9.7.2-P3.tar.gz
Now get and validate the GPG signature.
sudo wget ftp://ftp.isc.org/isc/bind9/9.7.2-P3/bind-9.7.2-P3.tar.gz.sha256.asc
gpg --verify bind-9.7.2-P3.tar.gz.sha256.asc bind-9.7.2-P3.tar.gz
Assuming all is good:
sudo tar -xvzf bind-9.7.2-P3.tar.gz
sudo rm bind-9.7.2-P3.tar.gz.*
sudo chown -R wkumari.wkumari bind-9.7.2-P3/
cd bind-9.7.2-P3/
Make sure you have the required dependencies
sudo apt-get install openssl libssl-dev gcc
And now build
./configure --with-openssl=yes --with-randomdev=/dev/urandom
make
And lets run some tests:
make test
Check and install the new version:
named -v
which named
make install
named -v
Restart bind:
sudo /etc/init.d/bind9 stop
sudo /etc/init.d/bind9 start
dig www.kumari.net +dnssec @localhost
Obviously, replace the versions with something sane, and the user /
check domain with something else...
Oh, also tell your package manager that you no longer want it to do,
well, whatever it thinks it is doing...
W
On Dec 14, 2010, at 1:28 PM, fakessh @ wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
hello bind network
I just realized that my version of bind and vulnerable and I'm
wondering
if by upgrading to version 9.5.2-P4 I would always be vulnerable
i use centos 5.5 and use
http://www.pramberger.at/peter/services/repository/rhel5/ deposit
thanks
- --
http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x092164A7
gpg --keyserver pgp.mit.edu --recv-key 092164A7
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iD8DBQFNB7dLtXI/OwkhZKcRAhA7AJ9P5y0Lp5KpX3rNmas4rEnNX33FMwCfdQUq
Bg9aAabFVLPFYYk8zLeTLUE=
=jhLX
-END PGP SIGNATURE-
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users