Update to Bind?

[Henrik]

Hello,


I have seen that there's some kind of DNS (protocol) flaw out there [link], and I've seen that BIND on other systems update (via yum), however not Bind on a DirectAdmin box (CentOS 4).

The exclude (in yum.conf) has this in it:
apache* httpd* mod_* mysql* MySQL* da_* *ftp* exim* sendmail* php* bind* bind-chroot*.

Is Bind updated over DirectAdmin, or?

Thanks for any advice

 

[JDiel]

I'd really like to know this too! Please have a look at this site: http://www.isc.org/index.pl?/sw/bind/index.php - here you can find patches for this problem, I'd like to know when I apply this patch/update will we lose records or not.

Thanks in advance,

Regards, Jeroen.

 

[xmats]

I've emailed support about this issue. I'll post any response here.

 

[welch]

Since DNS is installed as an RPM anyway, i removed the bind* and left the chroot option in the yum.conf, updated bind, and then added it back, and it seems to be working ok. Updated all our Caching, Authoritative, and Mail servers today and had no problem.

 

[Henrik]

Would be nice with a comment from Direct Admin themselves

 

[DirectAdmin Support]

Hello,

Bind isn't one of our compiled sources, we always use the standard distributed binaries.

So you can edit the yum config and remove bind from the skiplist.
Do not remove bind-chroot as you don't want that.

So update bind using your OS's standard package installer. (yum, apt-get, dpkg, pkg_add, etc), or if you find new packages online, they'll be fine as well. You can compile it yourself if you feel adventurous.. I've tried it once and it wasn't pleasant (I didn't rtfm though)

bind isn't something we provide updates for (it's not on our service install list)

John

 

[xmats]

yum update didn't work out that smoothly for me..

Updating : bind-libs [ 1/10]
Updating : selinux-policy [ 2/10]
Updating : bind-utils [ 3/10]
Updating : bind [ 4/10]

warning: /etc/rc.d/init.d/named saved as /etc/rc.d/init.d/named.rpmsave

Renamed named.rpmsave to named and everything works again. This was CentOS 5.2.

 

[DirectAdmin Support]

For rpm based boxes, the boot script can be retrieved by using:

wget -O /etc/init.d/named http://www.directadmin.com/named
chmod 755 /etc/init.d/named

Type

/etc/init.d/named

to see why it isn't starting, and check the /var/log/messages for any errors/clues.

John

 

[JDiel]

Debian DNS Fix

Hi all,

Here is what I did to update and check my DNS servers on Debian Sarge:

apt-get update
apt-get install bind9

It automatically starts the DNS server again, when you've updated it check it at http://www.doxpara.com - You should get something like this:

Your name server, at 81.171.xxx.xxx appears to be safe.Requests seen for 7ff19038fc57.toorrr.com:
81.171.xxx.xxx:65239 TXID=54293
81.171.xxx.xxx:21426 TXID=43906
81.171.xxx.xxx0:39299 TXID=1344
81.171.xxx.xxx:24794 TXID=45504
81.171.xxx.xxx:17799 TXID=55521

This might also work on Ubuntu! (not tested)

Regards,

 

[Henrik]

Issuing "yum update" gives the following error (this morning):

Loading "fastestmirror" plugin
Setting up Update Process
Setting up repositories
http://ftp-stud.fht-esslingen.de/dag/redhat/el4/en/i386/fabian/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found
Trying other mirror.
http://fr2.rpmfind.net/linux/dag/redhat/el4/en/i386/fabian/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found
Trying other mirror.
http://apt.sw.be/redhat/el4/en/i386/fabian/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found
Trying other mirror.
Cannot open/read repomd.xml file for repository: rpmforge
failure: repodata/repomd.xml from rpmforge: [Errno 256] No more mirrors to try.
Error: failure: repodata/repomd.xml from rpmforge: [Errno 256] No more mirrors to try.

Oh joy

Anyone else seeing this?


EDIT: It worked okay now, it was malfunctioning all morning up until this moment.

 

[chatwizrd]

All those mirrors are bad. It tells you that the files its looking for do not exist. You will have to get a new list of mirrors.

 

[Henrik]

Well, it automatically solved itself. Have seen this a few times before, but it was not very convenient this time around

 

[jlandes]

My exclude line looks like this:

exclude=apache* httpd* mod_* mysql* MySQL* da_* *ftp* exim* sendmail* php* named*

When I run "yum update" I get no packages marked for update. When I check the Bind version, I see:

BIND 9.2.4

Am I doing something wrong? I should mention that I'm on CentOS 4.6 and my kernel version is 2.6.9-67.0.15.

 

[roly]

My exclude line looks like this:

exclude=apache* httpd* mod_* mysql* MySQL* da_* *ftp* exim* sendmail* php* named*

When I run "yum update" I get no packages marked for update. When I check the Bind version, I see:

BIND 9.2.4

Am I doing something wrong? I should mention that I'm on CentOS 4.6 and my kernel version is 2.6.9-67.0.15.

you have named in your exclude list

 

[Dravu]

For some reason, when I updated via yum, it just updated to 9.2.4. Isn't that version still affected and aren't there later versions in the 9.2.x series? When trying to update again, it says there aren't anymore updates, so I guess it wants to keep me stuck at 9.2.4.

 

[jlandes]

I'm a little confused. According to this post http://www.directadmin.com/forum/showthread.php?t=19757, DirectAdmin by default possibly includes named in the /etc/yum.conf file. Should it really not be there? What should the exclude line really have in it?

 

[Henrik]

For some reason, when I updated via yum, it just updated to 9.2.4. Isn't that version still affected and aren't there later versions in the 9.2.x series? When trying to update again, it says there aren't anymore updates, so I guess it wants to keep me stuck at 9.2.4.

Hi, according to the security advisory, bind-9.2.4-28.0.1 is the new version.

Hope that helps


EDIT. This is for CentOS 4, I might add.

 

[eagle]

Makes you wonder why named is in the exclude list to begin with

 

[__co__]

Do not remove bind-chroot as you don't want that.

Although I have bind-chroot in the yum exclude list, it still is installed:

# rpm -qa | grep bind
bind-9.3.3-7.el5
bind-chroot-9.3.3-7.el5
bind-utils-9.3.3-7.el5
bind-libs-9.3.3-7.el5

Is it OK to uninstall the bind-chroot package or will this break things? Since 9.3.3 is vulnerable I want to upgrade asap.

 

[Dravu]

Although I have bind-chroot in the yum exclude list, it still is installed:



Is it OK to uninstall the bind-chroot package or will this break things? Since 9.3.3 is vulnerable I want to upgrade asap.

I would just go ahead and do the update without uninstalling bind-chroot. It wasn't on the exclude list for yum on my server and it still apparently gets updated without causing issues:

# rpm -qa | grep bind
bind-chroot-9.2.4-28.0.1.el4
bind-libs-9.2.4-28.0.1.el4
bind-9.2.4-28.0.1.el4
ypbind-1.17.2-13
bind-utils-9.2.4-28.0.1.el4