updating bind

[Invader Zim]

When you have a brand-new server and you run the DA install script, it supposedly installs all the software prerequisites you need. And as far as I can tell, it does. It also installs bind.

Earlier this year (in March) I installed a new server. Installed DA. DA installed BIND 9.16.23. BIND 9.16.23 was released on January 25, 2023. Isn't it about time for something new since the 9.16 branch has been end of life since April 2024?

With a tool as important as bind, I'd have to screw it up on all of our servers, but I can't find any information anywhere. Are there things to be aware of when manually updating/upgrading bind to the latest version? Especially with

CVE-2025-40778​

and

CVE-2025-40780​

 

[Richard G]

Isn't it about time for something new since the 9.16 branch has been end of life since April 2024?

Bind is installed by DA installation but is -not- part of DA it's part of the OS.
So if you want OS packages updated, you need to update your OS. I'm not sure if this can be done by the Custombuild GUI too, I thought yes, but I never use the GUI.

On RHEL and related, login to your system via SSH as root and provide the following commands:
dnf check-update
which will show you which packages can be updated.
After that use this command to update them:
dnf update
and things should be updated.

Be aware that because bind is installed OS related, the OS can provide security packages for OS packages until the OS goes EOL. So a Bind version used being EOL does not mean it's not supported by the OS anymore.

In RHEL9 and related, you should be able to have BIND 9.16.23-RH (Extended Support Version) running now.
Older OS could mean older Bind version.

 

[Ohm J]

It's security fixed by OS Provider ( backporting ).