Am 08.09.2015 um 06:46 schrieb stavrostseriotis:
Ok here is what I did: ·After extracting the package I looked out at directories */usr/local/bin *and */usr/local/sbin *as mentioned in the procedure but I found that there are no files there.
man updatedb man locate
·I run *configure* command *without openssl* because I had trouble with the openssl library when it was enabled. Also since I am not currently using DNSSEC I guess that this is not a problem.
confiure pretty sure says what install prefix is used
·Then I run *make* and I didn’t get any error. ·I run *make install* and I didn’t get any error again. ·Stopped named service ·I copied the /etc/named.conf file and then created another empty file as instructed with the correct permissions. ·Started named service. It started normally without any error and also the process that was up is the same as before. ·When I do *named –V* and also *rpm –q bind* I still see the same versions as before. Yes I know that if I was using the RedHat package I wouldn’t had this problem because I already do this for other linux machines. Just this machine is old and when it was configured to work as nameserver the guys did it this way. Now we are in the process to build a new machine for nameserver with RedHat subscription and everything but until that happens it will be best if we can get rid of this security vulnerability cause I don’t know how long it will take. Thank you for your responses. *From:*bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] *On Behalf Of *Timothe Litt *Sent:* Monday, September 07, 2015 2:29 PM *To:* bind-users@lists.isc.org *Subject:* Re: Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477 Subject: Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477 From: stavrostseriotis <stavrostserio...@semltd.com.cy> <mailto:stavrostserio...@semltd.com.cy> Date: 07-Sep-15 05:24 To: bind-users@lists.isc.org <mailto:bind-users@lists.isc.org> Hello, I have a RedHat 5.11 machine and currently I am facing the issue with BIND vulnerability CVE-2015-5477. I cannot update my BIND using yum because I didn’t install BIND from RedHat at the first place so I need to do it manually. I downloaded the package of version 9.9.7-P2 from isc website but since it is not an rpm file I have to build it myself. I followed the instructions I found on website https://deepthought.isc.org/article/AA-00768/0/Getting-started-with-BIND-ho but it does not change the version of bind. I don’t know what I am doing wrong. I am wondering if you can give me a little guideline on how to build and install the new version. Thank you "does not change the version of bind" - as reported how? By named -V? Or by a DNS query to version.bind CH TXT? If the former, you probably have more than one named executable - with the old one earlier in your PATH. "which named" should help. If the latter, did you remember to restart named? And did the restart succeed? And does your startup process have the same PATH as your terminal? (Often they do not.) Re-read the instructions - and pay special attention to how you run configure. The default is to build/install in /usr/local/*bin - which is not the default for most distributions' startup files. I strongly recommend keeping track of each step as you build (a big scrollback buffer helps). Either write your own instructions, or turn it into a script. There are enough steps that it's easy to make a mistake - and you will be re-building bind again to upgrade. Plus, if you ask for help, you will be able to provide the details of what you did. Without details of what you did and what you see, people can't provide specific help. Note that RedHat usually has a number of patches (often for SeLinux and systemd) that you won't get if you build yourself from ISC sources. Or remove bind and switch to the RedHat version. You're paying RedHat to do the maintenance, so unless you have local patches or very special requirements, you might as well let them do the work. Typically, if you really need the latest from ISC on RedHat you're better off getting the SRC RPM from RedHat & modifying the rpmbuild config file to fetch the latest ISC source, then build RPMs. If you stay with the same ISC code stream, you won't have too many patch conflicts to resolve. After you've done this once or twice, you'll want to revisit you need for local changes - either decide they're not that important, or offer them to ISC. Maintaining a private version is work.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users