Hi skogzort, Nick Guenther wrote on Tue, Jul 29, 2008 at 01:05:52PM -0400: > On Tue, Jul 29, 2008 at 11:41 AM, skogzort <[EMAIL PROTECTED]> wrote:
>> I know nothing/very little about OpenBSD or UNIX. I have been tasked with >> updating our OpenBSD DNS server with a security fix (Vulnerability Note >> VU#800113- Multiple DNS implementations vulnerable to cache poisoning). That doesn't sound all too well. You have an OpenBSD server, but you have nobody knowing more than very little about UNIX? UNIX is easier to administer than Windows, but some learning will be required... Quite probably, your server might be terribly out of date. OpenBSD servers ought to be updated at least once a year. Please look at the first line of the output of dmesg(8). If the version number is lower than "OpenBSD 4.2", you should upgrade the base system before applying patches. In any case, you should establish a process for regular updates of the server. The best times to update are in May and November, just after the -stable releases. In my experience, updating twice a year is easier and less risky than just once: You get used to it. Regularly ordering the CDs and just upgrading from CD is the most convenient way to go. If your task is to maintain that server, carefully read http://www.openbsd.org/cgi-bin/cvsweb/src/etc/root/root.mail?rev=HEAD Have a quick look at the resources referenced there, just to get an impression what is available. The man pages, the FAQ and afterboot(8) are particularly useful. >> In order to do this it appears that I have to download the source code >> re-compile the entire OS. Recompiling the OS seems to involve a lot of >> steps. Don't compile the whole system from source unless you are actively hacking on the base system (which clearly you aren't) or unless you want to track -current using a single build for multiple servers. As others told you, each errata patch contains instructions what exactly must be rebuilt, and how. >> you don"t even have to reboot the server, That's indeed true in the present case, yes. After patching named, you must restart named, but rebooting would be useless. Of course, kernel patches require rebooting - which applies to Windows machines as well, by the way. ;-) Nick wrote: > OpenBSD is mostly designed as a monolithic kernel. Please stop spreading misleading advice. This has nothing to do with the kernel. (Hopefully, skogzort didn't start building kernels yet.) Yours, Ingo -- Ingo Schwarze <[EMAIL PROTECTED]> usta.de / studis.de system operation *** Can we get a bind9 kernel module for OpenBSD any time soon? ***
