Ted Mittelstaedt
2008-Jul-09 18:29 UTC
Here is how to fix your nameserver - was Re: BIND update?
Hi All, First, knock off the goddam posturing. Second, named is statically linked, so there is NO BIG FRAGGING DEAL with upgrading your nameserver. Here is how you do it: System: FreeBSD 6.3-RELEASE used as a nameserver Login and su to root cd /usr/ports/distfiles mkdir manual-build cd manual-build fetch http://ftp.isc.org/isc/bind9/9.3.5-P1/bind-9.3.5-P1.tar.gz gunzip bind-9.3.5-P1.tar tar xf bind-9.3.5-P1.tar cd bind-9.3.5-P1 ./configure --disable-openssl-version-check (NOTE: The OpenSSL included with FreeBSD 6.3-RELEASE is vulnerable to 4 security notifications, you should have patched it already) make rndc stop cd ./bin/named chmod u-w named mv /usr/sbin/named /usr/sbin/named.original mv named /usr/sbin/named cd .. cd rndc mv /usr/sbin/rndc /usr/sbin/rndc.original mv rndc /usr/sbin/rndc /usr/sbin/named -4 -c /etc/namedb/named.conf -t /var/named -u root tail /var/log/messages make sure messages has: starting BIND 9.3.5-P1 -4 -c /etc/namedb/named.conf -t /var/named -u root in it nslookup www.freebsd.org (tests) your done! named and rndc are both compiled with static libraries: liblwres.a libdns.a libbind9.a libisccfg.a libisccc.a libisc.a so there is no need to go replacing all of the resolver libraries and recompiling all the applications. The bug DOES NOT affect client applications that use the resolver libraries. This will get you going until FBSD 6.4 is out. Ted Mittelstaedt Author: The FreeBSD Corporate Networker's Guide