Ted Mittelstaedt
2008-Jul-09 18:52 UTC
Here is how to fix your nameserver - was Re: BIND update?
Hi All, OK, slight addition to this:> -----Original Message----- > From: Ted Mittelstaedt [mailto:tedm@ipinc.net] > Sent: Wednesday, July 09, 2008 10:59 AM > To: 'freebsd-security@freebsd.org' > Subject: Here is how to fix your nameserver - was Re: BIND update? > > > > > System: FreeBSD 6.3-RELEASE used as a nameserver > > Login and su to root > > cd /usr/ports/distfiles > > mkdir manual-build > > cd manual-build > > fetch http://ftp.isc.org/isc/bind9/9.3.5-P1/bind-9.3.5-P1.tar.gz > > gunzip bind-9.3.5-P1.tar > > tar xf bind-9.3.5-P1.tar > > cd bind-9.3.5-P1 > > ./configure --disable-openssl-version-check (NOTE: The > OpenSSL included with FreeBSD 6.3-RELEASE is vulnerable to 4 > security notifications, you should have patched it already) > > make > > rndc stop > > cd ./bin/named > > chmod u-w named > > mv /usr/sbin/named /usr/sbin/named.original > > mv named /usr/sbin/named > > cd .. > > cd rndc > > mv /usr/sbin/rndc /usr/sbin/rndc.original > mv rndc /usr/sbin/rndc >cd /var/named/etc cp /var/named/etc/namedb/rndc.key .> /usr/sbin/named -4 -c /etc/namedb/named.conf -t /var/named -u root > > tail /var/log/messages > > make sure messages has: > starting BIND 9.3.5-P1 -4 -c /etc/namedb/named.conf -t > /var/named -u root in it > > nslookup www.freebsd.org > (tests) > > your done! > > named and rndc are both compiled with static libraries: > liblwres.a libdns.a libbind9.a libisccfg.a libisccc.a libisc.a > > so there is no need to go replacing all of the resolver > libraries and recompiling all the applications. The bug DOES > NOT affect client applications that use the resolver libraries. > > This will get you going until FBSD 6.4 is out. > > > Ted Mittelstaedt > Author: The FreeBSD Corporate Networker's Guide > >