Sep 132009

I’ve just upgrading one of my dns server recently. Orginaly centos 4.7 using bind-9.2.4-30.el4_7.2. Although this version not affected by cache poisoning vulnerability. as Dan Kaminsky¬† announced a massive, multi-vendor issue with DNS that could allow attackers to compromise any name server. Here’s how to upgrade bind-9.2.4 to bind-9.5.0.

Download the SOURCE rpms

# wget

Compile/Build source RPM

# rpm -Ivh bind-9.5.0-33.P1.src.rpm
# cd /usr/src/redhat/SPECS/
# vi bind.spec

find this lines

# configuration files:
tar -C ${RPM_BUILD_ROOT} -xf %{SOURCE28}

change it to

tar -C ${RPM_BUILD_ROOT} -xjf %{SOURCE28}

Source28 is tar.bz2 file so we need tar -xjf options

build the rpms

# rpmbuild -ba bind.spec

If nothing goes wrong with compilation we’ll get these files


Don’t forget to backup our bind config files, in case there’s something wrong with new binary installation.

Upgrade only the RPMs what you have installed on our machine

# rpm -qa | grep "^bind"
# rpm -Uvh bind-libs-9.5.0-33.P1.i386.rpm bind-devel-9.5.0-33.P1.i386.rpm bind-utils-9.5.0-33.P1.i386.rpm bind-9.5.0-33.P1.i386.rpm

Check the log and verify that everything is OK

that’s all

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>