Sep 132009
 

I’ve just upgrading one of my dns server recently. Orginaly centos 4.7 using bind-9.2.4-30.el4_7.2. Although this version not affected by cache poisoning vulnerability. as Dan Kaminsky¬† announced a massive, multi-vendor issue with DNS that could allow attackers to compromise any name server. Here’s how to upgrade bind-9.2.4 to bind-9.5.0.

Download the SOURCE rpms

# wget http://patrick.vande-walle.eu/upload/bind-9.5.0-33.P1.src.rpm

Compile/Build source RPM

# rpm -Ivh bind-9.5.0-33.P1.src.rpm
# cd /usr/src/redhat/SPECS/
# vi bind.spec

find this lines

# configuration files:
tar -C ${RPM_BUILD_ROOT} -xf %{SOURCE28}

change it to

tar -C ${RPM_BUILD_ROOT} -xjf %{SOURCE28}

Source28 is tar.bz2 file so we need tar -xjf options

build the rpms

# rpmbuild -ba bind.spec

If nothing goes wrong with compilation we’ll get these files

/usr/src/redhat/SRPMS/bind-9.5.0-33.P1.src.rpm
/usr/src/redhat/RPMS/bind-9.5.0-33.P1.i386.rpm
/usr/src/redhat/RPMS/bind-sdb-9.5.0-33.P1.i386.rpm
/usr/src/redhat/RPMS/bind-libs-9.5.0-33.P1.i386.rpm
/usr/src/redhat/RPMS/bind-utils-9.5.0-33.P1.i386.rpm
/usr/src/redhat/RPMS/bind-devel-9.5.0-33.P1.i386.rpm
/usr/src/redhat/RPMS/bind-chroot-9.5.0-33.P1.i386.rpm

Don’t forget to backup our bind config files, in case there’s something wrong with new binary installation.

Upgrade only the RPMs what you have installed on our machine

# rpm -qa | grep "^bind"
bind-libs-9.2.4-30.el4_7.2
bind-devel-9.2.4-30.el4_7.2
bind-utils-9.2.4-30.el4_7.2
bind-9.2.4-30.el4_7.2
# rpm -Uvh bind-libs-9.5.0-33.P1.i386.rpm bind-devel-9.5.0-33.P1.i386.rpm bind-utils-9.5.0-33.P1.i386.rpm bind-9.5.0-33.P1.i386.rpm

Check the log and verify that everything is OK

that’s all

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

*