I’ve just upgrading one of my dns server recently. Orginaly centos 4.7 using bind-9.2.4-30.el4_7.2. Although this version not affected by cache poisoning vulnerability. as Dan Kaminsky announced a massive, multi-vendor issue with DNS that could allow attackers to compromise any name server. Here’s how to upgrade bind-9.2.4 to bind-9.5.0.
Download the SOURCE rpms
# wget http://patrick.vande-walle.eu/upload/bind-9.5.0-33.P1.src.rpm
Compile/Build source RPM
# rpm -Ivh bind-9.5.0-33.P1.src.rpm # cd /usr/src/redhat/SPECS/ # vi bind.spec
find this lines
# configuration files:
tar -C ${RPM_BUILD_ROOT} -xf %{SOURCE28}
change it to
tar -C ${RPM_BUILD_ROOT} -xjf %{SOURCE28}
Source28 is tar.bz2 file so we need tar -xjf options
build the rpms
# rpmbuild -ba bind.spec
If nothing goes wrong with compilation we’ll get these files
/usr/src/redhat/SRPMS/bind-9.5.0-33.P1.src.rpm /usr/src/redhat/RPMS/bind-9.5.0-33.P1.i386.rpm /usr/src/redhat/RPMS/bind-sdb-9.5.0-33.P1.i386.rpm /usr/src/redhat/RPMS/bind-libs-9.5.0-33.P1.i386.rpm /usr/src/redhat/RPMS/bind-utils-9.5.0-33.P1.i386.rpm /usr/src/redhat/RPMS/bind-devel-9.5.0-33.P1.i386.rpm /usr/src/redhat/RPMS/bind-chroot-9.5.0-33.P1.i386.rpm
Don’t forget to backup our bind config files, in case there’s something wrong with new binary installation.
Upgrade only the RPMs what you have installed on our machine
# rpm -qa | grep "^bind" bind-libs-9.2.4-30.el4_7.2 bind-devel-9.2.4-30.el4_7.2 bind-utils-9.2.4-30.el4_7.2 bind-9.2.4-30.el4_7.2
# rpm -Uvh bind-libs-9.5.0-33.P1.i386.rpm bind-devel-9.5.0-33.P1.i386.rpm bind-utils-9.5.0-33.P1.i386.rpm bind-9.5.0-33.P1.i386.rpm
Check the log and verify that everything is OK
that’s all