Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 9 Jul 2008 11:46:07 -0700
From:      "Ted Mittelstaedt" <tedm@ipinc.net>
To:        <freebsd-security@freebsd.org>
Subject:   RE: Here is how to fix your nameserver - was Re: BIND update?
Message-ID:  <26A784931556478F8BB9615AA6408FFA@tedsdesk>
next in thread | raw e-mail | index | archive | help 

Hi All,

  OK, slight addition to this:


> -----Original Message-----
> From: Ted Mittelstaedt [mailto:tedm@ipinc.net] 
> Sent: Wednesday, July 09, 2008 10:59 AM
> To: 'freebsd-security@freebsd.org'
> Subject: Here is how to fix your nameserver - was Re: BIND update?
> 
> 
>
> 
> System:  FreeBSD 6.3-RELEASE  used as a nameserver
> 
> Login and su to root
> 
> cd /usr/ports/distfiles
> 
> mkdir manual-build
> 
> cd manual-build
> 
> fetch http://ftp.isc.org/isc/bind9/9.3.5-P1/bind-9.3.5-P1.tar.gz
> 
> gunzip bind-9.3.5-P1.tar
> 
> tar xf bind-9.3.5-P1.tar
> 
> cd bind-9.3.5-P1
> 
> ./configure --disable-openssl-version-check  (NOTE:  The 
> OpenSSL included with FreeBSD 6.3-RELEASE is vulnerable to 4 
> security notifications, you should have patched it already)
> 
> make
> 
> rndc stop
> 
> cd ./bin/named
> 
> chmod u-w named
> 
> mv /usr/sbin/named /usr/sbin/named.original
> 
> mv named /usr/sbin/named
> 
> cd ..
> 
> cd rndc
> 
> mv /usr/sbin/rndc  /usr/sbin/rndc.original
> mv rndc /usr/sbin/rndc
> 

cd /var/named/etc
cp /var/named/etc/namedb/rndc.key .

> /usr/sbin/named -4 -c /etc/namedb/named.conf -t /var/named -u root
> 
> tail /var/log/messages
> 
> make sure messages has:
> starting BIND 9.3.5-P1 -4 -c /etc/namedb/named.conf -t 
> /var/named -u root in it
> 
> nslookup www.freebsd.org
> (tests)
> 
> your done!
> 
> named and rndc are both compiled with static libraries: 
> liblwres.a libdns.a libbind9.a libisccfg.a libisccc.a libisc.a
> 
> so there is no need to go replacing all of the resolver 
> libraries and recompiling all the applications.  The bug DOES 
> NOT affect client applications that use the resolver libraries.
> 
>   This will get you going until FBSD 6.4 is out.
> 
> 
> Ted Mittelstaedt
> Author:  The FreeBSD Corporate Networker's Guide
> 
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?26A784931556478F8BB9615AA6408FFA>