Upgrading Bind9 on centos 4.7

I’ve just upgrading one of my dns server recently. Orginaly centos 4.7 using bind-9.2.4-30.el4_7.2. Although this version not affected by cache poisoning vulnerability. as Dan Kaminsky  announced a massive, multi-vendor issue with DNS that could allow attackers to compromise any name server. Here’s how to upgrade bind-9.2.4 to bind-9.5.0.

Download the SOURCE rpms

# wget http://patrick.vande-walle.eu/upload/bind-9.5.0-33.P1.src.rpm

Compile/Build source RPM

# rpm -Ivh bind-9.5.0-33.P1.src.rpm
# cd /usr/src/redhat/SPECS/
# vi bind.spec

find this lines

# configuration files:
tar -C ${RPM_BUILD_ROOT} -xf %{SOURCE28}

change it to

tar -C ${RPM_BUILD_ROOT} -xjf %{SOURCE28}

Source28 is tar.bz2 file so we need tar -xjf options

build the rpms

# rpmbuild -ba bind.spec

If nothing goes wrong with compilation we’ll get these files

/usr/src/redhat/SRPMS/bind-9.5.0-33.P1.src.rpm
/usr/src/redhat/RPMS/bind-9.5.0-33.P1.i386.rpm
/usr/src/redhat/RPMS/bind-sdb-9.5.0-33.P1.i386.rpm
/usr/src/redhat/RPMS/bind-libs-9.5.0-33.P1.i386.rpm
/usr/src/redhat/RPMS/bind-utils-9.5.0-33.P1.i386.rpm
/usr/src/redhat/RPMS/bind-devel-9.5.0-33.P1.i386.rpm
/usr/src/redhat/RPMS/bind-chroot-9.5.0-33.P1.i386.rpm

Don’t forget to backup our bind config files, in case there’s something wrong with new binary installation.

Upgrade only the RPMs what you have installed on our machine

# rpm -qa | grep "^bind"
bind-libs-9.2.4-30.el4_7.2
bind-devel-9.2.4-30.el4_7.2
bind-utils-9.2.4-30.el4_7.2
bind-9.2.4-30.el4_7.2
# rpm -Uvh bind-libs-9.5.0-33.P1.i386.rpm bind-devel-9.5.0-33.P1.i386.rpm bind-utils-9.5.0-33.P1.i386.rpm bind-9.5.0-33.P1.i386.rpm

Check the log and verify that everything is OK

that’s all

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *