Re: New BIND 4 & 8 Vulnerabilities
On Wed, Nov 13, 2002 at 02:26:25PM +1100, Jason Lim wrote:
> We're still on named 8.3.3-REL-NOESW (currently in stable).
> Is it much of a headache to upgrade to 9.2.x? Any particular procedure
> or guide you followed that could be read somewhere?
it's pretty straight-forward. nowhere near the problem it was in
earlier releases of bind 9.0 and 9.1
you have to do something like "chmod -R a+rX /var/cache/bind" so that
user 'bind' can read the zonefiles. you also have to enable write
access in the case of secondary zonefiles and named dump files (e.g. put
secondaries in a subdirectory and make only that subdir writable by user
bind). dynamic updated zonefiles also have to be writable by bind.
(actually, bind9 9.2.1-2.woody.1 in stable doesn't run as user 'bind',
it still runs as root. only bind 9.2.x in unstable runs as bind. i
discovered that when i upgraded a woody server today to woody's bind9)
bind9-doc has a migration file in /usr/share/doc/bind9-doc/misc/ which
explains the differences. it's stricter in enforcing RFC compliance.
craig sanders <firstname.lastname@example.org>
Fabricati Diem, PVNC.
-- motto of the Ankh-Morpork City Watch