[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: New BIND 4 & 8 Vulnerabilities

On Wed, Nov 13, 2002 at 02:26:25PM +1100, Jason Lim wrote:
> We're still on named 8.3.3-REL-NOESW (currently in stable).
> Is it much of a headache to upgrade to 9.2.x? Any particular procedure
> or guide you followed that could be read somewhere?

it's pretty straight-forward.  nowhere near the problem it was in
earlier releases of bind 9.0 and 9.1

you have to do something like "chmod -R a+rX /var/cache/bind" so that
user 'bind' can read the zonefiles.  you also have to enable write
access in the case of secondary zonefiles and named dump files (e.g. put
secondaries in a subdirectory and make only that subdir writable by user
bind).  dynamic updated zonefiles also have to be writable by bind.

(actually, bind9 9.2.1-2.woody.1 in stable doesn't run as user 'bind',
it still runs as root.  only bind 9.2.x in unstable runs as bind.  i
discovered that when i upgraded a woody server today to woody's bind9)

bind9-doc has a migration file in /usr/share/doc/bind9-doc/misc/ which
explains the differences.  it's stricter in enforcing RFC compliance.


craig sanders <cas@taz.net.au>

Fabricati Diem, PVNC.
 -- motto of the Ankh-Morpork City Watch

Reply to: