vulnerability of bind

Warren Kumari warren at
Tue Dec 14 19:08:40 UTC 2010

A question like this comes along avery few weeks....

Just download the latest bind source from: 
, configure, make, make test, install.

This is my cheat sheet (I do this every few months on ~10 servers -- I  
keep meaning to set up a puppet / similar script to take care of this  
for me, but never seem to manage to collect enough toits):

== Get source ==

Unzip / untar source.

   cd /usr/local/src/bind
   sudo wget

Now get and validate the GPG signature.
   sudo wget
   gpg --verify bind-9.7.2-P3.tar.gz.sha256.asc bind-9.7.2-P3.tar.gz

Assuming all is good:
   sudo tar -xvzf bind-9.7.2-P3.tar.gz
   sudo rm bind-9.7.2-P3.tar.gz.*
   sudo chown -R wkumari.wkumari bind-9.7.2-P3/

   cd bind-9.7.2-P3/

Make sure you have the required dependencies

   sudo apt-get install openssl libssl-dev gcc

And now build
   ./configure --with-openssl=yes --with-randomdev=/dev/urandom

And lets run some tests:
   make test

Check and install the new version:

   named -v
   which named
   make install
   named -v

Restart bind:
   sudo /etc/init.d/bind9 stop
   sudo /etc/init.d/bind9 start
   dig +dnssec @localhost


Obviously, replace the versions with something sane, and the user /  
check domain with something else...

Oh, also tell your package manager that you no longer want it to do,  
well, whatever it thinks it is doing...


On Dec 14, 2010, at 1:28 PM, fakessh @ wrote:

> Hash: SHA1
> hello bind network
> I just realized that my version of bind and vulnerable and I'm  
> wondering
> if by upgrading to version 9.5.2-P4 I would always be vulnerable
> i use centos 5.5 and use
> deposit
> thanks
> - --
> gpg --keyserver --recv-key 092164A7
> Version: GnuPG v1.4.5 (GNU/Linux)
> Comment: Using GnuPG with Fedora -
> iD8DBQFNB7dLtXI/OwkhZKcRAhA7AJ9P5y0Lp5KpX3rNmas4rEnNX33FMwCfdQUq
> =jhLX
> _______________________________________________
> bind-users mailing list
> bind-users at

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list