<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div class="moz-cite-prefix">On 08-Sep-15 00:46, stavrostseriotis
wrote:<br>
</div>
<blockquote cite="mid:002f01d0e9f1$460c8480$d2258d80$@semltd.com.cy"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:black;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1624384071;
mso-list-type:hybrid;
mso-list-template-ids:2030843542 67633153 67633155 67633157 67633153 67633155 67633157 67633153 67633155 67633157;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"
lang="EN-US">Ok here is what I did:<o:p></o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:Symbol;color:black"
lang="EN-US"><span style="mso-list:Ignore">·<span
style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"
lang="EN-US">After extracting the package I looked out at
directories </span><b><span lang="EN-US">/usr/local/bin </span></b><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"
lang="EN-US">and </span><b><span lang="EN-US">/usr/local/sbin
</span></b><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"
lang="EN-US">as mentioned in the procedure but I found that
there are no files there</span><span lang="EN-US">.</span><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"
lang="EN-US"><o:p></o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:Symbol;color:black"
lang="EN-US"><span style="mso-list:Ignore">·<span
style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"
lang="EN-US">I run <b>configure</b> command <b>without
openssl</b> because I had trouble with the openssl library
when it was enabled. Also since I am not currently using
DNSSEC I guess that this is not a problem.<o:p></o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:Symbol;color:black"
lang="EN-US"><span style="mso-list:Ignore">·<span
style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"
lang="EN-US">Then I run <b>make</b> and I didn’t get any
error.<o:p></o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:Symbol;color:black"
lang="EN-US"><span style="mso-list:Ignore">·<span
style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"
lang="EN-US">I run <b>make install</b> and I didn’t get any
error again.<o:p></o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:Symbol;color:black"
lang="EN-US"><span style="mso-list:Ignore">·<span
style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"
lang="EN-US">Stopped named service<o:p></o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:Symbol;color:black"
lang="EN-US"><span style="mso-list:Ignore">·<span
style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"
lang="EN-US">I copied the /etc/named.conf file and then
created another empty file as instructed with the correct
permissions.<o:p></o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:Symbol;color:black"
lang="EN-US"><span style="mso-list:Ignore">·<span
style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"
lang="EN-US">Started named service. It started normally
without any error and also the process that was up is the
same as before.<o:p></o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:Symbol;color:black"
lang="EN-US"><span style="mso-list:Ignore">·<span
style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"
lang="EN-US">When I do <b>named –V</b> and also <b>rpm –q
bind</b> I still see the same versions as before.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"
lang="EN-US">Yes I know that if I was using the RedHat
package I wouldn’t had this problem because I already do
this for other linux machines. Just this machine is old and
when it was configured to work as nameserver the guys did it
this way. Now we are in the process to build a new machine
for nameserver with RedHat subscription and everything but
until that happens it will be best if we can get rid of this
security vulnerability cause I don’t know how long it will
take.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"
lang="EN-US">Thank you for your responses.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"
lang="EN-US"><o:p> </o:p></span></p>
</div>
</blockquote>
You are not making it easy to diagnose your problem. The exact
commands that you are using and command output are missing.<br>
<br>
From your description, you successfully built named and installed it
- somewhere.<br>
<br>
You are not running the image that you built. To confirm the
version of what you built, from the build directory you can run
"./bin/named/named -V" This will also show us the configure
options, including where it should have been installed.<br>
<br>
If the process has the same ID, you didn't successfully stop the old
named. This can happen if you have a mix of RedHat and non-RedHat
startup (init) files. <br>
<br>
If rpq -q bind shows a version, then there is a RedHat package on
the system & you are trying to supersede it. You probably are
using the RedHat startup files, which may be different from what you
expect. As I wrote previously, the startup environment may have a
different PATH from your terminal.<br>
<br>
You should have stopped named BEFORE running make install.<br>
<br>
Please provide the output of at least:<br>
named -V; echo $PATH; (build-directory)/bin/named/named -V;
systemctl status named.service; find / -xdev -type f -name named -ls<br>
<br>
A few lines from make install should confirm that the new file is
being installed where you expect it.<br>
<br>
lsof -p (named's pid) will confirm which image is actually running.<br>
<br>
systemctl show --all named.service will show what service you're
trying to start.<br>
systemctl status named.service should match<br>
<br>
Or run service named status & look in /etc/init.d/named if
you're not running systemd/named is a SYSV script on your version of
RedHat.<br>
<br>
You should not have trouble building with openssl. Make sure that
you have the openssl-dev RPMs installed. Don't try to build that
from source; RedHat heavily patches it & other packages depend
on the changes.<br>
<br>
Switching to the RedHat version of named may be your best option.
This should not be difficult; make uninstall; yum install; edit the
config. Depending on how your predecessors did things, you may need
to yum remove first, possibly with --force.<br>
<br>
<br>
<pre>Timothe Litt<o:p></o:p></pre>
<pre>ACM Distinguished Engineer<o:p></o:p></pre>
<pre>--------------------------<o:p></o:p></pre>
<pre>This communication may not represent the ACM or my employer's views,<o:p></o:p></pre>
<pre>if any, on the matters discussed. </pre>
<br>
<blockquote cite="mid:002f01d0e9f1$460c8480$d2258d80$@semltd.com.cy"
type="cite">
<div class="WordSection1">
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"
lang="EN-US">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"
lang="EN-US"> <a class="moz-txt-link-abbreviated" href="mailto:bind-users-bounces@lists.isc.org">bind-users-bounces@lists.isc.org</a>
[<a class="moz-txt-link-freetext" href="mailto:bind-users-bounces@lists.isc.org">mailto:bind-users-bounces@lists.isc.org</a>] <b>On Behalf
Of </b>Timothe Litt<br>
<b>Sent:</b> Monday, September 07, 2015 2:29 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
<b>Subject:</b> Re: Install BIND 9.9.7-P2 to fix
vulnerability CVE-2015-5477<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<table class="MsoNormalTable" style="width:100.0%"
border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td style="padding:0cm 0cm 0cm 0cm">
<div>
<p class="MsoNormal">Subject: <o:p></o:p></p>
</div>
<p class="MsoNormal">Install BIND 9.9.7-P2 to fix
vulnerability CVE-2015-5477<o:p></o:p></p>
</td>
</tr>
<tr>
<td style="padding:0cm 0cm 0cm 0cm">
<div>
<p class="MsoNormal">From: <o:p></o:p></p>
</div>
<p class="MsoNormal">stavrostseriotis <a
moz-do-not-send="true"
href="mailto:StavrosTseriotis@semltd.com.cy"><a class="moz-txt-link-rfc2396E" href="mailto:StavrosTseriotis@semltd.com.cy"><StavrosTseriotis@semltd.com.cy></a></a><o:p></o:p></p>
</td>
</tr>
<tr>
<td style="padding:0cm 0cm 0cm 0cm">
<div>
<p class="MsoNormal">Date: <o:p></o:p></p>
</div>
<p class="MsoNormal">07-Sep-15 05:24<o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span style="display:none"><o:p> </o:p></span></p>
<table class="MsoNormalTable" style="width:100.0%"
border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td style="padding:0cm 0cm 0cm 0cm">
<div>
<p class="MsoNormal">To: <o:p></o:p></p>
</div>
<p class="MsoNormal"><a moz-do-not-send="true"
href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
lang="EN-US">Hello,</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
lang="EN-US">I have a RedHat 5.11 machine and currently
I am facing the issue with BIND vulnerability
CVE-2015-5477. I cannot update my BIND using yum because
I didn’t install BIND from RedHat at the first place so
I need to do it manually.</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
lang="EN-US">I downloaded the package of version
9.9.7-P2 from isc website but since it is not an rpm
file I have to build it myself.</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
lang="EN-US">I followed the instructions I found on
website <a moz-do-not-send="true"
href="https://deepthought.isc.org/article/AA-00768/0/Getting-started-with-BIND-ho">https://deepthought.isc.org/article/AA-00768/0/Getting-started-with-BIND-ho</a>
but it does not change the version of bind. I don’t know
what I am doing wrong.</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
lang="EN-US">I am wondering if you can give me a little
guideline on how to build and install the new version.</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
lang="EN-US">Thank you</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal">"does not change the version of bind" -
as reported how? By named -V? Or by a DNS query to
version.bind CH TXT?<br>
<br>
If the former, you probably have more than one named
executable - with the old one earlier in your PATH. "which
named" should help. If the latter, did you remember to
restart named? And did the restart succeed? And does your
startup process have the same PATH as your terminal? (Often
they do not.)<br>
<br>
Re-read the instructions - and pay special attention to how
you run configure. The default is to build/install in
/usr/local/*bin - which is not the default for most
distributions' startup files.<br>
<br>
I strongly recommend keeping track of each step as you build
(a big scrollback buffer helps). Either write your own
instructions, or turn it into a script. There are enough
steps that it's easy to make a mistake - and you will be
re-building bind again to upgrade. Plus, if you ask for
help, you will be able to provide the details of what you
did. Without details of what you did and what you see,
people can't provide specific help.<br>
<br>
Note that RedHat usually has a number of patches (often for
SeLinux and systemd) that you won't get if you build
yourself from ISC sources. <br>
<br>
Or remove bind and switch to the RedHat version. You're
paying RedHat to do the maintenance, so unless you have
local patches or very special requirements, you might as
well let them do the work. <br>
<br>
Typically, if you really need the latest from ISC on RedHat
you're better off getting the SRC RPM from RedHat &
modifying the rpmbuild config file to fetch the latest ISC
source, then build RPMs. If you stay with the same ISC code
stream, you won't have too many patch conflicts to resolve.
After you've done this once or twice, you'll want to revisit
you need for local changes - either decide they're not that
important, or offer them to ISC. Maintaining a private
version is work.<br>
<br>
<br>
<o:p></o:p></p>
<pre>Timothe Litt<o:p></o:p></pre>
<pre>ACM Distinguished Engineer<o:p></o:p></pre>
<pre>--------------------------<o:p></o:p></pre>
<pre>This communication may not represent the ACM or my employer's views,<o:p></o:p></pre>
<pre>if any, on the matters discussed. <o:p></o:p></pre>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<pre>____________________________________________________________
The information in this e-mail and any of its attachments is confidential
and intended only for the individual to whom it is addressed. If you are
not the intended recipient you should immediately notify the sender and
delete the message and all of its attachments. Do not copy through
any means or use for any reason or reveal its content to anyone. This
message cannot be guaranteed to be secure or error-free or delivered
on time. The sender bears no responsibility for any virus, loss, disruption
or any other damage caused to the sender by the content of this email.
This email has been scanned by an antivirus.
____________________________________________________________
</pre>
</blockquote>
<br>
</body>
</html>