Update DNS BIND - CentOS 7

Issues related to applications and software problems
crenatovb
Posts: 3
Joined: 2018/01/11 11:59:53

Update DNS BIND - CentOS 7

Post by crenatovb » 2018/01/11 12:05:08

Hello Friends, can anyone help me upgrade the version of BIND in my CentOS 7?

# yum info bind
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.globo.com
* epel: mirror.globo.com
* extras: mirror.globo.com
* remi-safe: remi.xpg.com.br
* rpmfusion-free-updates: mirrors.lug.mtu.edu
* rpmfusion-nonfree-updates: mirrors.lug.mtu.edu
* updates: mirror.globo.com
* webtatic: us-east.repo.webtatic.com
Installed Packages
Name : bind
Arch : x86_64
Epoch : 32
Version : 9.9.4
Release : 51.el7_4.1
Size : 4.3 M
Repo : installed
From repo : updates
Summary : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
URL : http://www.isc.org/products/BIND/
License : ISC
Description : BIND (Berkeley Internet Name Domain) is an implementation of the DNS
: (Domain Name System) protocols. BIND includes a DNS server (named),
: which resolves host names to IP addresses; a resolver library
: (routines for applications to use when interfacing with DNS); and
: tools for verifying that the DNS server is operating properly.

Any repository that has a more current version?
Thank You

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: Update DNS BIND - CentOS 7

Post by avij » 2018/01/11 12:31:55

Why would you need a newer version? Note that security fixes get backported to the versions shipped by RHEL/CentOS.

crenatovb
Posts: 3
Joined: 2018/01/11 11:59:53

Re: Update DNS BIND - CentOS 7

Post by crenatovb » 2018/01/11 17:39:24

Version 9.9.4 has vulnerabilities.
I would like to upgrade to fix.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Update DNS BIND - CentOS 7

Post by TrevorH » 2018/01/11 17:45:12

No, it really doesn't have vulnerabilities.

Read the backports link that avij posted. Redhat take care of backporting all security fixes from the mainline code to their version.

If you have specific CVE numbers you're interested in the look at the output from rpm -q --changelog bind and grep for the CVE you're interested in. If nothing shows up then consult https://access.redhat.com/security/cve/cve-yyyy-nnnn to see what Redhat say about it - often if a CVE is not listed as fixed then there is a KB article that tells you why - for example "we don't enable that feature so the RHEL version is not vulnerable".

Also, if you don't find anything, make sure you are up to date by running yum update and see if there is a newer version pending which fixes it.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

crenatovb
Posts: 3
Joined: 2018/01/11 11:59:53

Re: Update DNS BIND - CentOS 7

Post by crenatovb » 2018/01/12 12:04:39

Ok!
Thank You!
The help was very important.

wilburunion
Posts: 22
Joined: 2017/01/05 14:55:14

Re: Update DNS BIND - CentOS 7

Post by wilburunion » 2018/08/17 16:56:22

TrevorH wrote:
2018/01/11 17:45:12
No, it really doesn't have vulnerabilities.

Read the backports link that avij posted. Redhat take care of backporting all security fixes from the mainline code to their version.

If you have specific CVE numbers you're interested in the look at the output from rpm -q --changelog bind and grep for the CVE you're interested in. If nothing shows up then consult https://access.redhat.com/security/cve/cve-yyyy-nnnn to see what Redhat say about it - often if a CVE is not listed as fixed then there is a KB article that tells you why - for example "we don't enable that feature so the RHEL version is not vulnerable".

Also, if you don't find anything, make sure you are up to date by running yum update and see if there is a newer version pending which fixes it.
Trevor,

BIND <= 9.10 has an issue with the in-view directive that is documented here = if true - https://community.letsencrypt.org/t/dns ... t/10156/26 and I have tried running the rfc_dns_2136 authenticator with the external view removed and it yields a different error - which tells me the in view directive issue is still present in the version of 9.9.4-RedHat-9.9.4-61.el7

It is not a vulnerability so much as it is bug - that has been fixed in 9.11

The page here => https://blog.ceae.info/how-to-compile-l ... -centos-7/ list the requirements to get some dependencies installed from yum and they install fine as they are made for Centos 7

A page at https://bkraft.fr/blog/bind_9_10_3-P4_for_CentOS7/ has files the site owner made for Bind 9.10, but 9.10 still has a bug in a restart failure problem, but a rpm -Uvh --test command on Fedora 28 BIND 9.11 files leaves only basically it appears the bind-lib files missing in conflict to the existing bind libs.

So would not the Fedora BIND 9.11 rpms work once the bind libs are satisfied- I have used them for other non-Centos 7 existing program files, or will this cause something known that will be nasty ??

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Update DNS BIND - CentOS 7

Post by TrevorH » 2018/08/17 17:13:06

Why not just file a bug on bugzilla.redhat.com ?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

wilburunion
Posts: 22
Joined: 2017/01/05 14:55:14

Re: Update DNS BIND - CentOS 7

Post by wilburunion » 2018/08/17 18:28:45

TrevorH wrote:
2018/08/17 17:13:06
Why not just file a bug on bugzilla.redhat.com ?
Because it has already been fixed in 9.11 - and installing 9.11 solves the issue, I cannot see anyone going backwards to fix it in an earlier version when it no longer exists in a newer version

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Update DNS BIND - CentOS 7

Post by TrevorH » 2018/08/18 09:45:32

Yes.. but if you want it fixed in the RHEL copy then you have to ask them to fix it. They won't automatically rebase packages to newer upstream versions just because they're available.
Because it has already been fixed in 9.11 - and installing 9.11 solves the issue, I
But that's exactly how the RHEL backporting policy works. Please see https://access.redhat.com/security/updates/backporting/ for information on backporting of security fixes and features in CentOS and RHEL
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Nerigal
Posts: 11
Joined: 2015/05/04 17:01:54

Re: Update DNS BIND - CentOS 7

Post by Nerigal » 2018/11/16 13:32:47

avij wrote:
2018/01/11 12:31:55
Why would you need a newer version? Note that security fixes get backported to the versions shipped by RHEL/CentOS.
i think the question was NOT why but how to upgrade bind

And down here some interesting information
Bind-EOL.png
Bind-EOL.png (56.67 KiB) Viewed 13934 times
I think it would be great if we could have a trusted repo that follow, at least, current stable version Not the officially deprecated version from those who actually build Bind ( ISC Software )


Thank you.

Locked