Update DNS BIND - CentOS 7
Update DNS BIND - CentOS 7
Hello Friends, can anyone help me upgrade the version of BIND in my CentOS 7?
# yum info bind
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.globo.com
* epel: mirror.globo.com
* extras: mirror.globo.com
* remi-safe: remi.xpg.com.br
* rpmfusion-free-updates: mirrors.lug.mtu.edu
* rpmfusion-nonfree-updates: mirrors.lug.mtu.edu
* updates: mirror.globo.com
* webtatic: us-east.repo.webtatic.com
Installed Packages
Name : bind
Arch : x86_64
Epoch : 32
Version : 9.9.4
Release : 51.el7_4.1
Size : 4.3 M
Repo : installed
From repo : updates
Summary : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
URL : http://www.isc.org/products/BIND/
License : ISC
Description : BIND (Berkeley Internet Name Domain) is an implementation of the DNS
: (Domain Name System) protocols. BIND includes a DNS server (named),
: which resolves host names to IP addresses; a resolver library
: (routines for applications to use when interfacing with DNS); and
: tools for verifying that the DNS server is operating properly.
Any repository that has a more current version?
Thank You
# yum info bind
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.globo.com
* epel: mirror.globo.com
* extras: mirror.globo.com
* remi-safe: remi.xpg.com.br
* rpmfusion-free-updates: mirrors.lug.mtu.edu
* rpmfusion-nonfree-updates: mirrors.lug.mtu.edu
* updates: mirror.globo.com
* webtatic: us-east.repo.webtatic.com
Installed Packages
Name : bind
Arch : x86_64
Epoch : 32
Version : 9.9.4
Release : 51.el7_4.1
Size : 4.3 M
Repo : installed
From repo : updates
Summary : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
URL : http://www.isc.org/products/BIND/
License : ISC
Description : BIND (Berkeley Internet Name Domain) is an implementation of the DNS
: (Domain Name System) protocols. BIND includes a DNS server (named),
: which resolves host names to IP addresses; a resolver library
: (routines for applications to use when interfacing with DNS); and
: tools for verifying that the DNS server is operating properly.
Any repository that has a more current version?
Thank You
Re: Update DNS BIND - CentOS 7
Why would you need a newer version? Note that security fixes get backported to the versions shipped by RHEL/CentOS.
Re: Update DNS BIND - CentOS 7
Version 9.9.4 has vulnerabilities.
I would like to upgrade to fix.
I would like to upgrade to fix.
Re: Update DNS BIND - CentOS 7
No, it really doesn't have vulnerabilities.
Read the backports link that avij posted. Redhat take care of backporting all security fixes from the mainline code to their version.
If you have specific CVE numbers you're interested in the look at the output from rpm -q --changelog bind and grep for the CVE you're interested in. If nothing shows up then consult https://access.redhat.com/security/cve/cve-yyyy-nnnn to see what Redhat say about it - often if a CVE is not listed as fixed then there is a KB article that tells you why - for example "we don't enable that feature so the RHEL version is not vulnerable".
Also, if you don't find anything, make sure you are up to date by running yum update and see if there is a newer version pending which fixes it.
Read the backports link that avij posted. Redhat take care of backporting all security fixes from the mainline code to their version.
If you have specific CVE numbers you're interested in the look at the output from rpm -q --changelog bind and grep for the CVE you're interested in. If nothing shows up then consult https://access.redhat.com/security/cve/cve-yyyy-nnnn to see what Redhat say about it - often if a CVE is not listed as fixed then there is a KB article that tells you why - for example "we don't enable that feature so the RHEL version is not vulnerable".
Also, if you don't find anything, make sure you are up to date by running yum update and see if there is a newer version pending which fixes it.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Update DNS BIND - CentOS 7
Ok!
Thank You!
The help was very important.
Thank You!
The help was very important.
-
- Posts: 22
- Joined: 2017/01/05 14:55:14
Re: Update DNS BIND - CentOS 7
Trevor,TrevorH wrote: ↑2018/01/11 17:45:12No, it really doesn't have vulnerabilities.
Read the backports link that avij posted. Redhat take care of backporting all security fixes from the mainline code to their version.
If you have specific CVE numbers you're interested in the look at the output from rpm -q --changelog bind and grep for the CVE you're interested in. If nothing shows up then consult https://access.redhat.com/security/cve/cve-yyyy-nnnn to see what Redhat say about it - often if a CVE is not listed as fixed then there is a KB article that tells you why - for example "we don't enable that feature so the RHEL version is not vulnerable".
Also, if you don't find anything, make sure you are up to date by running yum update and see if there is a newer version pending which fixes it.
BIND <= 9.10 has an issue with the in-view directive that is documented here = if true - https://community.letsencrypt.org/t/dns ... t/10156/26 and I have tried running the rfc_dns_2136 authenticator with the external view removed and it yields a different error - which tells me the in view directive issue is still present in the version of 9.9.4-RedHat-9.9.4-61.el7
It is not a vulnerability so much as it is bug - that has been fixed in 9.11
The page here => https://blog.ceae.info/how-to-compile-l ... -centos-7/ list the requirements to get some dependencies installed from yum and they install fine as they are made for Centos 7
A page at https://bkraft.fr/blog/bind_9_10_3-P4_for_CentOS7/ has files the site owner made for Bind 9.10, but 9.10 still has a bug in a restart failure problem, but a rpm -Uvh --test command on Fedora 28 BIND 9.11 files leaves only basically it appears the bind-lib files missing in conflict to the existing bind libs.
So would not the Fedora BIND 9.11 rpms work once the bind libs are satisfied- I have used them for other non-Centos 7 existing program files, or will this cause something known that will be nasty ??
Re: Update DNS BIND - CentOS 7
Why not just file a bug on bugzilla.redhat.com ?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 22
- Joined: 2017/01/05 14:55:14
Re: Update DNS BIND - CentOS 7
Yes.. but if you want it fixed in the RHEL copy then you have to ask them to fix it. They won't automatically rebase packages to newer upstream versions just because they're available.
But that's exactly how the RHEL backporting policy works. Please see https://access.redhat.com/security/updates/backporting/ for information on backporting of security fixes and features in CentOS and RHELBecause it has already been fixed in 9.11 - and installing 9.11 solves the issue, I
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Update DNS BIND - CentOS 7
i think the question was NOT why but how to upgrade bindavij wrote: ↑2018/01/11 12:31:55Why would you need a newer version? Note that security fixes get backported to the versions shipped by RHEL/CentOS.
And down here some interesting information
I think it would be great if we could have a trusted repo that follow, at least, current stable version Not the officially deprecated version from those who actually build Bind ( ISC Software )
Thank you.