About Linux FAQ

Browse More FAQs:

How To Patch / Upgrade BIND 9.x Under FreeBSD Operating System

Posted by Vivek Gite [Last updated: July 17, 2008]

Q. BIND 9 is part of core FreeBSD 7.x. How do I apply BIND 9 security patch under FreeBSD 7.x? Do I need to fetch entire source (buildworld) to patch BIND 9? How do I patch up recent BIND 9 DNS cache poisoning bug?

A. No, you don't have to fetch entire source to patch up BIND 9 if you are running latest stable (6-STABLE or 7-STABLE). The BIND DNS implementation does not randomize the UDP source port when doing remote queries, and the query id alone does not provide adequate randomization.

To fix this issue under FreeBSD 6.3, download patch:
# cd /tmp
# fetch -o bind.patch http://security.FreeBSD.org/patches/SA-08:06/bind63.patch

If you are using FreeBSD 7.0, enter:
# cd /tmp
# fetch -o bind.patch http://security.FreeBSD.org/patches/SA-08:06/bind7.patch
Type the following commands to compile and install bind 9 patch:
# cd /usr/src
# patch < /tmp/bind.patch
# cd /usr/src/lib/bind
# make obj && make depend && make && make install
# cd /usr/src/usr.sbin/named
# make obj && make depend && make && make install

Restart bind 9:
# /etc/rc.d/named restart
# tail -f /var/log/messages

Acer Aspire One 8.9-inch Mini Laptop (1.6 GHz Intel Atom N270 Processor, 1 GB RAM, 160 GB Hard Drive, XP Home, 6 Cell Battery) Sapphire Blue

E-mail    Print    Can't find an answer to your question? Contact us

Related Other Helpful FAQs:

Discussion on This FAQ

  1. O'Shaughnessy Evans Says:
    July 25th, 2008 at 7:55 am

    Since you’re upgrading BIND, you might as well upgrade rndc, too. How about adding this to your “make” section?

    # cd /usr/src/usr.sbin/rndc
    # make obj && make depend && make && make install

  2. RyAn Says:
    July 28th, 2008 at 2:56 am

    I have this error while patching my DNS on freeBSD.

    neon# patch < /root/bind63.patch
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|Index: contrib/bind9/bin/named/client.c
|===================================================================
|RCS file: /usr/ncvs/src/contrib/bind9/bin/named/client.c,v
|retrieving revision 1.1.1.2.2.3
|diff -u -r1.1.1.2.2.3 client.c
|--- contrib/bind9/bin/named/client.c	25 Jul 2007 08:23:07 -0000	1.1.1.2.2.3
|+++ contrib/bind9/bin/named/client.c	10 Jul 2008 16:07:20 -0000
--------------------------
File to patch:
No file found--skip this patch? [n]
File to patch: ^[[A^[[A
No file found--skip this patch? [n]
  3. vivek Says:
    July 28th, 2008 at 8:13 am

    RyAn,

    Do you have up to date FreeBSD source tree?

  4. jimbo Says:
    August 1st, 2008 at 4:56 pm

    i’m also getting the same error as RyAn. new install of fbsd 7, minimal. how do i run the patch without having to to a cvsup and blowing the whole point of having a minimal install?

  5. vivek Says:
    August 1st, 2008 at 6:13 pm

    jimbo,

    There is binary update method, it will only work if you are not using custom kernel.

  6. jimbo Says:
    August 1st, 2008 at 6:23 pm

    how do i do the binary update?

  7. vivek Says:
    August 1st, 2008 at 6:41 pm

    Use freebsd-update command which is used to fetch, install, and rollback binary updates to the FreeBSD base system. You can also use sysinstall to update system. Read man pages for further information.

Leave a Reply

We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Tags: , , , , , , , ,

Copyright © 2006-2008 nixCraft. All rights reserved - TOS/Disclaimer - Privacy policy - Powered by Open source software.