How To Patch / Upgrade BIND 9.x Under FreeBSD Operating System

Q. BIND 9 is part of core FreeBSD 7.x. How do I apply BIND 9 security patch under FreeBSD 7.x? Do I need to fetch entire source (buildworld) to patch BIND 9? How do I patch up recent BIND 9 DNS cache poisoning bug?

A. No, you don’t have to fetch entire source to patch up BIND 9 if you are running latest stable (6-STABLE or 7-STABLE). The BIND DNS implementation does not randomize the UDP source port when doing remote queries, and the query id alone does not provide adequate randomization.

To fix this issue under FreeBSD 6.3, download patch:
# cd /tmp
# fetch -o bind.patch

If you are using FreeBSD 7.0, enter:
# cd /tmp
# fetch -o bind.patch

Type the following commands to compile and install bind 9 patch:
# cd /usr/src
# patch
Restart bind 9:
# /etc/rc.d/named restart
# tail -f /var/log/messages

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 7 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
7 comments… add one
  • O'Shaughnessy Evans Jul 25, 2008 @ 7:55

    Since you’re upgrading BIND, you might as well upgrade rndc, too. How about adding this to your “make” section?

    # cd /usr/src/usr.sbin/rndc
    # make obj && make depend && make && make install

  • RyAn Jul 28, 2008 @ 2:56

    I have this error while patching my DNS on freeBSD.

    neon# patch < /root/bind63.patch 
    Hmm...  Looks like a unified diff to me...
    The text leading up to this was:
    |Index: contrib/bind9/bin/named/client.c
    |RCS file: /usr/ncvs/src/contrib/bind9/bin/named/client.c,v
    |retrieving revision
    |diff -u -r1. client.c
    |--- contrib/bind9/bin/named/client.c	25 Jul 2007 08:23:07 -0000
    |+++ contrib/bind9/bin/named/client.c	10 Jul 2008 16:07:20 -0000
    File to patch: 
    No file found--skip this patch? [n] 
    File to patch: ^[[A^[[A
    No file found--skip this patch? [n]
  • 🐧 nixCraft Jul 28, 2008 @ 8:13


    Do you have up to date FreeBSD source tree?

  • jimbo Aug 1, 2008 @ 16:56

    i’m also getting the same error as RyAn. new install of fbsd 7, minimal. how do i run the patch without having to to a cvsup and blowing the whole point of having a minimal install?

  • 🐧 nixCraft Aug 1, 2008 @ 18:13


    There is binary update method, it will only work if you are not using custom kernel.

  • jimbo Aug 1, 2008 @ 18:23

    how do i do the binary update?

  • 🐧 nixCraft Aug 1, 2008 @ 18:41

    Use freebsd-update command which is used to fetch, install, and rollback binary updates to the FreeBSD base system. You can also use sysinstall to update system. Read man pages for further information.

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum