[CentOS] bind9, SELinux, ServFail
filbranden at gmail.com
Fri Jul 11 02:44:01 UTC 2008
On Thu, Jul 10, 2008 at 10:39 PM, Meenoo Shivdasani <meenoo at gmail.com> wrote:
> To be more accurate, I installed the patched version of BIND which
> randomizes the source port to address the latest DNS vulnerability.
Did you update the "selinux-policy" package at the same time?
On my system I have bind-9.3.4-6.0.1.P1.el5_2 and
selinux-policy-2.4.6-137.1.el5, both of them were signed at
approximately the same time, and were installed at approximately the
same time on my system, which tells me they most probably came from
the same update (it's easy to confirm that by looking at the
$ rpm -q --changelog selinux-policy
* Tue Apr 29 2008 Dan Walsh <dwalsh at redhat.com> 2.4.6-137.1
- Allow named to bind to any udp port
Well, I'm almost positive that is what you are missing.
More information about the CentOS