[CentOS] BInd Problem or Update SSL ?

Always Learning

centos at g7.u22.net
Fri Feb 18 21:15:28 UTC 2011


> From: Larry Vaden <vaden at texoma.net>
> Date: Sun, Jan 23, 2011 at 8:03 PM
> Subject: sources of bind-9.7.2-P3 rpms for Centos 4.8 and 5.5?


> Our site running Centos 4.8 and 5.5 name servers was hacked with
> the result that www.yahoo.com is now within our /19 and causing
> some grief.

Don't understand what you mean by 'within our /19'. Have your IP ranges
changed?  If your Bind date is corrupt, why not re-install Centos and
then restore the domains data from one of your regular backups?

Is it a wise business decision to use C 4.8 instead of C 5 or the latest
which is C 5.5 ?

> Google hasn't led me to an RPM for bind-9.7.2-P3 nor has the
> search facility at centos.org.  However, it is obvious from said
> searches that Mandriva upgraded last year.

I believe C6 will include an updated Bind.

> An attempt to install bind-9.7.2-P3 from source yields the warning
> below the sig for both 4.8 and 5.5 machines.

> WARNING WARNING WARNING WARNING WARNING ..........
>
> Your OpenSSL crypto library may be vulnerable to .....
> one or more of the the following known security ....
> flaws:
>
> CAN-2002-0659, CAN-2006-4339, CVE-2006-2937 and 
> CVE-2006-2940.
>
> It is recommended that you upgrade to OpenSSL
> version 0.9.8d/0.9.7l (or greater).

Well, on my C 5.5 desktop my OpenSSL is (yum info openssl)

Name       : openssl
Arch       : x86_64
Version    : 0.9.8e
Release    : 12.el5_5.7
Size       : 3.4 M

The same version for i686.

Larry, why can't you install the latest OpenSSL ?

On C 5.5 the latest Bind is 9.3.6 (Release: 4.P1.el5_5.3)

If you really need the latest Bind and can not wait about a month for C6
why don't you use a different flavour of Linux?  In business one can not
be too sentimental and difficult decisions have to be made all the time.


With best regards,

Paul.
England,
EU.





More information about the CentOS mailing list