[CentOS] bind9, SELinux, ServFail

Fri Jul 11 02:44:01 UTC 2008
Filipe Brandenburger <filbranden at gmail.com>

On Thu, Jul 10, 2008 at 10:39 PM, Meenoo Shivdasani <meenoo at gmail.com> wrote:
> To be more accurate, I installed the patched version of BIND which
> randomizes the source port to address the latest DNS vulnerability.

Did you update the "selinux-policy" package at the same time?

On my system I have bind-9.3.4-6.0.1.P1.el5_2 and
selinux-policy-2.4.6-137.1.el5, both of them were signed at
approximately the same time, and were installed at approximately the
same time on my system, which tells me they most probably came from
the same update (it's easy to confirm that by looking at the
centos-announce mails).

Also:

$ rpm -q --changelog selinux-policy
* Tue Apr 29 2008 Dan Walsh <dwalsh at redhat.com> 2.4.6-137.1
- Allow named to bind to any udp port
Resolves: #451971
...

Well, I'm almost positive that is what you are missing.

HTH,
Filipe