On Thu, Jul 10, 2008 at 10:39 PM, Meenoo Shivdasani <meenoo at gmail.com> wrote: > To be more accurate, I installed the patched version of BIND which > randomizes the source port to address the latest DNS vulnerability. Did you update the "selinux-policy" package at the same time? On my system I have bind-9.3.4-6.0.1.P1.el5_2 and selinux-policy-2.4.6-137.1.el5, both of them were signed at approximately the same time, and were installed at approximately the same time on my system, which tells me they most probably came from the same update (it's easy to confirm that by looking at the centos-announce mails). Also: $ rpm -q --changelog selinux-policy * Tue Apr 29 2008 Dan Walsh <dwalsh at redhat.com> 2.4.6-137.1 - Allow named to bind to any udp port Resolves: #451971 ... Well, I'm almost positive that is what you are missing. HTH, Filipe