> From: Larry Vaden <vaden at texoma.net> > Date: Sun, Jan 23, 2011 at 8:03 PM > Subject: sources of bind-9.7.2-P3 rpms for Centos 4.8 and 5.5? > Our site running Centos 4.8 and 5.5 name servers was hacked with > the result that www.yahoo.com is now within our /19 and causing > some grief. Don't understand what you mean by 'within our /19'. Have your IP ranges changed? If your Bind date is corrupt, why not re-install Centos and then restore the domains data from one of your regular backups? Is it a wise business decision to use C 4.8 instead of C 5 or the latest which is C 5.5 ? > Google hasn't led me to an RPM for bind-9.7.2-P3 nor has the > search facility at centos.org. However, it is obvious from said > searches that Mandriva upgraded last year. I believe C6 will include an updated Bind. > An attempt to install bind-9.7.2-P3 from source yields the warning > below the sig for both 4.8 and 5.5 machines. > WARNING WARNING WARNING WARNING WARNING .......... > > Your OpenSSL crypto library may be vulnerable to ..... > one or more of the the following known security .... > flaws: > > CAN-2002-0659, CAN-2006-4339, CVE-2006-2937 and > CVE-2006-2940. > > It is recommended that you upgrade to OpenSSL > version 0.9.8d/0.9.7l (or greater). Well, on my C 5.5 desktop my OpenSSL is (yum info openssl) Name : openssl Arch : x86_64 Version : 0.9.8e Release : 12.el5_5.7 Size : 3.4 M The same version for i686. Larry, why can't you install the latest OpenSSL ? On C 5.5 the latest Bind is 9.3.6 (Release: 4.P1.el5_5.3) If you really need the latest Bind and can not wait about a month for C6 why don't you use a different flavour of Linux? In business one can not be too sentimental and difficult decisions have to be made all the time. With best regards, Paul. England, EU.