[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fwd: cvs commit: ports/dns/bind9 Makefile distinfo ports/dns/bind94 Makefile distinfo ports/dns/bind95 Makefile distinfo]

To: stef_(_at_)_memberwebs_(_dot_)_com
Subject: Re: [Fwd: cvs commit: ports/dns/bind9 Makefile distinfo ports/dns/bind94 Makefile distinfo ports/dns/bind95 Makefile distinfo]
From: Dmitry Morozovsky <marck_(_at_)_rinet_(_dot_)_ru>
Date: Thu, 10 Jul 2008 18:41:35 +0400 (MSD)
Cc: "freebsd-security_(_at_)_freebsd_(_dot_)_org" <freebsd-security_(_at_)_freebsd_(_dot_)_org>, Remko Lodder <remko_(_at_)_freebsd_(_dot_)_org>, Doug Barton <dougb_(_at_)_freebsd_(_dot_)_org>, secteam_(_at_)_freebsd_(_dot_)_org, Andrew Storms <astorms_(_at_)_ncircle_(_dot_)_com>

On Wed, 9 Jul 2008, Stef wrote:

S> Thanks!
S> 
S> Here are simple steps to use this instead of the base named (and easily
S> go back later):
S> 
S> # cd /usr/ports/dns/bind9
S> # make && make install
S> # ln -s /etc/namedb/named.conf /usr/local/etc/named.conf
S> # echo 'named_program="/usr/local/sbin/named" >> /etc/rc.conf
S> # /etc/rc.d/named restart
S> 
S> LMK if I missed something.

(or use NO_BIND= in /etc/make.conf and WITH_REPLACE_BASE= on port options, but 
be careful when upgrading configs...)

Just to have you and other related parties informed of a pitfall I stepped 
into:

-- 8< --
From: BIND9 Bugs via RT <bind9-bugs_(_at_)_isc_(_dot_)_org>
Subject: [ISC-Bugs #18265] AutoReply: bind update to 9.4.2.1: 'empty label' inconsistent check 

-------------------------------------------------------------------------
Dear Doug and ISC maintainers,

just updated bind94 on our master server and found that together with 
vulnerability fixes there is at least one glitch in configuration checks

History: we have automatic scripted system to secondary some zones from one of 
our partners. so, part of named.conf is auto-generated, then checked via 
named-checkconf and then applied.

After today upgrade I found that new server failed to start, which is really a 
PITA, as it has 13k+ authoritative zones. Named-checkconf does not return an 
error. named reports 'empty label' without any reference to config file and/or 
line number. After some nervous minutes of binary search ;-) I found the 
offending line, which erroneously contains two dots instead of one.

I suppose this should be fixed at least in named-checkconf.

-- 8< --



Sincerely,
D.Marck                                     [DM5020, MCK-RIPE, DM3-RIPN]
[ FreeBSD committer:                                 marck_(_at_)_FreeBSD_(_dot_)_org ]
------------------------------------------------------------------------
*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck_(_at_)_rinet_(_dot_)_ru ***
------------------------------------------------------------------------
_______________________________________________
freebsd-security_(_at_)_freebsd_(_dot_)_org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe_(_at_)_freebsd_(_dot_)_org"

References:
- Re: [Fwd: cvs commit: ports/dns/bind9 Makefile distinfo ports/dns/bind94 Makefile distinfo ports/dns/bind95 Makefile distinfo]
  - From: Andrew Storms
- Re: [Fwd: cvs commit: ports/dns/bind9 Makefile distinfo ports/dns/bind94 Makefile distinfo ports/dns/bind95 Makefile distinfo]
  - From: Stef

Prev by Date: Re: BIND update?
Next by Date: RE: Here is how to fix your nameserver - was Re: BIND update?
Previous by thread: Re: [Fwd: cvs commit: ports/dns/bind9 Makefile distinfo ports/dns/bind94 Makefile distinfo ports/dns/bind95 Makefile distinfo]
Next by thread: Re: [Fwd: cvs commit: ports/dns/bind9 Makefile distinfo ports/dns/bind94 Makefile distinfo ports/dns/bind95 Makefile distinfo]
Index(es):
- Date
- Thread

Visit your host, monkey.org