[csw-users] Help test new BIND 9.4.2-P1 that fix critical security flaw

Peter Bonivart bonivart at blastwave.org
Thu Jul 10 01:58:30 CEST 2008

I have built a new version of BIND since the current one has a
critical security flaw and everyone running a caching DNS needs to
upgrade, more info here: http://www.kb.cert.org/vuls/id/800113.

Please help me test it so we can release it quickly. I have gotten a
few positive reports (and no negative) so it should be relatively safe
to test but as always, try it on a non-production server first.

Note to those running an older version than the current unstable
package (9.4.1-P1): the paths to configuration files and zone files
have changed to ease having /opt/csw NFS-mounted. You're now supposed
to have named.conf and such in /etc/opt/csw and zones and such in
/var/opt/csw/named. By modifying /etc/init.d/cswnamed you can keep
your old paths if you like. Also, some defaults in BIND have changed,
e.g. allow-recursion so check your named.conf. This has nothing to do
with the new package, it was introduced in 9.4.1-P1 but I wanted to
warn you if you're doing a larger jump because of the security flaw
and get into trouble because of the changes.


Please report back, either to the list or to me directly, whether you
have success or not so we can release it officially to unstable as
quickly as possible.


EB White  - "Be obscure clearly."

More information about the users mailing list