Hey everyone,

With Kaminsky's annoucement of the bind vulnerability, I am struggling to patch all of my companies boxes. I found 2 freebsd 5.4 boxes with bind 8 that I have no idea how to update.

Can someone please help by walking me through the steps of getting a secure version of bind up on freeBSD 5.4?


Thanks!

You can install bind from ports:
dns/bind94

Or, even better, consider upgrading to FreeBSD 6 or 7, FreeBSD 5 is no longer supported.

We checked the ISC BIND (http://www.isc.org/index.pl?/sw/bind/index.php) site and upgraded to the newest release which resolved this issue for us.

I compiled this manually, but installing from ports should be fine.

I think that you should probably get a test box with FreeBSD 7.0-STABLE installed and install the most up-to-date version of BIND on there. Migrate a couple zonefiles over there and verify it's functioning properly. Recently I went through a round of upgrades to bring all our FreeBSD servers up to a minimum of 6.3 and I am sympathetic to anyone facing something similar. I used that opportunity to define an upgrade plan for those systems which historically had been left to their own devices.

I was upgrading from 9.3, so I didn't see any unusual errors and there wasn't any service disruption. However, upgrading from 8 you might need to change the location of named in your rc.conf. I think that those earlier versions installed named in /usr/sbin and not /usr/local/sbin.