当前位置:Linux教程 - Linux资讯 - 升级7.x的bind到最新的bind 9.2.1

升级7.x的bind到最新的bind 9.2.1

  作者:冷风     Berkeley Internert Name Domain(BIND)是我们所熟知的域名软件,它具有广泛的使用基础,Internet上的绝大多数DNS服务器都是基于这个软件的。BIND目前由ISC(Internet Software Consortium)负责维护,具体的开发由Nominum(www.nominum.com)公司来完成。     CERT于2002年6月4日发布了一个有关 ISC BIND 9 的安全漏洞.     由于网络上很多的功能运作有赖于DNS的正常运转, 所以受到此漏洞影响的层面可能很广.     受到影响的版本是 9.2.1 以前的版本, 8.x 与 4.x 版并不受到影响, 攻击者可以通过发送特殊的数据包导致 BIND 9 DNS Service 无法运作. 不过攻击者并不能利用这个漏洞在DNS服务器上运行代码或者写入数据.     ISC 已经发布了 BIND 9.2.1 以修正此安全漏洞, 建议所有使用 BIND 9 的系统尽快升级.      BIND9.2.1下载地址:     http://www.isc.org/prodUCts/BIND/bind9.Html       按照下面的步骤安装升级,程序将被安装在/usr/local/bind921目录.     备份和卸载原来的bind:         # cp /etc/named.conf /etc/named.conf.bak  # cp -R /var/named /var/named.bak  # rpm -e bind bind-devel bind-utils caching-nameserver      编译安装新的bind921:     # tar zxvf bind-9.2.1.tar.gz   # cd bind-9.2.1  # ./configure --with-liBTool --enable-threads --prefix=/usr/local/bind921  # make  # make install         恢复数据:     # mkdir /usr/local/bind921/etc  # cp /etc/named.conf.bak /usr/local/bind921/etc/named.conf  # mkdir -p /usr/local/bind921/var/named/run  # useradd -u 25 -d /usr/local/bind921/var/named -s /bin/false named  # cp -r /var/named.bak/* /usr/localbind921/var/named  # chown -R named /usr/local/bind921/var      修改配置文集:    修改/usr/local/bind921/etc/named.conf使之可以在我们新安装的系统上工作,将:     options {   Directory "/var/named";      改为:    options {   directory "/usr/local/bind921/var/named";      注释掉原来的rndc.key,当然如果一会你想使用rndc来控制bind的话还需要它,我这里不多讲:     include "/etc/rndc.key";      为:    //include "/etc/rndc.key";      创建启动教本:     我主要是根据redhat自带的rpm包进行修改的,大家可以参考一下然后根据自己的情况修改    #!/bin/bash  #  # named This shell script takes care of starting and stopping  # named (BIND DNS server).  #  # chkconfig: - 55 45  # description: named (BIND) is a Domain Name Server (DNS) # that is used to resolve host names to IP addresses.  # probe: true  # Source function library.  . /etc/rc.d/init.d/functions  eXPort PATH="/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin:/usr/local/bind921/bin:/usr/local/bind921/sbin"  # Source networking configuration.  . /etc/sysconfig/network    # Check that networking is up.  [ "${NETWORKING}" = "no" ] && exit 0    #[ -f /etc/sysconfig/named ] && . /etc/sysconfig/named    [ -f /usr/local/bind921/sbin/named ] exit 0    [ -f /usr/local/bind921/etc/named.conf ] exit 0    RETVAL=0  prog="/usr/local/bind921/sbin/named"    start() {  # Start daemons.  if [ -n "`/sbin/pidof named`" ]; then  echo -n $"$prog: already running"  return 1  fi  echo -n $"Starting $prog: "  if [ -n "${ROOTDIR}" -a "x${ROOTDIR}" != "x/" ]; then  OPTIONS="${OPTIONS} -t ${ROOTDIR}"  fi  # Since named doesn't return proper exit codes at the moment  # (won't be fixed before 9.2), we can't use daemon here - emulate  # its functionality  base=$prog  named -u named ${OPTIONS}  RETVAL=$?  usleep 100000  if [ -z "`/sbin/pidof named`" ]; then  # The child processes have died after fork()ing, e.g.  # because of a broken config file  RETVAL=1  fi  [ $RETVAL -ne 0 ] && failure $"$base startup"  [ $RETVAL -eq 0 ] && touch /var/lock/subsys/named && success $"$base startup"  echo  return $RETVAL  }  stop() {  # Stop daemons.  echo -n $"Stopping $prog: "  killproc named  RETVAL=$?  [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/named  echo  return $RETVAL  }  rhstatus() {  /usr/local/bind921/sbin/rndc status  return $?  }  restart() {  stop  start  }  reload() {  /usr/local/bind921/sbin/rndc reload >/dev/null 2>&1 /usr/bin/killall -HUP named  return $?  }  probe() {  # named knows how to reload intelligently; we don't want Linuxconf  # to offer to restart every time  /usr/local/bind921/sbin/rndc reload >/dev/null 2>&1 echo start  return $?  }     # See how we were called.  case "$1" in  start)  start  ;;  stop)  stop  ;;  status)  rhstatus  ;;  restart)  restart  ;;  condrestart)  [ -f /var/lock/subsys/named ] && restart  ;;  reload)  reload  ;;  probe)  probe  ;;  *)  echo $"Usage: $0 {startstopstatusrestartcondrestartreloadprobe}"  exit 1  esac    exit $?      把上面的教本复制到/etc/init.d/并改名为named,修改权限为600     chmod 600 /etc/inid.d/named     将/usr/local/bind921/bin和/usr/local/bind921/sbin添加到/etc/profile中    if [ `id -u` = 0 ]; then  pathmunge /sbin  pathmunge /usr/sbin  pathmunge /usr/local/sbin  pathmunge /usr/local/mysql/bin  pathmunge /usr/local/bind921/bin  pathmunge /usr/local/bind921/sbin  fi    测试:     # chkconfig --add 456 named  # chkconfig --level 345 named on  # /etc/init.d/named start      记得执行如果不能启动,请查看/var/log/mesages里的日志并根据日志进行排错,也可以到本站论坛寻求帮助.
[1] [2] 下一页 

(出处:http://www.sheup.com)


上一页 [1] [2]