歡迎來到Linux教程網
Linux教程網
Linux教程網
Linux教程網
您现在的位置: Linux教程網 >> UnixLinux >  >> Linux綜合 >> Linux資訊 >> 更多Linux

升級7.x的bind到最新的bind 9.2.1

  作者:冷風     Berkeley Internert Name Domain(BIND)是我們所熟知的域名軟件,它具有廣泛的使用基礎,Internet上的絕大多數DNS服務器都是基於這個軟件的。BIND目前由ISC(Internet Software Consortium)負責維護,具體的開發由Nominum(www.nominum.com)公司來完成。     CERT於2002年6月4日發布了一個有關 ISC BIND 9 的安全漏洞.     由於網絡上很多的功能運作有賴於DNS的正常運轉, 所以受到此漏洞影響的層面可能很廣.     受到影響的版本是 9.2.1 以前的版本, 8.x 與 4.x 版並不受到影響, 攻擊者可以通過發送特殊的數據包導致 BIND 9 DNS Service 無法運作. 不過攻擊者並不能利用這個漏洞在DNS服務器上運行代碼或者寫入數據.     ISC 已經發布了 BIND 9.2.1 以修正此安全漏洞, 建議所有使用 BIND 9 的系統盡快升級.      BIND9.2.1下載地址:     http://www.isc.org/prodUCts/BIND/bind9.Html       按照下面的步驟安裝升級,程序將被安裝在/usr/local/bind921目錄.     備份和卸載原來的bind:         # cp /etc/named.conf /etc/named.conf.bak  # cp -R /var/named /var/named.bak  # rpm -e bind bind-devel bind-utils caching-nameserver      編譯安裝新的bind921:     # tar zxvf bind-9.2.1.tar.gz   # cd bind-9.2.1  # ./configure --with-liBTool --enable-threads --prefix=/usr/local/bind921  # make  # make install         恢復數據:     # mkdir /usr/local/bind921/etc  # cp /etc/named.conf.bak /usr/local/bind921/etc/named.conf  # mkdir -p /usr/local/bind921/var/named/run  # useradd -u 25 -d /usr/local/bind921/var/named -s /bin/false named  # cp -r /var/named.bak/* /usr/localbind921/var/named  # chown -R named /usr/local/bind921/var      修改配置文集:    修改/usr/local/bind921/etc/named.conf使之可以在我們新安裝的系統上工作,將:     options {   Directory "/var/named";      改為:    options {   directory "/usr/local/bind921/var/named";      注釋掉原來的rndc.key,當然如果一會你想使用rndc來控制bind的話還需要它,我這裡不多講:     include "/etc/rndc.key";      為:    //include "/etc/rndc.key";      創建啟動教本:     我主要是根據redhat自帶的rpm包進行修改的,大家可以參考一下然後根據自己的情況修改    #!/bin/bash  #  # named This shell script takes care of starting and stopping  # named (BIND DNS server).  #  # chkconfig: - 55 45  # description: named (BIND) is a Domain Name Server (DNS) # that is used to resolve host names to IP addresses.  # probe: true  # Source function library.  . /etc/rc.d/init.d/functions  eXPort PATH="/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin:/usr/local/bind921/bin:/usr/local/bind921/sbin"  # Source networking configuration.  . /etc/sysconfig/network    # Check that networking is up.  [ "${NETWORKING}" = "no" ] && exit 0    #[ -f /etc/sysconfig/named ] && . /etc/sysconfig/named    [ -f /usr/local/bind921/sbin/named ] exit 0    [ -f /usr/local/bind921/etc/named.conf ] exit 0    RETVAL=0  prog="/usr/local/bind921/sbin/named"    start() {  # Start daemons.  if [ -n "`/sbin/pidof named`" ]; then  echo -n $"$prog: already running"  return 1  fi  echo -n $"Starting $prog: "  if [ -n "${ROOTDIR}" -a "x${ROOTDIR}" != "x/" ]; then  OPTIONS="${OPTIONS} -t ${ROOTDIR}"  fi  # Since named doesn't return proper exit codes at the moment  # (won't be fixed before 9.2), we can't use daemon here - emulate  # its functionality  base=$prog  named -u named ${OPTIONS}  RETVAL=$?  usleep 100000  if [ -z "`/sbin/pidof named`" ]; then  # The child processes have died after fork()ing, e.g.  # because of a broken config file  RETVAL=1  fi  [ $RETVAL -ne 0 ] && failure $"$base startup"  [ $RETVAL -eq 0 ] && touch /var/lock/subsys/named && success $"$base startup"  echo  return $RETVAL  }  stop() {  # Stop daemons.  echo -n $"Stopping $prog: "  killproc named  RETVAL=$?  [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/named  echo  return $RETVAL  }  rhstatus() {  /usr/local/bind921/sbin/rndc status  return $?  }  restart() {  stop  start  }  reload() {  /usr/local/bind921/sbin/rndc reload >/dev/null 2>&1 /usr/bin/killall -HUP named  return $?  }  probe() {  # named knows how to reload intelligently; we don't want Linuxconf  # to offer to restart every time  /usr/local/bind921/sbin/rndc reload >/dev/null 2>&1 echo start  return $?  }     # See how we were called.  case "$1" in  start)  start  ;;  stop)  stop  ;;  status)  rhstatus  ;;  restart)  restart  ;;  condrestart)  [ -f /var/lock/subsys/named ] && restart  ;;  reload)  reload  ;;  probe)  probe  ;;  *)  echo $"Usage: $0 {startstopstatusrestartcondrestartreloadprobe}"  exit 1  esac    exit $?      把上面的教本復制到/etc/init.d/並改名為named,修改權限為600     chmod 600 /etc/inid.d/named     將/usr/local/bind921/bin和/usr/local/bind921/sbin添加到/etc/profile中    if [ `id -u` = 0 ]; then  pathmunge /sbin  pathmunge /usr/sbin  pathmunge /usr/local/sbin  pathmunge /usr/local/mysql/bin  pathmunge /usr/local/bind921/bin  pathmunge /usr/local/bind921/sbin  fi    測試:     # chkconfig --add 456 named  # chkconfig --level 345 named on  # /etc/init.d/named start      記得執行如果不能啟動,請查看/var/log/mesages裡的日志並根據日志進行排錯,也可以到本站論壇尋求幫助.




Copyright © Linux教程網 All Rights Reserved