Named vulnerability on RELENG_7_0

[clinty]

Hello.

One of my server use FreeBSD 7.0. I can't upgrade the system, impossible.
Is any solution to have the lastest Named (in FreeBSD system) in 7.0 ?

Thanks.

 

[SirDice]

Since 7.0 isn't supported anymore you are pretty much on your own.

You could however try to apply the patch on 7.0. This may need quite a bit of tinkering though.

 

[clinty]

And what do you think about bind9 port? Is there differences between bind port and bind system?

 

[DutchDaemon]

The ports will work just fine. Just choose to replace the base system BIND in make config. Always reinstall the port after an OS upgrade.

 

[SirDice]

You will have to make sure your ports tree is up2date. Otherwise you would still be installing an old (and perhaps vulnerable) bind version.

 

[clinty]

About the Bind chroot, is in working out of the box with the Bind port ?

 

[DutchDaemon]

Yes, because chrooting of BIND takes place in /etc/defaults/rc.conf, and the port versions of BIND will use the same variables. It's a drop-in replacement.

 

[clinty]

Does we have to compile bind port with SIGCHASE (dig/host/nslookup will do DNSSEC validation) option?
I would like to have the same options than the Bind included in FreeBSD 7.0 system.

Thanks!

 

[DutchDaemon]

You can use (or not use) any option you like. Just turn things on or off in [cmd=]make config[/cmd].

 

[clinty]

I know I can use any option I like
My question was : to have the same Bind than FreeBSD system, have I to enable SIGCHASE option?

 

[DutchDaemon]

I have no idea. The fact that all ports versions have it defaulted to off makes me think it isn't on in the base version either.