I am running Ubuntu Server 12.04.3 LTS with with BIND 9.8.1-P1 + to make sure I have the latest updates I ran
sudo apt-get update
sudo apt-get upgrade
sudo dist-upgrade
This all worked fine but I noticed that the Bind version is still 9.8.1-P1 & since found out that Ubuntu 12.04.3 has not released the latest recommend Bind version of 9.8.6-P1 or even 9.9.4-P1 to this Ubuntu release which is found on:-
https://www.isc.org/downloads/software-support-policy/bind-software-status/
Since there are security holes in this bind version 9.8.1-P1 we are
unable to pass PCI Compliance:-
DNS Server Recursive Query Cache Poisoning Weakness dns (53/udp)
CVE-1999-0024 Medium
5.0 Fail
Solution: Upgrade Bind to version 9.9.4-P1
DNS Server Cache Snooping Remote Information Disclosure dns (53/udp)
Medium, 5.0, Fail (The vulnerability is not included in the NVD)
Solution: Upgrade Bind to version 9.9.4-P1 & add the following line
to the options section of named.conf: allow-recursion { internaldns;
}; eg. options { allow-query { internaldns; }; allow-recursion {
internaldns; }; }; (This new feature was introduced in Bind 9.4)
(http://fixunix.com/dns/496768-dns-cache-snooping.html)
So my question is how do I upgrade to bind version 9.9.4-P1 + also is it safe to run that version on Ubuntu 12.04 LTS?
I don't know if it is safe or not, but you should be able to upgrade by using this PPA for Bind. I would uninstall the old version and then install the new version from this PPA by using the following commands.
sudo add-apt-repository ppa:malcscott/bind9.9
sudo apt-get update
sudo apt-get install bind9
The webpage for the Launchpad PPA is here.
No comments:
Post a Comment