Changes between Version 6 and Version 7 of bind


Ignore:
Timestamp:
10/19/2019 12:38:24 AM (5 years ago)
Author:
Kevin
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • bind

    v6 v7  
    147147----
    148148
    149 Bind 9.14.5 is dropping this into sys.log, but still runs fine:[[BR]]
     149Bind 9.14.5 - 9.14.7 will report the following errors into sys.log, but still runs: [[BR]]
     150
    150151named[459]: listening on IPv4 interface enp0s3, 192.168.56.2#53 [[BR]]
    151152named[459]: unable to set effective uid to 0: Operation not permitted[[BR]]
     
    155156
    156157[Found this link](http://bind-users-forum.2342410.n4.nabble.com/BIND-9-14-0-unable-to-set-effective-uid-to-0-Operation-not-permitted-td6844.html) describing named wanting to revert back to UID 0, root for some reason even though it is in chroot at this time.[[BR]]
     158This page also discusses the issue: https://gitlab.isc.org/isc-projects/bind9/issues/1042 [[BR]]
     159
    157160You can disable caps --disable-linux-caps but at the cost of security, and no one knows what that cost is?!? [[BR]]
    158 This page also discusses the issue: https://gitlab.isc.org/isc-projects/bind9/issues/1042
     161
     162
     163Confirmed that building with the --disable-linux-caps removes the error condition.
     164
     165
     166----
     167
     168Want to verify the validity of the downloaded files from isc instead of trusting the MD5 from the book?[[BR]]
     169Run these commands if you have gpg installed:
     170
     171
     172{{{
     173wget ftp://ftp.isc.org/isc/pgpkeys/codesign2019.txt
     174wget ftp://ftp.isc.org/isc/bind9/cur/9.14/bind-9.14.7.tar.{gz,gz.asc}
     175
     176gpg --import codesign2019.txt
     177gpg -d bind-9.14.7.tar.gz.asc 2>&1 |grep 'Good\|BAD'
     178}}}
     179
     180Downloads and imports isc public key, imports to keyring, check the file.