# Named vulnerability on RELENG_7_0



## clinty (Jul 31, 2009)

Hello.

One of my server use FreeBSD 7.0. I can't upgrade the system, impossible. 
Is any solution to have the lastest Named (in FreeBSD system) in 7.0 ?

Thanks.


----------



## SirDice (Jul 31, 2009)

Since 7.0 isn't supported anymore you are pretty much on your own.

You could however try to apply the patch on 7.0. This may need quite a bit of tinkering though.


----------



## clinty (Jul 31, 2009)

And what do you think about bind9 port? Is there differences between bind port and bind system?


----------



## DutchDaemon (Jul 31, 2009)

The ports will work just fine. Just choose to replace the base system BIND in make config. Always reinstall the port after an OS upgrade.


----------



## SirDice (Jul 31, 2009)

You will have to make sure your ports tree is up2date. Otherwise you would still be installing an old (and perhaps vulnerable) bind version.


----------



## clinty (Jul 31, 2009)

About the Bind chroot, is in working out of the box with the Bind port ?


----------



## DutchDaemon (Jul 31, 2009)

Yes, because chrooting of BIND takes place in /etc/defaults/rc.conf, and the port versions of BIND will use the same variables. It's a drop-in replacement.


----------



## clinty (Jul 31, 2009)

Does we have to compile bind port with SIGCHASE (dig/host/nslookup will do DNSSEC validation) option?
I would like to have the same options than the Bind included in FreeBSD 7.0 system.

Thanks!


----------



## DutchDaemon (Jul 31, 2009)

You can use (or not use) any option you like. Just turn things on or off in [cmd=]make config[/cmd].


----------



## clinty (Jul 31, 2009)

I know I can use any option I like 
My question was : to have the same Bind than FreeBSD system, have I to enable SIGCHASE option?


----------



## DutchDaemon (Aug 1, 2009)

I have no idea. The fact that all ports versions have it defaulted to off makes me think it isn't on in the base version either.


----------

