upgrade : bind9 packages fix cryptographic weakness

| Posted in DNS, Linux Server, Security

Florian Weimer dari debian-security@lists.debian.org memberitahukan ada update terbaru dari paket bind9, update paket bind9 bersamaan dengan keluarnya update ntp dan OpenSSL. Proses upgrade bind9 yang berfungsi sebagai domain name server saya upgrade untuk mesin Primary dan Secondary DNS. Berikut proses upgradenya :

custrelay:/home/gtoms# apt-get update
Get:1 http://debian.indika.net.id etch Release.gpg [386B]
Hit http://debian.indika.net.id etch Release
Ign http://debian.indika.net.id etch/main Packages/DiffIndex
Ign http://debian.indika.net.id etch/main Sources/DiffIndex
Hit http://debian.indika.net.id etch/main Packages
Hit http://debian.indika.net.id etch/main Sources
Get:2 http://security.debian.org etch/updates Release.gpg [189B]
Get:3 http://security.debian.org etch/updates Release [37.6kB]
Ign http://security.debian.org etch/updates/main Packages/DiffIndex
Ign http://security.debian.org etch/updates/contrib Packages/DiffIndex
Ign http://security.debian.org etch/updates/main Sources/DiffIndex
Ign http://security.debian.org etch/updates/contrib Sources/DiffIndex
Get:4 http://security.debian.org etch/updates/main Packages [395kB]
Hit http://security.debian.org etch/updates/contrib Packages
Get:5 http://security.debian.org etch/updates/main Sources [60.5kB]
Hit http://security.debian.org etch/updates/contrib Sources
Fetched 494kB in 5s (97.5kB/s)
Reading package lists… Done
custrelay:/home/gtoms# apt-get upgrade
Reading package lists… Done
Building dependency tree… Done
The following packages will be upgraded:
bind9 bind9-host dnsutils libbind9-0 libdns22 libisc11 libisccc0 libisccfg1 liblwres9 libperl5.8 libssl0.9.8 linux-image-2.6.18-6-686 ntp
ntpdate openssl perl perl-base perl-modules
19 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 30.3MB of archives.
After unpacking 958kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://security.debian.org etch/updates/main perl-modules 5.8.8-7etch6 [2328kB]
Get:2 http://security.debian.org etch/updates/main perl 5.8.8-7etch6 [3599kB]
Get:3 http://security.debian.org etch/updates/main libperl5.8 5.8.8-7etch6 [527kB]
Get:4 http://security.debian.org etch/updates/main perl-base 5.8.8-7etch6 [763kB]
Get:5 http://security.debian.org etch/updates/main linux-image-2.6.18-6-686 2.6.18.dfsg.1-23etch1 [16.5MB]
Get:6 http://security.debian.org etch/updates/main libssl0.9.8 0.9.8c-4etch4 [2721kB]
Get:7 http://security.debian.org etch/updates/main bind9 1:9.3.4-2etch4 [296kB]
Get:8 http://security.debian.org etch/updates/main libisc11 1:9.3.4-2etch4 [170kB]
Get:9 http://security.debian.org etch/updates/main libisccc0 1:9.3.4-2etch4 [95.0kB]
Get:10 http://security.debian.org etch/updates/main libisccfg1 1:9.3.4-2etch4 [106kB]
Get:11 http://security.debian.org etch/updates/main liblwres9 1:9.3.4-2etch4 [110kB]
Get:12 http://security.debian.org etch/updates/main libdns22 1:9.3.4-2etch4 [473kB]
Get:13 http://security.debian.org etch/updates/main libbind9-0 1:9.3.4-2etch4 [95.0kB]
Get:14 http://security.debian.org etch/updates/main bind9-host 1:9.3.4-2etch4 [113kB]
Get:15 http://security.debian.org etch/updates/main dnsutils 1:9.3.4-2etch4 [181kB]
Get:16 http://security.debian.org etch/updates/main ntp 1:4.2.2.p4+dfsg-2etch1 [329kB]
Get:17 http://security.debian.org etch/updates/main ntpdate 1:4.2.2.p4+dfsg-2etch1 [57.8kB]
Get:18 http://security.debian.org etch/updates/main openssl 0.9.8c-4etch4 [1015kB]
Fetched 30.3MB in 1m1s (495kB/s)
Preconfiguring packages …
(Reading database … 20124 files and directories currently installed.)
Preparing to replace perl-modules 5.8.8-7etch3 (using …/perl-modules_5.8.8-7etch6_all.deb) ...
Unpacking replacement perl-modules …
Preparing to replace perl 5.8.8-7etch3 (using …/perl_5.8.8-7etch6_i386.deb) ...
Unpacking replacement perl …
Preparing to replace libperl5.8 5.8.8-7etch3 (using …/libperl5.8_5.8.8-7etch6_i386.deb) ...
Unpacking replacement libperl5.8 …
Preparing to replace perl-base 5.8.8-7etch3 (using …/perl-base_5.8.8-7etch6_i386.deb) ...
Unpacking replacement perl-base …
Setting up perl-base (5.8.8-7etch6) ...
(Reading database … 20124 files and directories currently installed.)
Preparing to replace linux-image-2.6.18-6-686 2.6.18.dfsg.1-23 (using …/linux-image-2.6.18-6-686_2.6.18.dfsg.1-23etch1_i386.deb) ...
The directory /lib/modules/2.6.18-6-686 still exists. Continuing as directed.
Done.
Unpacking replacement linux-image-2.6.18-6-686 …
Running postrm hook script /sbin/update-grub.
You shouldn’t call /sbin/update-grub. Please call /usr/sbin/update-grub instead!

Searching for GRUB installation directory … found: /boot/grub
Searching for default file … found: /boot/grub/default
Testing for an existing GRUB menu.lst file … found: /boot/grub/menu.lst
Searching for splash image … none found, skipping …
Found kernel: /boot/vmlinuz-2.6.18-6-686
Updating /boot/grub/menu.lst … done

Preparing to replace libssl0.9.8 0.9.8c-4etch3 (using …/libssl0.9.8_0.9.8c-4etch4_i386.deb) ...
Unpacking replacement libssl0.9.8 …
Preparing to replace bind9 1:9.3.4-2etch3 (using …/bind9_1%3a9.3.4-2etch4_i386.deb) ...
Stopping domain name service…: bind.
Unpacking replacement bind9 …
Preparing to replace libisc11 1:9.3.4-2etch3 (using …/libisc11_1%3a9.3.4-2etch4_i386.deb) ...
Unpacking replacement libisc11 …
Preparing to replace libisccc0 1:9.3.4-2etch3 (using …/libisccc0_1%3a9.3.4-2etch4_i386.deb) ...
Unpacking replacement libisccc0 …
Preparing to replace libisccfg1 1:9.3.4-2etch3 (using …/libisccfg1_1%3a9.3.4-2etch4_i386.deb) ...
Unpacking replacement libisccfg1 …
Preparing to replace liblwres9 1:9.3.4-2etch3 (using …/liblwres9_1%3a9.3.4-2etch4_i386.deb) ...
Unpacking replacement liblwres9 …
Preparing to replace libdns22 1:9.3.4-2etch3 (using …/libdns22_1%3a9.3.4-2etch4_i386.deb) ...
Unpacking replacement libdns22 …
Preparing to replace libbind9-0 1:9.3.4-2etch3 (using …/libbind9-0_1%3a9.3.4-2etch4_i386.deb) ...
Unpacking replacement libbind9-0 …
Preparing to replace bind9-host 1:9.3.4-2etch3 (using …/bind9-host_1%3a9.3.4-2etch4_i386.deb) ...
Unpacking replacement bind9-host …
Preparing to replace dnsutils 1:9.3.4-2etch3 (using …/dnsutils_1%3a9.3.4-2etch4_i386.deb) ...
Unpacking replacement dnsutils …
Preparing to replace ntp 1:4.2.2.p4+dfsg-2 (using …/ntp_1%3a4.2.2.p4+dfsg-2etch1_i386.deb) ...
Stopping NTP server: ntpd.
Unpacking replacement ntp …
Preparing to replace ntpdate 1:4.2.2.p4+dfsg-2 (using …/ntpdate_1%3a4.2.2.p4+dfsg-2etch1_i386.deb) ...
Unpacking replacement ntpdate …
Preparing to replace openssl 0.9.8c-4etch3 (using …/openssl_0.9.8c-4etch4_i386.deb) ...
Unpacking replacement openssl …
Setting up libperl5.8 (5.8.8-7etch6) ...

Setting up linux-image-2.6.18-6-686 (2.6.18.dfsg.1-23etch1) ...

Hmm. The package shipped with a symbolic link /lib/modules/2.6.18-6-686/source
However, I can not read the target: No such file or directory
Therefore, I am deleting /lib/modules/2.6.18-6-686/source

Running depmod.
Finding valid ramdisk creators.
Using mkinitramfs-kpkg to build the ramdisk.
Not updating initrd symbolic links since we are being updated/reinstalled
(2.6.18.dfsg.1-23 was configured last, according to dpkg)
Not updating image symbolic links since we are being updated/reinstalled
(2.6.18.dfsg.1-23 was configured last, according to dpkg)
Running postinst hook script /sbin/update-grub.
You shouldn’t call /sbin/update-grub. Please call /usr/sbin/update-grub instead!

Searching for GRUB installation directory … found: /boot/grub
Searching for default file … found: /boot/grub/default
Testing for an existing GRUB menu.lst file … found: /boot/grub/menu.lst
Searching for splash image … none found, skipping …
Found kernel: /boot/vmlinuz-2.6.18-6-686
Updating /boot/grub/menu.lst … done

Setting up libssl0.9.8 (0.9.8c-4etch4) ...
Setting up libisc11 (9.3.4-2etch4) ...
Setting up libdns22 (9.3.4-2etch4) ...
Setting up libisccc0 (9.3.4-2etch4) ...
Setting up libisccfg1 (9.3.4-2etch4) ...
Setting up libbind9-0 (9.3.4-2etch4) ...
Setting up liblwres9 (9.3.4-2etch4) ...
Setting up bind9 (9.3.4-2etch4) ...
Starting domain name service…: bind.
Setting up bind9-host (9.3.4-2etch4) ...
Setting up dnsutils (9.3.4-2etch4) ...
Setting up ntpdate (4.2.2.p4+dfsg-2etch1) ...
Setting up openssl (0.9.8c-4etch4) ...
Setting up perl-modules (5.8.8-7etch6) ...
Setting up perl (5.8.8-7etch6) ...
Setting up ntp (4.2.2.p4+dfsg-2etch1) ...
Starting NTP server: ntpd.

custrelay:/home/gtoms#

Setelah selesai, tinggal ngecek status named running dengan perintah netstat -nltup atau ps axf. Kemudian menggunakan Bind tools seperti nslookup, dig, host testing ke beberapa situs dan domain di internet untuk melihat kelincahan pencarian domain yang dilakukan Bind9 ini.

Langkah update Secondary DNS sama dengan proses update di mesin Primary DNS diatas.

Write a comment