[dns-operations] "RHN Bind Update Brings Down RHEL Named" (slashdot)

Florian Weimer fw at deneb.enyo.de
Fri Jul 18 16:08:07 UTC 2008

* Paul Vixie quotes Slashdot:

> "Red Hat's response to update bind through RHN, patching the DNS hole, made
> a fatal error which will revert all name servers to caching only
> servers.

This summary is incorrect.  The caching-only name server packages
overrides administrator changes on upgrade (however, the old
configuration is backed up).

Apparently, some folks have built their authoritative name server on top
of the caching name server packages, and were surprised when after the
upgrade, the servers turns back into a caching-only name server again.

In Debian, we were faced with a similar dilemma: The default
configuration files explain how to set the query source port to 53.  We
could have removed that comment in the security update, but this would
have made the upgrade non-interactive if the configuration file had been
changed by the administrator (which is rather likely), and some people
might have accidentally installed the original version, overwriting
their changes.  That's why even after the security update, there's a
misleading comment in the default configuration file. 8-(

More information about the dns-operations mailing list