[dns-operations] CVE 2015-8000 actively exploited yesterday

Anand Buddhdev anandb at ripe.net
Thu Dec 17 08:05:49 UTC 2015

On 17/12/15 02:49, Robert Edmonds wrote:

> RHEL 7 is systemd-based (so it doesn't help the original poster, who's
> running RHEL 6, which is upstart-based), so this is basically a

Actually, upstart is also a supervisor, so it can keep BIND alive. On
our CentOS 6 servers, we have /etc/init/named.conf, containing:

start on stopped rc
stop on runlevel [016]
    [ -f /etc/sysconfig/named ] && . /etc/sysconfig/named || :
    exec /usr/sbin/named -f -u named $OPTIONS
end script
kill timeout 60

This allows upstart to start and watch the named process, and respawn it
in case it exits unexpectedly.


More information about the dns-operations mailing list