LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-25-2008, 06:47 AM   #1
fedora_user
Member
 
Registered: Jan 2006
Posts: 112

Rep: Reputation: 15
how best to deal with updating/patching dns server


I have taken over control of a dns server(rhe 4) which serves a small department. Now the senior IT manager of the company has requested for me to update the dns bind (9) server. I have noticed that this server has been patched/updated for over a year. i would like to know what is the best way of bringing it up to date without causing any config files to be over written or cause any kind of disruption to the users.
really appreciate your reply.
thanks
 
Old 07-25-2008, 07:10 AM   #2
FranDango
Member
 
Registered: Jun 2008
Posts: 101

Rep: Reputation: 15
You should find out how the system has been updated. If some update application like yum was used, then you can use that one to do the updates.

I once run into a RHEL server where yum was installed, but certain packages (MySQL for example) have been installed with a different procedure for some paranoid security reasons.

Run 'rpm -qi <packagename>' to see if the software that has to be updated is part of the RPM database at all.

Using yum for update will keep configuration files intact. In cases where new versions have a conflicting format for configuration files usually the older settings are saved in the same location with the .rpmsave extension appended.

Never be too proud to ask the IT senior manager for advice - it will be worse if you do it alone and you screw it all up.

Linux Archive

Last edited by FranDango; 09-20-2008 at 07:13 AM.
 
Old 07-25-2008, 07:24 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,332
Blog Entries: 55

Rep: Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533
In addition to what's been said already: preparation is half the work. Somebody recently noticed that new BIND RPM packages lack %config(noreplace), which is unexpected behaviour, don't know if that's fixed yet. (Just making the case for making backups *always*.) Backup related config, zones, get the packages, then checkout the packages. Minimally run the upgrade in test mode with the "--test" switch, for crucial packages you may want to check the bug tracker for issues, check --changelog and --scripts as well as exploding the package to read usr/share/docs/packagename/. If you upgrade you could use --repackage if you didn't already specify that in your rpmrc or rpmmacros. Disruption in a professional environment should IMHO be subject to whatever the SLA says. If you have a SLA that requires you to ensure no (whichever way "no" is defined there) disruption takes place then I'd suggest using a staging machine to test deployment of new packages. In some cases that doesn't need to be a physical machine but can be a VM as well.
 
Old 07-25-2008, 12:08 PM   #4
fedora_user
Member
 
Registered: Jan 2006
Posts: 112

Original Poster
Rep: Reputation: 15
thanks FranDango/unSpawn
updates in the past have been done via rh own update interface, not yum or any other for that matter. as the server is backed up its always within easy reach things got screwed up. i think i will use the same method but as the server hadnt been update for over 62 weeks i wasnt sure if it was a goo idea to just do the update and see what happens as i have the backup available...
 
Old 07-29-2008, 12:32 PM   #5
fedora_user
Member
 
Registered: Jan 2006
Posts: 112

Original Poster
Rep: Reputation: 15
hi
i relised the best way to deal was to setup a slave dns server. this then allowed me to take down the master and updated with whatever updates.
i used up2date to do the updates. however my other question is whethere is any way of knowing for sure if an errata has been updated. i guess what im looking for is a means to check any recently installed updates. i checked all the up2date options but wasnt successful. any help much appreciated.
 
Old 07-29-2008, 12:51 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,332
Blog Entries: 55

Rep: Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533
Quote:
Originally Posted by fedora_user View Post
whethere is any way of knowing for sure if an errata has been updated. i guess what im looking for is a means to check any recently installed updates. i checked all the up2date options but wasnt successful.
I vaguely remember that in the Red Hat up2date web interface you have a screen where you see per system which updates are available, which are installed and what the installation status is "OK" or "failed". Locally, with "old" RPM versions those that don't have "--last", you could list packages by installdate with 'rpm -qa --qf="%{INSTALLTIME:date} %{NAME}\n" | sort'. If you know it's like ten packages then you could cut off output with something like '|head 10'.
 
Old 07-30-2008, 05:11 AM   #7
fedora_user
Member
 
Registered: Jan 2006
Posts: 112

Original Poster
Rep: Reputation: 15
unSpawn
cheers great command, however id didnt pick up on this important bind security update. youre right it does show it via the online rhn site however just wanted to make sure from the server side.thanks all the same.
 
Old 07-30-2008, 07:31 AM   #8
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,332
Blog Entries: 55

Rep: Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533
Serverside, if you know the package_name-version.release string, you can just query the RPMDB for that, right?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how to configure another dns server to combine use with primary current dns server. hocheetiong Linux - Newbie 1 05-29-2008 07:57 PM
LXer: Find out DNS Server Version With DNS Server Fingerprinting Tool LXer Syndicated Linux News 0 12-21-2007 06:30 PM
LXer: Find out DNS Server Version With DNS Server Fingeprinting Tool LXer Syndicated Linux News 0 12-21-2007 05:50 PM
Updating DNS Server Information stlyz3 Linux - Server 2 12-04-2007 12:08 PM
LXer: The Fourth ‘Patent Deal’ was with Europe… and the Sixth Deal That Won’t be LXer Syndicated Linux News 0 10-24-2007 04:40 PM


All times are GMT -5. The time now is 08:50 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration