New Versions of BIND are available (9.9.4, 9.8.6, and 9.6-ESV-R10)
Vernon Schryver
vjs at rhyolite.com
Fri Sep 20 01:59:58 UTC 2013
> From: Noel Butler <noel.butler at ausics.net>
> now, I never ran it as patches, my policy is only use official upstream
> sources, so my first play around was with 9.9.3.b2 I think it was.
BIND 9.9.4 and its immediately preceding "beta" and "release
candidate" releases are the first versions of BIND that were not
"patched." Some third parties including FreeBSD and a Linux
distributor added RRL patches to their versions, but those BIND+RRL
versions differed from any other version of BIND+RRL patch only by
someone else having applied the patch.
> plenty of delayed mail - hostname lookup failures (mostly because of
> URI/DNS BL's), so it certainly works as intended :)
That sounds unrelated to RRL. Again, RRL affects standards compliant
DNS clients no more than a 50% packet loss rate on the path from the
DNS client and to the server. If your mail system suffered hostname
lookup failures, then I think something else was broken.
Recall that the design goals of RRL include contining to provide
services to legitimate DNS clients at the same IP address as are
being forged in a DNS reflection DoS attack.
Vernon Schryver vjs at rhyolite.com
More information about the bind-users
mailing list