New Versions of BIND are available (9.9.4, 9.8.6, and 9.6-ESV-R10)

Noel Butler noel.butler at ausics.net
Fri Sep 20 02:48:31 UTC 2013 

On Fri, 2013-09-20 at 01:59 +0000, Vernon Schryver wrote:

> > From: Noel Butler <noel.butler at ausics.net>
> 
> > now, I never ran it as patches, my policy is only use official upstream
> > sources, so my first play around was with 9.9.3.b2 I think it was.
> 
> BIND 9.9.4 and its immediately preceding "beta" and "release
> candidate" releases are the first versions of BIND that were not
> "patched."  Some third parties including FreeBSD and a Linux
> distributor added RRL patches to their versions, but those BIND+RRL
> versions differed from any other version of BIND+RRL patch only by
> someone else having applied the patch.
> 


yeah, as I said, I thought it was that beta, I dont use distros versions
of key daemons, most are too outdated for my liking, even  Slackware and
Gentoo, whoich are more current than most.

> 
> > plenty of delayed mail -  hostname lookup failures (mostly because of
> > URI/DNS BL's), so it certainly works as intended :)
> 
> That sounds unrelated to RRL.  Again, RRL affects standards compliant
> DNS clients no more than a 50% packet loss rate on the path from the
> DNS client and to the server.  If your mail system suffered hostname
> lookup failures, then I think something else was broken.
> 


Nope, either way, daemon.log was filling up with messages indicating
RRL, last time I tried, Aug 29,

lots of  
limit NXDOMAIN responses to xxxxxxxx/24 for zen.spamhaus.org , 
limit NXDOMAIN responses to xxxxxx/24 for xxx.net 

pretty much one for every DNSBL, URIBL etc used.... 

The problem occurred within a minute of enabling RRL, and ended right
after disabling RRL.
on that date, log files show the version was actually BIND 9.9.4rc1

Now I've read your link, I can perhaps understand more the options and
fine tune it, but bout to head out for lunch so, might pla around later
this afternoon.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130920/dd6ac95a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130920/dd6ac95a/attachment.bin>

More information about the bind-users mailing list