On Mon, Jan 21, 2013 at 06:08:58PM +0100, Peter Palfrader wrote: > With the grown deployment of DNSSEC and more information being put into > the domain name system, DNS servers have become and are becoming a > useful tool for denial of service attacks by providing amplification: > a single UDP packet of only a few bytes causes a response many times the > size of the query. > > Debian admin has deployed the patch at [2] to the bind running the > debian.org nameservers - else debian.org's nameservers would not have > any resources left to answer legitimate queries. > > We think it important that the bind version Debian ships be actually > useable by the internet community in general, and ourselves in > particular. Therefore we ask you (and the release folks) to consider > shipping wheezy's bind with the rate limiting patches applied.
Agreed. I've added the patch to 9.9.2-P1 (which I will upload to experimental later today.) I have also started the discussion with the release team about getting this into 9.8.4-P1 with bug 698658. lamont -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
