Your message dated Fri, 17 Mar 2017 18:33:59 +0000 with message-id <e1cowhl-000iqk...@fasolo.debian.org> and subject line Bug#854243: fixed in bind9 1:9.10.3.dfsg.P4-12.1 has caused the Debian Bug report #854243, regarding bind9 - Reads /dev/random in named and does not longer answer to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 854243: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854243 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: bind9 Version: 1:9.10.3.dfsg.P4-11 Severity: grave bind9 uses /dev/random unconditionally without the possibility to change that in the configuration. It uses it for example in dnssec-keygen or during dnssec key operations in named. /dev/random can and will block at random times. If this happens in named, the whole daemon will cease to answer any requests. In my tests this always happens with ECDSA key operations, which needs randomness. This is effectively a DoS. Bastian -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---Source: bind9 Source-Version: 1:9.10.3.dfsg.P4-12.1 We believe that the bug you reported is fixed in the latest version of bind9, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 854...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastian Blank <wa...@debian.org> (supplier of updated bind9 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 17 Mar 2017 19:07:16 +0100 Source: bind9 Binary: bind9 bind9utils bind9-doc host bind9-host libbind-dev libbind9-140 libdns162 libirs141 libisc160 liblwres141 libisccc140 libisccfg140 dnsutils lwresd libbind-export-dev libdns-export162 libdns-export162-udeb libisc-export160 libisc-export160-udeb libisccfg-export140 libisccc-export140 libisccc-export140-udeb libisccfg-export140-udeb libirs-export141 libirs-export141-udeb Architecture: source Version: 1:9.10.3.dfsg.P4-12.1 Distribution: unstable Urgency: medium Maintainer: LaMont Jones <lam...@debian.org> Changed-By: Bastian Blank <wa...@debian.org> Description: bind9 - Internet Domain Name Server bind9-doc - Documentation for BIND bind9-host - Version of 'host' bundled with BIND 9.X bind9utils - Utilities for BIND dnsutils - Clients provided with BIND host - Transitional package libbind-dev - Static Libraries and Headers used by BIND libbind-export-dev - Development files for the exported BIND libraries libbind9-140 - BIND9 Shared Library used by BIND libdns-export162 - Exported DNS Shared Library libdns-export162-udeb - Exported DNS library for debian-installer (udeb) libdns162 - DNS Shared Library used by BIND libirs-export141 - Exported IRS Shared Library libirs-export141-udeb - Exported IRS library for debian-installer (udeb) libirs141 - DNS Shared Library used by BIND libisc-export160 - Exported ISC Shared Library libisc-export160-udeb - Exported ISC library for debian-installer (udeb) libisc160 - ISC Shared Library used by BIND libisccc-export140 - Command Channel Library used by BIND libisccc-export140-udeb - Command Channel Library used by BIND (udeb) libisccc140 - Command Channel Library used by BIND libisccfg-export140 - Exported ISC CFG Shared Library libisccfg-export140-udeb - Exported ISC CFG library for debian-installer (udeb) libisccfg140 - Config File Handling Library used by BIND liblwres141 - Lightweight Resolver Library used by BIND lwresd - Lightweight Resolver Daemon Closes: 854243 Changes: bind9 (1:9.10.3.dfsg.P4-12.1) unstable; urgency=medium . * Non-maintainer upload. * Use /dev/urandom to avoid blocking in the server process. (closes: #854243) Checksums-Sha1: b597338da8731f5412d91d0cc00e8f8433d42fcd 3413 bind9_9.10.3.dfsg.P4-12.1.dsc d2df6a41cd6080cf9e2c2022fd16fa333b7238cc 75408 bind9_9.10.3.dfsg.P4-12.1.debian.tar.xz 4fe62519c6eaa50f07478a7d042c7b9ab31d7344 6711 bind9_9.10.3.dfsg.P4-12.1_source.buildinfo Checksums-Sha256: 244d47cbe56f9bd25ca8d22a1111ebde3181beb36ca5148c4ad3fd68e440a4d0 3413 bind9_9.10.3.dfsg.P4-12.1.dsc 62f1f0faca3b6011b091ef1b9e729f3393bf2b8f587fe870f75b4897ffabaa74 75408 bind9_9.10.3.dfsg.P4-12.1.debian.tar.xz dcca20681259644e54cc9aef7aab46c9fbfe3d3098f2e3328ed3dc656c37738c 6711 bind9_9.10.3.dfsg.P4-12.1_source.buildinfo Files: 4ddea9fbcdfe60fa92054f518e511baf 3413 net optional bind9_9.10.3.dfsg.P4-12.1.dsc 23068fcf6e48993d31e99c94a1d59e39 75408 net optional bind9_9.10.3.dfsg.P4-12.1.debian.tar.xz 3c2deb053c8b38f2fe8f842077b7ba01 6711 net optional bind9_9.10.3.dfsg.P4-12.1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEER3HMN63jdS1rqjxLbZOIhYpp/lEFAljMJ7kACgkQbZOIhYpp /lEvnwgAw1boEvywYkkpfHp1PRnsYD3IoQg/ta6ztNt2gXxcH3dmWzosuypsc48t 77sJ9oaybgvI2Iqu7YsAtJrUxtID8kas7XnPx6aO6dtt4xkShX2tRglglwdKDPi8 VDqxCxtulmxRY55wzJY+UwCdDaj2xkumslmFylbM1ezEd1eXXEkSdjhdChrct/gY NormGiioFlPSc+XTWnqpk+YZW+c5iYJc+UT4TY8e7WQYO3+6JyE68DY4JM1oEuOz L0vKiP6fjyDbuWc0cNoIp2fpsvRRYgR0LQrzp55GUvYs0Y+FicnPb/mq7sWQg2Rb z51OV7PHT8orabBc+v6r5ICfJ3sHdQ== =1dOK -----END PGP SIGNATURE-----
--- End Message ---
