[Bug 1202278] [NEW] bind9 has no rate limit option
Robstarusa
rob at naseca.net
Wed Jul 17 16:05:02 UTC 2013
*** This bug is a security vulnerability ***
Public security bug reported:
Bind9 is vulnerable to being used as a DDOS even when recursion is turned off.
Ref: http://www.us-cert.gov/ncas/alerts/TA138-088A
Can the Ubuntu team (or whomever is responsible for the bind9 package)
please integrate this into a new package for the LTS?
I've looked at the changelogs for 12.04 on bind9 package & can't see
that it was added. I've also tried adding the rate limit directive & I
get "uknown option rate-limit" and bind9 fails to start.
As of this update, I have the latest bind9 package installed (
1:9.8.1.dfsg.P1-4ubuntu0.6 )
One recommended fix is here:
http://www.redbarn.org/dns/ratelimits
If this is not elgible for an LTS, can we please add it to 12.10 or
13.04?
Thank you,
Robert
** Affects: bind9 (Ubuntu)
Importance: Undecided
Status: New
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in Ubuntu.
https://bugs.launchpad.net/bugs/1202278
Title:
bind9 has no rate limit option
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1202278/+subscriptions
More information about the Ubuntu-server-bugs
mailing list