[Bug 1202278] [NEW] bind9 has no rate limit option

Robstarusa rob at naseca.net
Wed Jul 17 16:05:02 UTC 2013

*** This bug is a security vulnerability ***

Public security bug reported:

Bind9 is vulnerable to being used as a DDOS even when recursion is turned off.
Ref: http://www.us-cert.gov/ncas/alerts/TA138-088A

Can the Ubuntu team (or whomever is responsible for the bind9 package)
please integrate this into a new package for the LTS?

I've looked at the changelogs for 12.04 on bind9 package & can't see
that it was added.  I've also tried adding the rate limit directive & I
get "uknown option rate-limit" and bind9 fails to start.

As of this update, I have the latest bind9 package installed (
1:9.8.1.dfsg.P1-4ubuntu0.6 )

One recommended fix is here:


If this is not elgible for an LTS, can we please add it to 12.10 or

Thank you,


** Affects: bind9 (Ubuntu)
     Importance: Undecided
         Status: New

** Information type changed from Private Security to Public Security

You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in Ubuntu.

  bind9 has no rate limit option

To manage notifications about this bug go to:

More information about the Ubuntu-server-bugs mailing list