*** This bug is a security vulnerability *** Public security bug reported:
Bind9 is vulnerable to being used as a DDOS even when recursion is turned off. Ref: http://www.us-cert.gov/ncas/alerts/TA138-088A Can the Ubuntu team (or whomever is responsible for the bind9 package) please integrate this into a new package for the LTS? I've looked at the changelogs for 12.04 on bind9 package & can't see that it was added. I've also tried adding the rate limit directive & I get "uknown option rate-limit" and bind9 fails to start. As of this update, I have the latest bind9 package installed ( 1:9.8.1.dfsg.P1-4ubuntu0.6 ) One recommended fix is here: http://www.redbarn.org/dns/ratelimits If this is not elgible for an LTS, can we please add it to 12.10 or 13.04? Thank you, Robert ** Affects: bind9 (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/1202278 Title: bind9 has no rate limit option To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1202278/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
