Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.security > #6379

Re: bind9 update 9.16.50 -- too many record

Show all headers | View raw

[Multipart message — attachments visible in raw view] - view raw

Hi Lee, Ondrej, Salvatore

I didn't follow up on this because your backport of the configuration
settings was done  after my original message in August: the
9.16.50-1~deb11u2 version, which landed during my holiday break.

Since then, we are able to set the appropriate configuration settings to
enable more than 100 SRV records and our Bind9 instance is running fine.

So on my side this is fixed, and I thank the maintainers for having
backported the config options.
My original complaint was that we had a functional regression in a security
update, and no way of recovering a working bind9 without these
configuration settings. We had to resort to pin an older version (the -48
version), and Ondrej what you did with deb11u2 fixed our issue.

Thank you for looking back at this thread anyway. Bookworm is in our sights
so we'll have a more recent version of the package.

Guillaume

On Wed, Nov 27, 2024 at 11:32 PM Salvatore Bonaccorso <carnil@debian.org>
wrote:

> Hi Ondrej,
>
> On Mon, Jul 29, 2024 at 12:14:01PM +0200, Ondřej Surý wrote:
> > I've now also ported all the changes to the system tests, so I can
> > confirm the changes are correct and I've now uploaded the version
> > with configuration options to security-master.
> >
> > This means that information in:
> >
> > https://kb.isc.org/docs/rrset-limits-in-zones
> >
> > also applies to bind9_9.16.50-1~deb11u2.
> >
> > Salvatore, when you are communicating this, I would frame this
> > as an improvement to the original patches.
>
> I was actually aiming to see this followup improvement via the last
> point release, but I think now it's equally well to release a followup
> DSA.
>
> You have tested patches, but still would be good to have a
> confirmation from Guillaume, before the followup goes out.
>
> > It is still recommended to upgrade to bookworm though.
>
> Ack!
>
> Regards,
> Salvatore
>
>

-- 



  Guillaume Bienkowski
  Infrastructure Manager
  +33 6 18 30 78 10
[image: Braincube LinkedIn]
<https://www.linkedin.com/company/braincubefr/> [image:
Braincube Facebook]
<https://www.facebook.com/braincube.manufacturing.intelligence/> [image:
Braincube Twitter] <https://twitter.com/braincubeen> braincube.com

[image: AI readiness assessment]
<https://info.braincube.com/l/801593/2024-08-05/5fhlmv>
*To learn more about the management of your personal data and your
rights, click here <https://braincube.com/privacy-policy/>.*

Back to linux.debian.security | Previous | Next — Previous in thread | Find similar

Thread

bind9 update 9.16.50 -- too many record Guillaume Bienkowski <guillaume.bienkowski@braincube.com> - 2024-07-26 17:30 +0200
  Re: bind9 update 9.16.50 -- too many record Lee <ler762@gmail.com> - 2024-07-26 21:50 +0200
    Re: bind9 update 9.16.50 -- too many record Salvatore Bonaccorso <carnil@debian.org> - 2024-07-28 07:40 +0200
      Re: bind9 update 9.16.50 -- too many record Ondřej Surý <ondrej@sury.org> - 2024-07-28 10:30 +0200
        Re: bind9 update 9.16.50 -- too many record Guillaume Bienkowski <guillaume.bienkowski@braincube.com> - 2024-07-28 18:30 +0200
        Re: bind9 update 9.16.50 -- too many record Ondřej Surý <ondrej@sury.org> - 2024-07-29 12:20 +0200
          Re: bind9 update 9.16.50 -- too many record Salvatore Bonaccorso <carnil@debian.org> - 2024-07-29 15:30 +0200
            Re: bind9 update 9.16.50 -- too many record Guillaume Bienkowski <guillaume.bienkowski@braincube.com> - 2024-11-28 10:30 +0100

csiph-web