Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.security > #6379
| Path | csiph.com!tncsrv06.tnetconsulting.net!newsfeed.endofthelinebbs.com!news.corradoroberto.it!gothmog.csi.it!bofh.it!news.nic.it!robomod |
|---|---|
| From | Guillaume Bienkowski <guillaume.bienkowski@braincube.com> |
| Newsgroups | linux.debian.security |
| Subject | Re: bind9 update 9.16.50 -- too many record |
| Date | Thu, 28 Nov 2024 10:30:01 +0100 |
| Message-ID | <JNJ0t-cbLP-3@gated-at.bofh.it> (permalink) |
| References | <J4v3j-uSc-1@gated-at.bofh.it> <J4z6V-xZd-15@gated-at.bofh.it> <J54Nr-U2Q-1@gated-at.bofh.it> <J57rX-VGW-1@gated-at.bofh.it> <J5vDX-1eiH-5@gated-at.bofh.it> <J5yBP-1g42-3@gated-at.bofh.it> |
| X-Original-To | Ondřej Surý <ondrej@sury.org>, Lee <ler762@gmail.com>, Guillaume Bienkowski <guillaume.bienkowski@braincube.com>, debian-security@lists.debian.org |
| X-Mailbox-Line | From debian-security-request@lists.debian.org Thu Nov 28 09:24:10 2024 |
| Old-Return-Path | <guillaume.bienkowski@braincube.com> |
| X-Amavis-Spam-Status | No, score=1.3 tagged_above=-10000 required=5.3 tests=[BAYES_05=-1.5, BODY_CLICK_HERE=5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=2, LDO_WHITELIST=-5, RCVD_IN_DNSWL_NONE=-0.0001, T_REMOTE_IMAGE=1] autolearn=no autolearn_force=no |
| X-Policyd-Weight | NOT_IN_SBL_XBL_SPAMHAUS=-1.5 CL_IP_EQ_HELO_IP=-2 (check from: .braincube. - helo: .mail-lf1-x12f.google. - helo-domain: .google.) FROM/MX_MATCHES_HELO(DOMAIN)=-2; rate: -5.5 |
| X-Forwarded-Encrypted | i=1; AJvYcCW+X4l0dF2tnOPAUNx1XWxzGcskSgiufTO0SVnzE3aO/PK0uG7+kOaeJRJhnj3e70Bs1qx3QIVkJQy51s2XYEk=@lists.debian.org |
| X-Gm-Message-State | AOJu0Ywr3L52SCmeNMSgl2V6yePw0Q15FVzePPlV5AaxNLfMzvzPVyzo k3hNO5Xwk3YD3AWFpSJ3LA1omra0USFQaK+5sSiHXclDR8dwu5GYqeQz/VltGVg2b4JtSEIN5tc mm+Z6OpCGCQcNa/552V59sYWyDrIEEDwUip1NZQ== |
| X-Gm-Gg | ASbGnctwbEQrgPXOShzK099Ni/Jw42EZXR7lV+GQ7xSDtOOvdxWg5vkeM/tHBrIYP73 1Jx8MKY7Qpk0qcWOVwim9UkkNqwFiN+31 |
| X-Google-SMTP-Source | AGHT+IEPeQp4ikOCPlE9D+vaFhUwpwFzVH0xvxJvQS7l6dKfQ4peBlAThnxzT84/NeNxFxUAo26nUsKUXqpcF2MgdeM= |
| X-Received | by 2002:a05:6512:ac6:b0:53d:db72:7923 with SMTP id 2adb3069b0e04-53df00d1abfmr3488324e87.19.1732784852122; Thu, 28 Nov 2024 01:07:32 -0800 (PST) |
| MIME-Version | 1.0 |
| Content-Type | multipart/alternative; boundary="000000000000955e1a0627f569f8" |
| X-Mailing-List | <debian-security@lists.debian.org> archive/latest/29569 |
| List-ID | <debian-security.lists.debian.org> |
| List-URL | <https://lists.debian.org/debian-security/> |
| List-Archive | https://lists.debian.org/msgid-search/CALZKZnWDp44Wv4ZRu2gZ9_nWJQVO=AeR8yBz3r6JCPOe4c9oKg@mail.gmail.com |
| Approved | robomod@news.nic.it |
| Lines | 193 |
| Organization | linux.* mail to news gateway |
| Sender | robomod@news.nic.it |
| X-Original-Date | Thu, 28 Nov 2024 10:07:16 +0100 |
| X-Original-Message-ID | <CALZKZnWDp44Wv4ZRu2gZ9_nWJQVO=AeR8yBz3r6JCPOe4c9oKg@mail.gmail.com> |
| X-Original-References | <CALZKZnXjZxBKgAUYoOMmn_GjPJCzt3txV_xm1Qtwt0FT+utjQg@mail.gmail.com> <CAD8GWssKgUv20Msy6uojH7ruHx9hEzAme2+fs1_xqiDsruvt-g@mail.gmail.com> <ZqXYJx49NOLmHcDk@eldamar.lan> <9F19D18E-A530-42D9-A80B-30E4CC8393FD@sury.org> <870A380B-C01D-413B-996E-C1769BFB0A1F@sury.org> <ZqeZLyxe-MSOvhdw@eldamar.lan> |
| Xref | csiph.com linux.debian.security:6379 |
Show key headers only | View raw
[Multipart message — attachments visible in raw view] - view raw
Hi Lee, Ondrej, Salvatore I didn't follow up on this because your backport of the configuration settings was done after my original message in August: the 9.16.50-1~deb11u2 version, which landed during my holiday break. Since then, we are able to set the appropriate configuration settings to enable more than 100 SRV records and our Bind9 instance is running fine. So on my side this is fixed, and I thank the maintainers for having backported the config options. My original complaint was that we had a functional regression in a security update, and no way of recovering a working bind9 without these configuration settings. We had to resort to pin an older version (the -48 version), and Ondrej what you did with deb11u2 fixed our issue. Thank you for looking back at this thread anyway. Bookworm is in our sights so we'll have a more recent version of the package. Guillaume On Wed, Nov 27, 2024 at 11:32 PM Salvatore Bonaccorso <carnil@debian.org> wrote: > Hi Ondrej, > > On Mon, Jul 29, 2024 at 12:14:01PM +0200, Ondřej Surý wrote: > > I've now also ported all the changes to the system tests, so I can > > confirm the changes are correct and I've now uploaded the version > > with configuration options to security-master. > > > > This means that information in: > > > > https://kb.isc.org/docs/rrset-limits-in-zones > > > > also applies to bind9_9.16.50-1~deb11u2. > > > > Salvatore, when you are communicating this, I would frame this > > as an improvement to the original patches. > > I was actually aiming to see this followup improvement via the last > point release, but I think now it's equally well to release a followup > DSA. > > You have tested patches, but still would be good to have a > confirmation from Guillaume, before the followup goes out. > > > It is still recommended to upgrade to bookworm though. > > Ack! > > Regards, > Salvatore > > -- Guillaume Bienkowski Infrastructure Manager +33 6 18 30 78 10 [image: Braincube LinkedIn] <https://www.linkedin.com/company/braincubefr/> [image: Braincube Facebook] <https://www.facebook.com/braincube.manufacturing.intelligence/> [image: Braincube Twitter] <https://twitter.com/braincubeen> braincube.com [image: AI readiness assessment] <https://info.braincube.com/l/801593/2024-08-05/5fhlmv> *To learn more about the management of your personal data and your rights, click here <https://braincube.com/privacy-policy/>.*
Back to linux.debian.security | Previous | Next — Previous in thread | Find similar
bind9 update 9.16.50 -- too many record Guillaume Bienkowski <guillaume.bienkowski@braincube.com> - 2024-07-26 17:30 +0200
Re: bind9 update 9.16.50 -- too many record Lee <ler762@gmail.com> - 2024-07-26 21:50 +0200
Re: bind9 update 9.16.50 -- too many record Salvatore Bonaccorso <carnil@debian.org> - 2024-07-28 07:40 +0200
Re: bind9 update 9.16.50 -- too many record Ondřej Surý <ondrej@sury.org> - 2024-07-28 10:30 +0200
Re: bind9 update 9.16.50 -- too many record Guillaume Bienkowski <guillaume.bienkowski@braincube.com> - 2024-07-28 18:30 +0200
Re: bind9 update 9.16.50 -- too many record Ondřej Surý <ondrej@sury.org> - 2024-07-29 12:20 +0200
Re: bind9 update 9.16.50 -- too many record Salvatore Bonaccorso <carnil@debian.org> - 2024-07-29 15:30 +0200
Re: bind9 update 9.16.50 -- too many record Guillaume Bienkowski <guillaume.bienkowski@braincube.com> - 2024-11-28 10:30 +0100
csiph-web