Bug#514640: marked as done (bind9: changed ACL defaults)

To: alberto fuentes <pajaro@gmail.com>
Subject: Bug#514640: marked as done (bind9: changed ACL defaults)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sat, 13 Oct 2012 14:03:03 +0000
Message-id: <[🔎] handler.514640.D514640.13501368048255.ackdone@bugs.debian.org>
References: <CALkubT7xTheHJ2LCNMNeVMTMOUc55z4YUeAxBOYU4scCftHOJg@mail.gmail.com> <87tz73ih07.fsf@mid.deneb.enyo.de>

Your message dated Sat, 13 Oct 2012 14:59:36 +0100
with message-id <CALkubT7xTheHJ2LCNMNeVMTMOUc55z4YUeAxBOYU4scCftHOJg@mail.gmail.com>
and subject line 
has caused the Debian Bug report #514640,
regarding bind9: changed ACL defaults
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
514640: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514640
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org
Subject: bind9: changed ACL defaults
From: Florian Weimer <fw@deneb.enyo.de>
Date: Mon, 09 Feb 2009 19:48:08 +0100
Message-id: <87tz73ih07.fsf@mid.deneb.enyo.de>

Package: release-notes

I suggest the following for inclusion in the release notes:

  By default, BIND no longer serves recursive queries to external
  hosts, only to localhost and RFC 1918 private address space.  To
  restore the previous behavior, add allow-query-cache and
  allow-recursion statements to the /etc/bind/named.conf.options file.

  BIND 8 has been removed.

This is based on the following NEWS item from the bind9 package.  You
could also use that instead.

bind9 (1:9.4.0-1) experimental; urgency=low

  As of bind 9.4, allow-query-cache and allow-recursion default to the
  builtin acls 'localnets' and 'localhost'.  If you are setting up a
  name server for a network, you will almost certainly need to change
  this.

  The change in default has been done to make caching servers less
  attractive as reflective amplifying targets for spoofed traffic.
  This still leaves authoritative servers exposed.

  The best fix is for full BCP 38 deployment to remove spoofed traffic.

 -- LaMont Jones <lamont@debian.org>  Wed, 03 Oct 2007 00:52:44 -0600

--- End Message ---

--- Begin Message ---

To: 514640-done@bugs.debian.org

Subject:

From: alberto fuentes <pajaro@gmail.com>

Date: Sat, 13 Oct 2012 14:59:36 +0100

Message-id: <CALkubT7xTheHJ2LCNMNeVMTMOUc55z4YUeAxBOYU4scCftHOJg@mail.gmail.com>
Thanks for reporting! since lenny is now obsolete this bug will now be closed

We are sorry it could not make it to lenny :(
--- End Message ---

Reply to:

Prev by Date: Bug#511605: marked as done (release notes should recommend using safe-upgrade/full-upgrade (detects old aptitude))
Next by Date: Bug#515826: marked as done (document that virtual_root.force_probe=1 is required for jensen)
Previous by thread: Bug#511605: marked as done (release notes should recommend using safe-upgrade/full-upgrade (detects old aptitude))
Next by thread: Bug#515826: marked as done (document that virtual_root.force_probe=1 is required for jensen)
Index(es):
- Date
- Thread