Bug#698658: bind9 with fix for 698641

["Adam D. Barratt" <adam@adam-barratt.org.uk>]

On Mon, 2013-01-21 at 13:07 -0700, LaMont Jones wrote:
> I need to upload 1:9.8.4.dfsg.P1-3 with the rest of the fix for 697681.
> In the meantime, a more invasive patch (attached) has been recommended
> by DSA for inclusion in wheezey (see bug 698641).  Because of the size
> of the diff, I would like to have some discussion with the release team
> before I upload it to sid on its way to wheezy.

For the benefit of those not following on IRC and who haven't looked up
the bug mentioned, to quote from it:

"
Debian admin has deployed the patch at [2] to the bind running the
debian.org nameservers - else debian.org's nameservers would not have
any resources left to answer legitimate queries.

We think it important that the bind version Debian ships be actually
useable by the internet community in general, and ourselves in
particular.  Therefore we ask you (and the release folks) to consider
shipping wheezy's bind with the rate limiting patches applied.
"

The raw patch comes to

 73 files changed, 6779 insertions(+), 1523 deletions(-)

which is significantly more than we'd usually consider at this point.
Given Peter's comments above, I'm not sure we can avoid pulling the
changes in at this point, disruptive as it might be.

Opinions from others welcome...

Regards,

Adam