Debian Security Team wrote:
At this time, it is not possible to implement the recommended countermeasures in the GNU libc stub resolver. The following workarounds are available: 1. Install a local BIND 9 resolver on the host, possibly inforward-only mode.
Uh .. is there any documentation on how to do that ? Although I run a BIND 9 nameserver I don't know how to extract the BIND 9 resolver from such a system (for use on other systems) - and there doesn't seem to be any actual stand-alone package for such a thing.
Also, which Debian systems would otherwise use the libc stub resolver ? All systems which *don't* have BIND installed ?
Cluebats welcome. Cheers Nick Boyce -- Leave the Olympics in Greece, where they belong.