Re: Large Zone Transfers Failing in Latest Buster Update

To: debian-user@lists.debian.org
Subject: Re: Large Zone Transfers Failing in Latest Buster Update
From: Roberto C. Sánchez <roberto@debian.org>
Date: Fri, 2 Aug 2024 10:35:55 -0400
Message-id: <[🔎] Zqzuy08RR8FbEaKQ@localhost>
Mail-followup-to: Roberto C. Sánchez <roberto@debian.org>, debian-user@lists.debian.org
In-reply-to: <[🔎] 1b8cea32-d0d6-43f3-b042-9040ea91ca78@kalinowski.com.br>
References: <261454972.2443521.1722604243496.ref@mail.yahoo.com> <[🔎] 261454972.2443521.1722604243496@mail.yahoo.com> <[🔎] 0362faaf-fc14-41f0-9722-a13a11886999@kalinowski.com.br> <[🔎] Zqzi0_hqqIYB49sW@localhost> <[🔎] 1b8cea32-d0d6-43f3-b042-9040ea91ca78@kalinowski.com.br>

On Fri, Aug 02, 2024 at 10:55:55AM -0300, Eduardo M KALINOWSKI wrote:
> On 02/08/2024 10:44, Roberto C. Sánchez wrote:
> > On Fri, Aug 02, 2024 at 10:15:38AM -0300, Eduardo M KALINOWSKI wrote:
> > > Maybe related to https://kb.isc.org/docs/rrset-limits-in-zones ?
> > > 
> > > See also
> > > https://lists.debian.org/debian-security-announce/2024/msg00145.html (even
> > > if it does not directly apply to buster).
> > > 
> > That seems unlikely, as the bind9 package in buster have not yet been
> > updated to fix the CVEs referenced in that particular DSA.
> > 
> > Brian, can you provide more details about what specific packages were
> > updated and from what version to what version? You can find that
> > information in /var/log/dpkg.log*.
> 
> buster has a new upstream version 9.20.0, which includes the new
> configuration options, and a default limit of 100 for each when they're not
> set (according the the first link).
> 
That new upstream version (9.20.0) is in sid/trixie. Buster has this:

root@build01:/# cat /etc/debian_version 
10.13
root@build01:/# apt-cache policy bind9
bind9:
  Installed: (none)
  Candidate: 1:9.11.5.P4+dfsg-5.1+deb10u11
  Version table:
     1:9.11.5.P4+dfsg-5.1+deb10u11 500
        500 http://security.debian.org buster/updates/main amd64 Packages
     1:9.11.5.P4+dfsg-5.1+deb10u7 500
        500 http://deb.debian.org/debian buster/main amd64 Packages

This matches what is listed in the PTS [0].

[0] https://tracker.debian.org/pkg/bind9

-- 
Roberto C. Sánchez

Reply to:

Follow-Ups:
- Re: Large Zone Transfers Failing in Latest Buster Update
  - From: Eduardo M KALINOWSKI <eduardo@kalinowski.com.br>

References:
- Large Zone Transfers Failing in Latest Buster Update
  - From: Brian <kimhick@yahoo.com>
- Re: Large Zone Transfers Failing in Latest Buster Update
  - From: Eduardo M KALINOWSKI <eduardo@kalinowski.com.br>
- Re: Large Zone Transfers Failing in Latest Buster Update
  - From: Roberto C. Sánchez <roberto@debian.org>
- Re: Large Zone Transfers Failing in Latest Buster Update
  - From: Eduardo M KALINOWSKI <eduardo@kalinowski.com.br>

Prev by Date: Re: nsswitch what should come first
Next by Date: Re: Large Zone Transfers Failing in Latest Buster Update
Previous by thread: Re: Large Zone Transfers Failing in Latest Buster Update
Next by thread: Re: Large Zone Transfers Failing in Latest Buster Update
Index(es):
- Date
- Thread