[BlueOnyx:12695] Re: DNS Spamming

[Michael Stauber]

Hi George,

> Please consider joining the mailing list for the development effort:
> 
>      <http://lists.redbarn.org/mailman/listinfo/ratelimits>
> 
> If rolling your own, the list can be useful for finding out the latest
> patch status.

Yeah, that lists sounds interesting. I'll join it.

But I'll be damned, RedHat already pushed a bind with the ratelimit-patch:

# rpm -q --changelog bind|more
* Mi Mär 27 2013 Adam Tkac <atkac redhat com> 32:9.8.2-0.17.rc1.4
- fix  CVE-2013-2266
- ship dns/rrl.h in -devel subpkg

* Fr Feb 08 2013 Adam Tkac <atkac redhat com> 32:9.8.2-0.17.rc1.3
- remove one bogus file from /usr/share/doc, introduced by RRL patch

* Fr Feb 01 2013 Adam Tkac <atkac redhat com> 32:9.8.2-0.17.rc1.2
- fix CVE-2012-5689

* Do Jan 31 2013 Adam Tkac <atkac redhat com> 32:9.8.2-0.17.rc1.1
- add response rate limit patch (#873624)

So on a fully yummed up 5107R or 5108R the response rate limit feature
is already available.

[root at 5108r ]# cat /var/log/yum.log|grep bind
Mar 01 06:01:23 Updated: 32:bind-libs-9.8.2-0.17.rc1.el6.3.x86_64
Mar 01 06:02:00 Updated: 32:bind-9.8.2-0.17.rc1.el6.3.x86_64
Mar 01 06:06:43 Updated: 32:bind-chroot-9.8.2-0.17.rc1.el6.3.x86_64
Mar 01 06:07:22 Updated: 32:bind-utils-9.8.2-0.17.rc1.el6.3.x86_64
Mar 29 17:57:31 Updated: 32:bind-libs-9.8.2-0.17.rc1.el6_4.4.x86_64
Mar 29 17:57:42 Updated: 32:bind-9.8.2-0.17.rc1.el6_4.4.x86_64
Mar 29 18:07:21 Updated: rpcbind-0.2.0-11.el6.x86_64
Mar 29 18:11:58 Updated: 32:bind-chroot-9.8.2-0.17.rc1.el6_4.4.x86_64
Mar 29 18:12:59 Updated: 32:bind-utils-9.8.2-0.17.rc1.el6_4.4.x86_64


-- 
With best regards

Michael Stauber