[RPZ] RPZ &/or RL patches still needed for 9.9.3?

Vernon Schryver vjs at rhyolite.com
Wed May 29 14:30:26 UTC 2013

> From: darx+dnsrpz at sent.com

> With Bind 9.9.2-P2, I'd been using the RPZ & RL patch @

> I've DL'd the new 9.9.3 src, but reading CHANGES and digging about, I'm
> unclear ...
> do we still need a version of this combined patch?

The versions of BIND9 source and corresponding patches are listed
on that web page.  There are four (4) patches for BIND 9.9.3rc2 but
not yet any patches BIND 9.9.3.  As might be suggested by the
existence of the patche for 9.9.3rc2, I hope that there will
eventually be corresponding patches for 9.9.3.  9.9.3 and 9.8.5
have only been available for a few hours.  If you must install a
patched 9.9.3 or 9.8.5 before new patches are released, it might
be practical to adapt the 9.9.3rc2 and 9.8.5rc2 patches.

The next version of the multiple zone speed-improvement (RPZ2) code
might support client IP address triggers and a response drop policy.
I propose to stop building and generally forget the single zone
speed improvement patches.

The next version of the response rate limiting code will probably
change RRL logging.

Vernon Schryver    vjs at rhyolite.com

More information about the DNSfirewalls mailing list