[RPZ] RPZ &/or RL patches still needed for 9.9.3?

darx+dnsrpz at sent.com darx+dnsrpz at sent.com
Wed May 29 19:37:22 UTC 2013

hi vernon,

On Wed, May 29, 2013, at 09:55 AM, Vernon Schryver wrote:
> You didn't say which combined 9.9.2-P2 patch you have been using.

Thought I had; from above:

    version 9.9.2-rpz+rl.131.14-P2

which is the "Single Zone Response Policy Zone (RPZ) Speed Improvement
with RRL" for 9.9.2-P2

> There is no RRL support in the 9.9.3.

yep, guessed that's why it was choking on the 'rate-limit' stanza in
named.conf ...

> I think RRL is in a current or forthcoming subscription release.  See
> https://www.isc.org/wordpress/support/open-source-software-support/
> http://www.dns-co.com/solutions/bind/

I'll look for the reference, thx.

> BIND 9.9.3 includes the single zone RPZ speed improvments but not
> the multiple zone speed improvements.  That is why among the "Separate
> Single Zone Response Policy Zone (RPZ) Speed Improvement Patches" and
> under the link to the BIND9 9.9.3rc2 source, there is the note
> "contains the single zone RPZ speed improvements"
> I expect a future RRL+RPZ patch for 9.9.3 to contain the previous
> multiple policy zone speed improvements, client-ID triggers, response
> dropping policies, and RRL.

Since RRL is very useful 'round here, I'll -- then -- stick with
9.9.2-P2+patch for now.  Thx for clearing that up.

> It is an egregious kernel bug to allow any application to lock up a
> system, no matter what stupid, wrong craziness is done by the
> application.

Ok.  I'd found this,

I was going to go hunting for similar detail on my system ...

> That said, you might want to file a bug report 
> https://www.isc.org/software/bind/news suggests bind9-bugs at isc.org

... ok, i'll do that if I can get my hands on the details.

> It might be good to check for errors in permissions and ownership
> of /etc/namedb, log files and directories, slave and master
> directories

afaict, all's OK here.  i'll  dig on forums for mentions, etc.



More information about the DNSfirewalls mailing list