Ubuntu
bind9 package

Consider building bind 9.10 with --enable-fetchlimit

Bug #1555689 reported by Graham Clinch
28
This bug affects 3 people
Affects Status Importance Assigned to Milestone
bind9 (Ubuntu)
Fix Released
Wishlist
Unassigned

Bug Description

BIND 9.10.3+ has additional tuning options for recursive servers that can be enabled at build time with --enable-fetchlimit. "These features are intended to optimize recursive server behavior in favor of good client queries, whilst at the same time limiting the impact of bad client queries (e.g. queries which cannot be resolved, or which take too long to resolve) on local recursive server resource use.". Please consider building the bind 9.10 packages with fetchlimit enabled.

Further details are available in ISC's knowledge base:

https://deepthought.isc.org/article/AA-01304/0/Recursive-Client-Rate-limiting-in-BIND-9.9.8-and-9.10.3.html

Ryan Harper (raharper)
Changed in bind9 (Ubuntu):
importance: Undecided → Wishlist
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in bind9 (Ubuntu):
status: New → Confirmed
Andreas Hasenack (ahasenack)
Changed in bind9 (Ubuntu):
status: Confirmed → Triaged
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

bind 9.11 is in debian testing and we should merge from it soon. It has this option enabled by default, so this bug will be done when we do that merge.

Revision history for this message
Bryce Harrington (bryce) wrote :

All currently supported releases are on bind 9.11 or newer, which as I understand from this bug report should have the fix by default.

 bind9 | 1:9.11.3+dfsg-1ubuntu1 | bionic | source, amd64, arm64, armhf, i386, ppc64el, s390x
 bind9 | 1:9.11.3+dfsg-1ubuntu1.15 | bionic-security | source, amd64, arm64, armhf, i386, ppc64el, s390x
 bind9 | 1:9.11.3+dfsg-1ubuntu1.15 | bionic-updates | source, amd64, arm64, armhf, i386, ppc64el, s390x
 bind9 | 1:9.16.1-0ubuntu2 | focal | source, amd64, arm64, armhf, i386, ppc64el, riscv64, s390x
 bind9 | 1:9.16.1-0ubuntu2.8 | focal-security | source, amd64, arm64, armhf, i386, ppc64el, riscv64, s390x
 bind9 | 1:9.16.1-0ubuntu2.8 | focal-updates | source, amd64, arm64, armhf, i386, ppc64el, riscv64, s390x
 bind9 | 1:9.16.8-1ubuntu3 | hirsute | source, amd64, arm64, armhf, i386, ppc64el, riscv64, s390x
 bind9 | 1:9.16.8-1ubuntu3.1 | hirsute-security | source, amd64, arm64, armhf, i386, ppc64el, riscv64, s390x
 bind9 | 1:9.16.8-1ubuntu3.1 | hirsute-updates | source, amd64, arm64, armhf, i386, ppc64el, riscv64, s390x
 bind9 | 1:9.16.15-1ubuntu1 | impish | source, amd64, arm64, armhf, i386, ppc64el, riscv64, s390x

Changed in bind9 (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.