[Secure-testing-team] Bug#741674: Include DNS Dampening to mitigate effects of DDoS using DNS Amplification

Benny Baumann BenBE at geshi.org
Sat Mar 15 13:48:37 UTC 2014 

Package: bind9
Version: 1:9.9.5.dfsg-1+damp1-2
Severity: important
Tags: security patch

The attached patch ports the original patch by Lutz Donnerhacke to apply on the latest package version from Git.

Please include in Debian and convince upstream to follow if possible. TIA.

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (900, 'testing'), (800, 'stable'), (750, 'experimental'), (700, 'unstable'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.11-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages bind9 depends on:
ii  adduser                3.113+nmu3
ii  bind9utils             1:9.9.5.dfsg-1+damp1-2
ii  debconf [debconf-2.0]  1.5.52
ii  init-system-helpers    1.18
ii  libbind9-90            1:9.9.5.dfsg-1+damp1-2
ii  libc6                  2.18-4
ii  libcap2                1:2.22-1.2
ii  libcomerr2             1.42.9-3
ii  libdns100              1:9.9.5.dfsg-1+damp1-2
ii  libgeoip1              1.6.0-1
ii  libgssapi-krb5-2       1.12+dfsg-2
ii  libisc95               1:9.9.5.dfsg-1+damp1-2
ii  libisccc90             1:9.9.5.dfsg-1+damp1-2
ii  libisccfg90            1:9.9.5.dfsg-1+damp1-2
ii  libk5crypto3           1.12+dfsg-2
ii  libkrb5-3              1.12+dfsg-2
ii  liblwres90             1:9.9.5.dfsg-1+damp1-2
ii  libssl1.0.0            1.0.1f-1
ii  libxml2                2.9.1+dfsg1-3
ii  lsb-base               4.1+Debian12
ii  net-tools              1.60-25
ii  netbase                5.2

bind9 recommends no packages.

Versions of packages bind9 suggests:
ii  bind9-doc   1:9.9.5.dfsg-1+damp1-2
ii  dnsutils    1:9.9.5.dfsg-1+damp1-2
ii  resolvconf  1.74
pn  ufw         <none>

-- Configuration Files:
/etc/bind/named.conf changed [not included]
/etc/bind/named.conf.local changed [not included]
/etc/bind/named.conf.options changed [not included]

-- debconf information excluded
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bind9-dampening.patch
Type: text/x-diff
Size: 66029 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20140315/5412c2ba/attachment-0001.patch>

More information about the Secure-testing-team mailing list