Public bug reported: Binary package hint: bind9
This update is an upstream microversion update that fixes bugs #252675. ISC has described this update as: This is the SECOND security patch for BIND 9.4.2, addressing performance and stability issues in BIND 9.4.2-P1. Key features are as follows: - performance improvement over the P1 releases, namely + significantly remedying the port allocation issues + allowing TCP queries and zone transfers while issuing as many outstanding UDP queries as possible + additional security of port randomization at the same level as P1 In addition to the above, this update includes fixes for bug #257682 (compile dig with -DDIG_SIGCHASE) and an apparmor addition to allow access to /var/log/named The apparmor policy and dig changes have minimal regression potential. The upstream upgrade to P2 is required for for high volume sites, as performance regressions were introduced in the security update for CVE-2008-1447 in these circumstances. Intrepid has these updates in the 9.5.0 P2 series There is no practical test case for the performance regression, other than using it in a very high volume capacity. Test case for dig: % dig +sigchase +dnssec DS fugue.se. Invalid option: +sigchase Lamont, can you comment on the regression potential for this update? ** Affects: bind9 (Ubuntu) Importance: Undecided Status: New -- SRU for bind9 to 9.4.2.dfsg.P2 on hardy https://bugs.launchpad.net/bugs/279316 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs