Your message dated Mon, 12 Mar 2018 09:40:07 +0100
with message-id <20180312084006.GA28856@tx.local>
and subject line Re: Bug#892718: pdns-server: Security status polling on
4.0.3-1+deb9u2 fails: Non-Existent domain
has caused the Debian Bug report #892718,
regarding pdns-server: Security status polling on 4.0.3-1+deb9u2 fails:
Non-Existent domain
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
892718: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892718
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: pdns-server
Version: 4.0.3-1+deb9u2
Severity: normal
Dear Maintainer,
PDNS makes regular security status polls by querying a DNS server (see
also https://blog.powerdns.com/2014/10/22/powerdns-security-status-polling/)
However on stable the correct versions/domains are not present in the
host file (see
https://github.com/PowerDNS/pdns/blob/master/docs/secpoll.zone),
resulting in half-hourly errors:
Mar 12 05:45:07 Could not retrieve security status update for
'4.0.3-1+deb9u2.Debian' on
'auth-4.0.3-1_deb9u2.Debian.security-status.secpoll.powerdns.com.', RCODE =
Non-Existent domain
I can query the standard domains, e.g.
dig auth-4.0.3-1.Debian.security-status.secpoll.powerdns.com. -t TXT
gives a response. (Although, it reports that this particular version is
unsafe, presumably the deb9u2 version has the correct patches applied.)
I do see very debian specific version numbers in the host file, e.g.,
auth-3.4.1-4_deb8u7.debian.security-status, so it seems to be a matter
of letting upstream know about the stable version numbers.
Thanks,
Wouter
-- System Information:
Debian Release: 9.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-6-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages pdns-server depends on:
ii adduser 3.115
ii init-system-helpers 1.48
ii libboost-program-options1.62.0 1.62.0+dfsg-4
ii libbotan-1.10-1 1.10.16-1
ii libc6 2.24-11+deb9u3
ii libgcc1 1:6.3.0-18+deb9u1
ii liblua5.3-0 5.3.3-1
ii libsqlite3-0 3.16.2-5+deb9u1
ii libssl1.1 1.1.0f-3+deb9u1
ii libstdc++6 6.3.0-18+deb9u1
ii libsystemd0 232-25+deb9u2
Versions of packages pdns-server recommends:
ii pdns-backend-bind 4.0.3-1+deb9u2
Versions of packages pdns-server suggests:
ii pdns-backend-bind [pdns-backend] 4.0.3-1+deb9u2
-- debconf information excluded
--- End Message ---
--- Begin Message ---
* Wouter Lueks <wou...@telox.net> [180312 09:18]:
> PDNS makes regular security status polls by querying a DNS server (see
> also https://blog.powerdns.com/2014/10/22/powerdns-security-status-polling/)
The default configuration shipped by Debian in stretch and newer
turns this off. As such there's no effort on letting upstream know
about our version numbers anymore.
Cheers,
Chris
--- End Message ---
