> From: Noel Butler <noel.but...@ausics.net> > now, I never ran it as patches, my policy is only use official upstream > sources, so my first play around was with 9.9.3.b2 I think it was.
BIND 9.9.4 and its immediately preceding "beta" and "release candidate" releases are the first versions of BIND that were not "patched." Some third parties including FreeBSD and a Linux distributor added RRL patches to their versions, but those BIND+RRL versions differed from any other version of BIND+RRL patch only by someone else having applied the patch. > plenty of delayed mail - hostname lookup failures (mostly because of > URI/DNS BL's), so it certainly works as intended :) That sounds unrelated to RRL. Again, RRL affects standards compliant DNS clients no more than a 50% packet loss rate on the path from the DNS client and to the server. If your mail system suffered hostname lookup failures, then I think something else was broken. Recall that the design goals of RRL include contining to provide services to legitimate DNS clients at the same IP address as are being forged in a DNS reflection DoS attack. Vernon Schryver v...@rhyolite.com _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
