Re: BIND 9.9.4 is now available. Do we still need RRL & RPZ patches?
Hi, The new version announcement just came across the wire. Reading the CHANGES, I see that there have been both RRL & RPZ changes/additions. I'm not clear if we still need the patches from Vixie/Shryer. I've been running a build of 9.9.3-p2, patched with http://ss.vix.su/~vjs/rpz2+rl-9.9.3-P2.patch. Is that patch functionaliry fully integrated now in 9.9.4? Or do I still need to wait for & apply a next version patch? Thanks, Jen ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.9.4 is now available. Do we still need RRL & RPZ patches?
Hi Bryan, Thanks for the quick reply. On Thu, Sep 19, 2013, at 05:26 PM, Brian Conry wrote: > Hi Jen, > > On 09/19/2013 07:00 PM, jen...@promessage.com wrote: > > > Is that patch functionality fully integrated now in 9.9.4? Or do I > > still need to wait for & apply a next version patch? > > 9.9.4 includes the full functionality of the Vixie/Schryver RPZ and RRL > patches, using the same syntax. Good to know. The fact that at http://ss.vix.su/~vjs/rrlrpz.html There was a patch for 9.9.4rc1 Multiple Zone Response Policy Zone (RPZ2) Speed Improvement with Response Rate Limiting (RRL) BIND9 9.9.4rc1 file rpz2+rl-9.9.4rc1.patch version 9.9.4rc1-rpz2+rl.13214.22Version 9.9.4rc1 includes RRL with ./configure --enable-rrl so this patch only affects RPZ. seemed to me to suggest that RRL was going to be included, but not RPZ. That changed, apparently, between rc1 & release. Oh, and just to be sure, RPZ*2* isn't different than 'just RPZ' included in BIND, is it? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RPZ2 patch for 9.9.4-release -- can I use the -rc1 patch?
Hi, I'm looking to upgrade a bind 9.9.3 server to 9.9.4. The 9.9.3 server was built from src patched with "rpz2+rl-9.9.3-P2.patch" @ "Multiple Zone Response Policy Zone (RPZ2) Speed Improvement with Response Rate Limiting (RRL)" http://ss.vix.su/~vjs/rrlrpz.html >From another thread, I understand: (a) RRL is now in/native to bind 9.9.4 source (b) RPZ is in 9.9.4 source, but it's still different from the RPZ2 changes provided the patches above I need to maintain the current server's RPZ2 functionality in 9.9.4. Looking, there's no patch there for the 9.9.4 release. There IS a 9.9.4-rc1 patch. Can/should I apply the 9.9.4-rc1 patch to 9.9.4-release sources? or do I need to wait for a new version patch? I asked in #irc -- they suggested I bring this question back here. Jen ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: RPZ2 patch for 9.9.4-release -- can I use the -rc1 patch?
On Wed, Sep 25, 2013, at 04:16 PM, Vernon Schryver wrote: > The 9.9.4-rc1 patch does not apply cleanly to 9.9.4. I'll hold off then. Thanks! ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
any news/info re: RPZ2+RRL patches for bind 9.9.4-P1?
Hi, Seems the question pops up with every bind release; this time I waited for at least a couple of weeks since the bind release. Anyone know what's happening with the RPZ2+RRL patches for bind 9.9.4-P1? I've tried repeatedly to subscribe to the dns firewalls list to ask this, but never get a confirmation email to my subscription. Checking, there doesn't seem to be any activity at all since October in that list's archives. I've tried emailing the authors of the patch to get some kind of info; so far, no response. Are the patches still being developed separately? Has the project died? Any insights/info from the list here? Thanks, JenL ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: any news/info re: RPZ2+RRL patches for bind 9.9.4-P1?
On Thu, Nov 21, 2013, at 10:38 AM, /dev/rob0 wrote: > RRL is included in 9.9.4 already. Deployed and working here. as specified @ http://ss.vix.su/~vjs/rrlrpz.html ... BIND9 9.9.4 file rpz2+rl-9.9.4.patch, version 9.9.4-rpz2+rl.13269.14 Version 9.9.4 includes RRL with ./configure --enable-rrl so this patch only affects RPZ. ... So, that's simply a naming issue. IIUC, rpz2 != rpz. I'd applied "rpz2+rl-9.9.4.patch" to 9.9.4; with success. So, now, I'm asking about the name- and functionally-equivalent "rpz2+rl-9.9.4-P1.patch" for the bind 9.9.4-P1 release. JenL ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: any news/info re: RPZ2+RRL patches for bind 9.9.4-P1?
Hi Mark, On Thu, Nov 21, 2013, at 06:14 PM, Mark Andrews wrote: > Did you try applying rpz2+rl-9.9.4-P1.patch to 9.9.4-P1? No, not yet. Having had bad luck with applying the wrong version patch in the past, I've been waiting for an 'official' update. > Apart from the version file it should apply cleanly and > you can ignore the version file or patch it by hand if you > want. I would append "-rpz2+rl.13269.14" to "RELEASEVER=1" > to give "RELEASEVER=1-rpz2+rl.13269.14" which results in > a full version string of "9.9.4-P1-rpz2+rl.13269.14". Noted as an option. Thanks! Given that there's no response/info at all from that project either here, at their site, on their own mailing list, or via email, as much as it's useful/helpful functionality, I'm wondering whether it's wiser to just get rid of it from production. Adding supported 3rd-party functionality to Bind is enough of a hack for mere mortals -- adding unsupported/dead code sounds like a really bad idea. JenL ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
