From 55ad72d44a94298a96b8f05488ca5ed97ef04736 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 5 May 2024 20:37:15 +0200
Subject: Adding debian version 1:9.11.5.P4+dfsg-5.1+deb10u7.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 debian/bind9.NEWS | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 debian/bind9.NEWS

(limited to 'debian/bind9.NEWS')

diff --git a/debian/bind9.NEWS b/debian/bind9.NEWS
new file mode 100644
index 0000000..d235da6
--- /dev/null
+++ b/debian/bind9.NEWS
@@ -0,0 +1,14 @@
+bind9 (1:9.4.0-1) experimental; urgency=low
+
+  As of bind 9.4, allow-query-cache and allow-recursion default to the
+  builtin acls 'localnets' and 'localhost'.  If you are setting up a
+  name server for a network, you will almost certainly need to change
+  this.
+
+  The change in default has been done to make caching servers less
+  attractive as reflective amplifying targets for spoofed traffic.
+  This still leaves authoritative servers exposed.
+
+  The best fix is for full BCP 38 deployment to remove spoofed traffic.
+
+ -- LaMont Jones <lamont@debian.org>  Wed, 03 Oct 2007 00:52:44 -0600
-- 
cgit v1.2.3