Replacing word of caution with big fat warning and commenting out named-refused-udp completely (Closes: #583364)

debian/jail.conf

@@ -262,17 +262,20 @@ logpath  = /var/log/mail.log
 #
 # in your named.conf to provide proper logging
 
-# Word of Caution:
+# !!! WARNING !!!
-# Given filter can lead to DoS attack against your DNS server
+#   Since UDP is connectionless protocol, spoofing of IP and immitation
-# since there is no way to assure that UDP packets come from the
+#   of illegal actions is way too simple.  Thus enabling of this filter
-# real source IP
+#   might provide an easy way for implementing a DoS against a chosen
-[named-refused-udp]
+#   victim. See
-
+#    http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html
-enabled  = false
+#   Please DO NOT USE this jail unless you know what you are doing.
-port     = domain,953
+#[named-refused-udp]
-protocol = udp
+#
-filter   = named-refused
+#enabled  = false
-logpath  = /var/log/named/security.log
+#port     = domain,953
+#protocol = udp
+#filter   = named-refused
+#logpath  = /var/log/named/security.log
 
 [named-refused-tcp]