Stabilizing BIND DNS Server

Thursday, June 7, 2012 @ 03:06 PM gHale


A critical vulnerability in BIND threatened the stability of the DNS server.

The problem became apparent when developers were testing experimental DNS record types, when they found it was possible to add records to BIND with zero length rdata fields, according to the advisory.

RELATED STORIES
Email Provider Phishing Attacks Up 333%
Phishing Ploy Garners Logins
‘Free Storage’ Phishing Emails
Russian Cybercrime Consolidates, Grows

BIND is the most widely used DNS software on the Internet. It provides platform where organizations can build distributed computing systems with the knowledge those systems are fully compliant with published DNS standards.

They found recursive servers could crash or disclose memory content to clients, while secondary servers could crash on restart if they had transferred a zone with these zero-length records.

In addition, in certain circumstances, master servers could also corrupt zone data if “auto-dnssec” was set to “maintain.”

There are currently no known active exploits, though the issue has been the topic of conversation on public mailing lists.

There are also no known workarounds for the problem, but officials are investigating a mitigation. The only option is to upgrade to the latest BIND versions, 9.6-ESV-R7-P1, 9.7.6-P1, 9.8.3-P1, or 9.9.1-P1 as appropriate; the source and Windows versions are available from the ISC Bind Download page.



Leave a Reply

You must be logged in to post a comment.