In association with heise online

17 November 2011, 09:44

Unknown network event causing BIND 9 DNS server crashes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

ISC logo A currently unidentified network event is causing BIND 9 DNS servers that perform recursive queries to crash after logging an error. The Internet Systems Consortium (ISC) says that the problem is widespread and it has issued a security advisory for all currently supported versions of BIND.

The error in the log file, "INSIST(! dns_rdataset_isassociated(sigrdataset))", is produced by an assertion failing in query.c and is the result of querying for a cached but invalid record that had been previously stored as the result of the mystery network event. ISC says it is actively investigating the root cause of the problem that induces the initial corruption, but has released patches to mitigate the effects of the problem which affects BIND 9.4-ESV, 9.6-ESV, 9.7.x and 9.8.x. The company is currently unable to say if the problem is part of an active exploit or is a naturally occurring problem.

ISC has created a two component patch, one part that prevents the cache from returning the invalid data and one that prevents the BIND named process crashing when it gets detects the error, allowing it to recover gracefully. There is currently no workaround for the issue, identified as CVE-2011-4313, and ISC advises users to upgrade. The patches have already been applied and updates released for Ubuntu 11.10, 11.04, 10.10, 10.04LTS and 8.04 LTS and Debian, with other Linux distributions preparing their patches.

Patched versions of BIND 9.8.1-P1, BIND 9.7.4-P1, BIND 9.6-ESV-R5-P1 and BIND 9.4-ESV-R5-P1 are also available.

Update - Patches for Red Hat Enterprise Linux have been released; the advisories RHSA-2011:1458 and RHSA-2011:1459 contain further details.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit