BIND name server vulnerable to DoS
Internet Systems Consortium (ISC), makers of the widely distributed Berkeley Internet Name Domain (BIND) DNS server, is warning of two potential denial of service problems that have been corrected in the most recent version. Attackers could send specially recursive queries in order to cause the servers to crash.
The first error is in the processing of the signed "Resource Record Sets" (RRsets), which contain the digital signatures within the framework of the "DNS Security Extensions" (DNSSEC). The second affects the handling of parallel recursive queries. All BIND versions 9.2.x, 9.3.x and 9.4.x are affected. ISC urgently recommends switching to new releases 9.4.0b2, 9.3.3rc2, 9.3.2-P1, 9.2.7rc1 or 9.2.6-P1.
- Security advisory from ISC