New DDoS Vulnerability in BIND 9

July 28, 2009

In case you haven’t seen the news yet, there’s a serious new vulnerability in BIND 9. A carefully tailored dynamic update can crash your BIND 9 name server. Administrators of BIND 9 name servers – even those that don’t allow dynamic updates – are advised to upgrade immediately, as exploits are already public. You can find more information on ISC’s web site. ISC has released BIND 9.6.1-P1, 9.5.1-P3 and 9.4.3-P3 to address the vulnerability.

If you’re concerned that your name server might have been the target of such an attack, examine your syslog output for lines like this:

db.c:659: REQUIRE(type != ((dns_rdatatype_t)dns_rdatatype_any)) failed
  exiting (due to assertion failure).

These indicate that your name server crashed, likely because of this vulnerability.

More tomorrow.

July 28, 2009

Labels:

Cricket Liu

Chief DNS Architect at Infoblox

Cricket is one of the world’s leading experts on the Domain Name System (DNS), and serves as the liaison between Infoblox and the DNS community. Before joining Infoblox, he founded an Internet consulting and training company, Acme Byte & Wire, after running the hp.com domain at Hewlett-Packard. Cricket is a prolific speaker and author, having written a number of books including “DNS and BIND,” one of the most widely used references in the field, now in its fifth edition.

View All Posts

Unlocking Operational Efficiency: Key Insights from the ESG Showcase on Infoblox Ecosystem Integration
Read more »
DNS Predators Hijack Domains to Supply their Attack Infrastructure
Read more »
CISO Spotlight: Ed Hunter on Security, AI and Industry Trends
Read more »
Threat Actors Abuse DNS to Con Consumers
Read more »