New DDoS Vulnerability in BIND 9

Share On Facebook
Share On Twitter
Share On Linkedin

In case you haven’t seen the news yet, there’s a serious new vulnerability in BIND 9. A carefully tailored dynamic update can crash your BIND 9 name server. Administrators of BIND 9 name servers – even those that don’t allow dynamic updates – are advised to upgrade immediately, as exploits are already public. You can find more information on ISC’s web site. ISC has released BIND 9.6.1-P1, 9.5.1-P3 and 9.4.3-P3 to address the vulnerability.

If you’re concerned that your name server might have been the target of such an attack, examine your syslog output for lines like this:

db.c:659: REQUIRE(type != ((dns_rdatatype_t)dns_rdatatype_any)) failed
  exiting (due to assertion failure).

These indicate that your name server crashed, likely because of this vulnerability.

More tomorrow.

Labels:

Cricket Liu

Chief DNS Architect at Infoblox

Cricket is one of the world’s leading experts on the Domain Name System (DNS), and serves as the liaison between Infoblox and the DNS community. Before joining Infoblox, he founded an Internet consulting and training company, Acme Byte & Wire, after running the hp.com domain at Hewlett-Packard. Cricket is a prolific speaker and author, having written a number of books including “DNS and BIND,” one of the most widely used references in the field, now in its fifth edition.

View All Posts
×