Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Bind 9.7.1-P2 is now available - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Bind 9.7.1-P2 is now available

This is a notification just to let you know that has released a new version of BIND, 9.7.1-P2.  This reverses a change made in 9.7.1.  

"The change attempted to correct the behavior of a validating recursive resolver when explicitly queried for records of the type 'RRSIG'.  These queries do not occur in normal DNSSEC operation, because RRSIG records are ordinarily returned along with the records they cover.  However, a type 'RRSIG; query can be used for manual testing purposes.  As a result of the change in 9.7.1, if the cache did not contain any RRSIG records for the name, such a query would trigger an endless loop of recursive queries to the authoritative server."

This patch backs out that change, and this will be fixed in a future release.  So, those of you that upgraded to 9.7.1-P1, you'll need to apply this patch.

It can be downloaded from

-- Joel Esler | |


454 Posts
Jul 16th 2010

Sign Up for Free or Log In to start participating in the conversation!