Internet Software Consortium published today an advisory for the BIND software. For versions 9.7.1-9.7.2-P3, when a server that is authoritative for a domain (i.e. owns the SOA record) process a successful domain transfer operation (IXFR) or a dynamic update, there is a small window of time where this processing combined with a high amount of queries can cause a deadlock, which makes the DNS server stop processing further requests.
Bind is one of the preferred targets for attackers on the Internet. If you have bind installed in your company, please remember the following basic security measures:
To solve the problem, upgrade to BIND 9.7.3. More information at http://www.isc.org/software/bind/advisories/cve-2011-0414
Manuel Humberto Santander Pelaacuteez
Feb 23rd 2011
8 years ago