The Internet Systems Consortium (ISC) has released security updates to address multiple vulnerabilities in BIND, one of which may allow a remote attacker to cause a denial of service. BIND is the most popular Domain Name software on UNIX variants, but is also available for Windows and the
The updates have fixes for two vulnerabilities that could crash BIND DNS and possibly cause a denial of service:
1) A Defect in Delegation Handling Can Be Exploited:
By making use of maliciously-constructed zones or a rogue server, an attacker can exploit an oversight in the code BIND 9 uses to follow delegations in the Domain Name Service, causing BIND to issue unlimited queries in an attempt to follow the delegation. This can lead to resource exhaustion and denial of service (up to and including termination of the named server process.)
2) Defects in GeoIP features:
Multiple errors have been identified in the GeoIP features added in BIND 9.10. Two are capable of crashing BIND — triggering either can cause named to exit with an assertion failure, resulting in a denial of service condition. A third defect is also corrected, which could have caused GeoIP databases to not be loaded properly if their location was changed while BIND was running.
Only servers built to include GeoIP functionality are affected. Updates available include:
- BIND 9 version 9.9.6-P1
- BIND 9 version 9.10.1-P1
Managed DNS by Comodo
DNS by Comodo improves website performance and scalability for thousands of organizations, helping them connect with their audiences faster and more reliably by making DNS secure, usable, and fast. DNS by Comodo is a cloud based managed DNS service, so there is no additional equipment required or software to download or install. Experienced DNS specialists are available around the clock to assist with configuration and troubleshoot account and network issues.