Live Chat

Welcome to UKFast, do you have a question? Our hosting experts have the answers.

Chat Now
Sarah UKFast | Account Manager

ISC Publish Fix for Severe BIND Bug

The Internet Systems Consortium has published an advisory and an update for the Bind domain name system software versions 9.7.1 to 9.7.2-P3.

The update fixes a high-risk, remotely exploitable, denial-of-service vulnerability in Bind, distributed by default with most Unix and Linux platforms, said the Internet Systems Consortium (ISC).

Bind, a widely-used DNS server software, is one of the preferred targets for attackers on the internet, according to the Internet Storm Center of the SANS Institute.

"When a server that is authoritative for a domain processes a successful domain transfer operation (IXFR) or a dynamic update, there is a small window of time where this processing, combined with a high amount of queries, can cause a deadlock which makes the DNS server stop processing further requests," a SANS Institute bulletin said.

According to the bulletin, organisations with Bind installed should upgrade to Bind 9.7.3 and remember the following basic security measures:

-Only allow IXFR transfers from known secondary servers of your domain. You don't want to let people know all the list of public IP addresses associated with your domain

-Keep separated your internal DNS information from your external DNS information. Some DNS provides information about private addresses used inside the corporate network

-Allow recursive requests only from your internal DNS. If you allow recursive requests from the internet, you are exposed to a distributed denial of service

print this article

Return to security news headlines
View Security News Archive

Share with: