This is reproducible and should only affected in 9.7.3.
For the record, the problem has been fixed:
http://www.isc.org/software/bind/advisories/cve-2011-1910
-JP
___
bind-users mailing list
bind-users@lists.isc.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
*Summary:* A BIND 9 DNS server set up to be a caching resolver is
vulnerable to a user querying a domain with very large resource record
sets (RRSets) when trying to negatively cache a response. This can
cause the BIND 9 DNS server (named process) to
To follow up on this thread (there's been much more about it on DNS-OARC
than here), it was a bug that is fixed (change 3020) together with the
more serious security problem (change 3121) in the new BIND versions
9.6-ESV-R4-P1, 9.7.3-P1 and 9.8.0-P2.
--
Chris Thompson
Email: c...@cam.ac.uk
Change: BIND 9.4-ESV-R4-P1 is now available.
Title: Large RRSIG RRsets and Negative Caching can crash named.
Summary: A BIND 9 DNS server set up to be a caching resolver is
vulnerable to a user querying a domain with very large resource record
sets (RRSets) when trying to negatively cache a
Hi,
Running BIND 9.7.0-P2
Is this just me or other seeing this?
Starting today got reports of unable to reach some student ad sites such
as studentloans.gov
# dig eduftcdnsp01.ed.gov
; DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 eduftcdnsp01.ed.gov
;; global options: +cmd
;; Got answer:
;;
On Fri, May 27, 2011 at 12:09 PM, Jim Glassford jmgl...@iup.edu wrote:
Starting today got reports of unable to reach some student ad sites such as
studentloans.gov
There are problems with this and related sites. Specifically RRSIGs are not
being returned with some RRsets, resulting in a
Hi Jim,
We are seeing the same thing. The problem is an incorrectly signed
zone (missing RRSIG records) at ed.gov. See:
http://dnssec-debugger.verisignlabs.com/www.ed.gov
http://dnsviz.net/d/www.ed.gov/dnssec/
cv
On Fri, May 27, 2011 at 12:09 PM, Jim Glassford jmgl...@iup.edu wrote:
Hi,
On Fri, 27 May 2011, Frank Kloeker wrote:
Hello,
I would want to say thank you very much for the wonderful work of the
ISC team and the quick solution of the problem and a very
professional appearance.
I have come to expect such performance from everyone at ISC, but yesterday
the exceeded
Evan Hunt wrote:
Yes. But the problem domain has been corrected, so you won't be able to
reproduce it now.
In the interest of preventing this happening again, either by accident
(as it was in this case) or due to someone crafting a bad zone
maliciously,
we will be releasing a patch to all
9 matches
Mail list logo