News

ISC releases security fix for Bind DoS vulnerability

Warwick Ashford

The Internet Systems Consortium has published an advisory and an update for the Bind domain name system software versions 9.7.1 to 9.7.2-P3.

The update fixes a high-risk, remotely exploitable, denial-of-service vulnerability in Bind, distributed by default with most Unix and Linux platforms, said the Internet Systems Consortium (ISC).

Bind, a widely-used DNS server software, is one of the preferred targets for attackers on the internet, according to the Internet Storm Center of the SANS Institute.

"When a server that is authoritative for a domain processes a successful domain transfer operation (IXFR) or a dynamic update, there is a small window of time where this processing, combined with a high amount of queries, can cause a deadlock which makes the DNS server stop processing further requests," a SANS Institute bulletin said.

According to the bulletin, organisations with Bind installed should upgrade to Bind 9.7.3 and remember the following basic security measures:

-Only allow IXFR transfers from known secondary servers of your domain. You don't want to let people know all the list of public IP addresses associated with your domain

-Keep separated your internal DNS information from your external DNS information. Some DNS provides information about private addresses used inside the corporate network

-Allow recursive requests only from your internal DNS. If you allow recursive requests from the internet, you are exposed to a distributed denial of service


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy