BIND security alert

2009-07-29 - News - Chris Thompson

If you are using BIND and are not already aware of it, please see the security advisory at

This is high severity denial-of-service bug which is being exploited in the wild. Nameservers are vulnerable if

  • They have any zone of "type master", whose name is known to the attacker. Note that this includes zones such as "localhost" (but apparently not BIND's generated "automatic empty zones").

  • The attacker can get a DNS update request through to the server. For example, those with a port 53 block at the CUDN border router can be attacked (directly) only from within the CUDN. Access controls within BIND cannot protect against the vulnerability.

Those who use versions of BIND supplied with their operating system should look for advisories from their respective suppliers.