Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Bind 9.7.1-P2 is now available - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Bind 9.7.1-P2 is now available

This is a notification just to let you know that ISC.org has released a new version of BIND, 9.7.1-P2.  This reverses a change made in 9.7.1.  

"The change attempted to correct the behavior of a validating recursive resolver when explicitly queried for records of the type 'RRSIG'.  These queries do not occur in normal DNSSEC operation, because RRSIG records are ordinarily returned along with the records they cover.  However, a type 'RRSIG; query can be used for manual testing purposes.  As a result of the change in 9.7.1, if the cache did not contain any RRSIG records for the name, such a query would trigger an endless loop of recursive queries to the authoritative server."

This patch backs out that change, and this will be fixed in a future release.  So, those of you that upgraded to 9.7.1-P1, you'll need to apply this patch.

It can be downloaded from 

ftp://ftp.isc.org/isc/bind9/9.7.1-P2/bind-9.7.1-P2.tar.gz

-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler

Joel

454 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!