Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Bind DOS vulnerability (CVE-2011-0414) - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Bind DOS vulnerability (CVE-2011-0414)

Internet Software Consortium published today an advisory for the BIND software. For versions 9.7.1-9.7.2-P3, when a server that is authoritative for a domain (i.e. owns the SOA record) process a successful domain transfer operation (IXFR) or a dynamic update, there is a small window of time where this processing combined with a high amount of queries can cause a deadlock, which makes the DNS server stop processing further requests.

Bind is one of the preferred targets for attackers on the Internet. If you have bind installed in your company, please remember the following basic security measures:

  • Only allow IXFR transfers from known secondary servers of your domain. You don't want to let people know all the list of public ip address associated with your domain
  • Keep separated your internal DNS information from your external DNS information. Some DNS provides information about private addresses used inside the corporate network.
  • Allow recursive requests only from your internal DNS. If you allow recursive requests from the Internet, you are exposed to a distributed denial of service.

To solve the problem, upgrade to BIND 9.7.3. More information at 

-- Manuel Humberto Santander Peláez | | | msantand at isc dot sans dot org

Manuel Humberto Santander Pelaacuteez

195 Posts
ISC Handler
Feb 23rd 2011

Sign Up for Free or Log In to start participating in the conversation!