Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Updates to ISC BIND - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Updates to ISC BIND

Internet Systems Consortium have released a new version of their popular DNS implementation. New versions of BIND 9.4, and 9.5 are available both of which address a security related issue with DNSSEC Lookaside Validation (DLV). The issue was found once DNSSEC DLV was used to sign the .gov zone as the NSEC3RSASHA1 signature algorithm used was not supported with the older versions of 9.4.x and 9.5.x. 

So if your not using DNSSEC DLV and you were already on the latest release prior to those shown below, you have no reason to update unless you want to use DNSSEC DLV.

The release comments: 

BIND 9.4.3-P2 is a SECURITY patch for BIND 9.4.3.  It addresses a bug in DNSSEC lookaside validation (DLV): unrecognized signature algorithms, which should have been treated as the equivalent of an unsigned zone, were instead treated as a validation failure.

 BIND 9.4.3-P2 can be downloaded from:  ftp://ftp.isc.org/isc/bind9/9.4.3-P2/bind-9.4.3-P2.tar.gz

 BIND 9.5.1-P2 can be downloaded from:  ftp://ftp.isc.org/isc/bind9/9.5.1-P2/bind-9.5.1-P2.tar.gz

Also, the latest BIND 9.6 beta release has been updated: ftp://ftp.isc.org/isc/bind9/9.6.1b1/bind-9.6.1b1.tar.gz

 

Stephen

89 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!