‹ Back
Domain Name System Security Extensions (DNSSEC) 9 December 2014

DNS Security Advisories Out Today For BIND, PowerDNS and Unbound – Time To Upgrade!

Dan York
By Dan YorkDirector, Online Content

DNSWhile this has nothing to do specifically with the topic of DNSSEC that we cover here on Deploy360, there is important news in the broader world of “DNS security”.  The vendors of three of the major DNS recursive resolvers today released security advisories about a particularly nasty bug where the resolver can be tricked into trying to follow essentially an infinite loop and wind up exhausting all resources and potentially shutting down.  The advisories from BIND, PowerDNS and Unbound are found at these links:

The advisories from both PowerDNS and Unbound indicate that this bug would be difficult for an attacker to exploit unless they were within the user base of the recursive resolver.  The BIND advisory is more open-ended and indicates the bug could be executed remotely.

In all cases the easiest solution is to upgrade to the newest versions:

While there are apparently no known exploits of the bug in the wild yet, that will now only be a matter of time.  It would be best to upgrade your recursive resolvers as soon as possible.

P.S. While you are in there updating your DNS resolver, if you are using BIND or Unbound, why not enable DNSSEC validation?  It’s a simple change in the configuration file, as shown in this SURFnet white paper.

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Open Standards Everywhere 11 June 2020

Listen to the Hedge Podcast 39 to Learn about the Open Standards Everywhere Project

What is our Open Standards Everywhere (OSE) project all about? How did it get started? What are the project...

Deploy360 19 February 2019

DNS Privacy & IPv6 Security @ APTLD 75

The Internet Society will be actively contributing to the APTLD 75 meeting on 20-21 February 2019 in Dubai, United...

Domain Name System (DNS) 8 February 2019

DNS Flag Day

The 1st of February was DNS Flag Day, which is an initiative of several DNS vendors and operators to...

Join the conversation with Internet Society members around the world