Mysterious flaw crashes Bind 9 DNS servers

AN UNEXPLAINED ZERO DAY vulnerability is causing Bind 9 DNS servers to crash and triggering service interruptions for domain name servers.

An urgent security advisory from the Internet Systems Consortium (ISC) rates the situation as critical, suggesting that organisations should patch it as soon as possible.

"Affected servers crashed after logging an error in query.c with the following message: 'INSIST(! dns_rdataset_isassociated(sigrdataset))' Multiple versions were reported being affected, including all currently supported release versions of ISC BIND 9,12," says the advisory.

The ISC added that it is "actively investigating the root cause" and has produced patches that can be added to mitigate the risks, however it is calling it an "as-yet unidentified network event", and as yet has not found a definite cause.

Mark Stockley at security firm Sophos said that the event has all the hallmarks of a denial of service vulnerability being exploited in-the-wild.

Until the ICS fully resolves the situation its patch will prevent the cache from returning the inconsistent data and prevents crashes if it detects it has been given an inconsistent answer of this nature. µ