ISC BIND 9.7.1-9.7.2-P3 IXFR / DDNS Update Combined with High Query Rate DoS
High Nessus Plugin ID 52158
SynopsisThe remote name server is affected by a denial of service vulnerability.
DescriptionAccording to its self-reported version number, the remote installation of BIND is affected by a denial of service vulnerability.
There is a small window of time after an authoritative server processes a successful IXFR transfer or a dynamic update during which the IXFR / update coupled with a query may cause a deadlock to occur.
A server experiencing a high query and/or update rate will have a higher chance of being deadlocked.
SolutionUpgrade to BIND 9.7.3 or later.
A possible workaround is to restrict BIND to a single worker thread, using the '-n1' flag for example.