ISC BIND 9.0.x < 9.9.6-P1 'named' Delegation Handling DoS
High Nessus Network Monitor Plugin ID 8602
SynopsisThe remote DNS server may be affected by a remote denial of service vulnerability.
DescriptionVersions of ISC BIND earlier than 9.9.6-P1 are unpatched for a denial of service vulnerability that can be triggered when handling a maliciously constructed request. A maliciously constructed query or zone request can cause the service to issue unlimited queries in an attempt to follow a delegation, leading to a denial of service condition that terminates the 'named' service.
SolutionUpdates have been released by the vendor. BIND 9.9.6-P1 fixes this vulnerability, as does BIND 9.10.1-P1. Apply the vendor update, or update to a later version.