Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

ISC BIND 9 DNSSEC Query Response Remote Cache Poisoning

Medium

Synopsis

The remote DNS Server is vulnerable to a remote cache-poisoning attack.

Description

The remote DNS Server is running BIND 9 earlier than 9.4.3-P4, 9.5.2-P1, or 9.6.1-P2. Such versions may incorrectly ad records to its cache from the additional section of responses received during resolution of a recursive client query. This behavior only occurs when processing client queries with checking disabled (CD) at the same time as requesting DNSSEC records (DO).

Solution

Upgrade to BIND 9.4.3-P4 / 9.5.2-P1 / 9.6.1-P2 or later.