Sophos Cloud Optix
A zero-day vulnerability is causing BIND 9 DNS servers to crash across the internet. The flaw, described as an “as-yet unidentified network event”, appears to be a denial of service vulnerability being exploited in-the-wild. The flaw affects all supported versions of BIND.
The internet Systems Consortium (ISC) have described the problem as follows:
An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure...
Affected servers crashed after logging an error in query.c with the following message: "INSIST(! dns_rdataset_isassociated(sigrdataset))
More details are available in their advisory.
The cause of the crash is still under investigation but the ISC have reacted swiftly with a set of temporary patches that will prevent servers from crashing. There is no known workaround for the problem and BIND users are encouraged to upgrade.
The Domain Name System (DNS) is a critical part of the internet’s infrastructure and most of the DNS servers on the Internet run BIND 9.
We will keep you updated as we discover more information.
Thanks for this. Is this the reason why BT's network was badly affected for several hours two days ago in London and the SE of the UK?
No that was an error with L3 Communications' BGP setup. Some way or another it became borked and was sending out screwed up routes. Basically any provider that relied on L3 became blackholed until they fixed their settings.
Glad I follow the Twitter feed, or else I wouldn't have known about this. I wonder just how widespread this issue is…
Would that I explain why I couldn't reach particular internet websites and tracenet timed out along the way on a particular server?