Mystery flaw crashing DNS servers across the internet

Internet globeA zero-day vulnerability is causing BIND 9 DNS servers to crash across the internet. The flaw, described as an “as-yet unidentified network event”, appears to be a denial of service vulnerability being exploited in-the-wild. The flaw affects all supported versions of BIND.

The internet Systems Consortium (ISC) have described the problem as follows:

An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure...

Affected servers crashed after logging an error in query.c with the following message: "INSIST(! dns_rdataset_isassociated(sigrdataset))

More details are available in their advisory.

The cause of the crash is still under investigation but the ISC have reacted swiftly with a set of temporary patches that will prevent servers from crashing. There is no known workaround for the problem and BIND users are encouraged to upgrade.

The Domain Name System (DNS) is a critical part of the internet’s infrastructure and most of the DNS servers on the Internet run BIND 9.

We will keep you updated as we discover more information.