[dns-operations] BIND Security Advisory
Stephane Bortzmeyer
bortzmeyer at nic.fr
Wed Jul 29 10:22:47 UTC 2009
On Wed, Jul 29, 2009 at 11:08:29AM +0100,
Chris Thompson <cet1 at cam.ac.uk> wrote
a message of 23 lines which said:
> Even if not, there are the "automatic empty zones" in BIND 9.4 and later,
> typically enabled *only* on recursive nameservers.
Which are typically not reachable from the outside.
> Presumably these can
> be used as the attack vector as well?
I just tested on BIND 9.6.1 and, no, it does not seem to work. With
the published exploit:
my $rzone = '127.in-addr.arpa';
my $rptr = "$rzone";
works (crashes BIND). But:
(Jul 29 12:18:48 rebecca named[20881]: automatic empty zone: D.F.IP6.ARPA)
my $rzone = 'D.F.IP6.ARPA';
my $rptr = "$rzone";
does not (BIND survives).
More information about the dns-operations
mailing list