[dns-operations] BIND Security Advisory

Stephane Bortzmeyer bortzmeyer at nic.fr
Wed Jul 29 10:22:47 UTC 2009

On Wed, Jul 29, 2009 at 11:08:29AM +0100,
 Chris Thompson <cet1 at cam.ac.uk> wrote 
 a message of 23 lines which said:

> Even if not, there are the "automatic empty zones" in BIND 9.4 and later,
> typically enabled *only* on recursive nameservers.

Which are typically not reachable from the outside.

> Presumably these can
> be used as the attack vector as well?

I just tested on BIND 9.6.1 and, no, it does not seem to work. With
the published exploit:

my $rzone = '127.in-addr.arpa';
my $rptr  = "$rzone";

works (crashes BIND). But:

(Jul 29 12:18:48 rebecca named[20881]: automatic empty zone: D.F.IP6.ARPA)

my $rzone = 'D.F.IP6.ARPA';
my $rptr  = "$rzone";

does not (BIND survives).

More information about the dns-operations mailing list