[dns-operations] BIND Security Advisory May 2011: Large RRSIG RRsets and Negative Caching can crash named

Stephane Bortzmeyer bortzmeyer at nic.fr
Fri May 27 07:33:26 UTC 2011

On Fri, May 27, 2011 at 12:26:54AM -0700,
 SM <sm at resistor.net> wrote 
 a message of 39 lines which said:

> http://test.federalreserve.gov also triggered the bug.

But no longer (federalreserve.gov is unsigned).

> As it is be possible to trigger this bug through the "web", it would
> be advisable to upgrade before people roll out the denial of
> service.

I don't know how the bug was handled but I did not see yet an announce
by a "vendor" about an updated package. So, currently, only the people
who installed BIND manually can upgrade.

More information about the dns-operations mailing list