See also this post from yesterday Security Updates for BIND DNS Software Fix Multiple Vulnerabilities
By Eduard Kovacs on December 10, 2014 Recursive Domain Name System (DNS) resolvers are plagued by a vulnerability that can be leveraged to cause them to crash due to resource exhaustion, the CERT Coordination Center at Carnegie Mellon University (CERT/CC) reported on Tuesday.
DNS resolvers process DNS queries with the aid of authoritative servers. If the authoritative server can't process the request, it returns a referral response pointing to other servers that might be able to carry out the task. The problem is that a malicious authoritative server can cause some resolvers to follow an infinite chain of referrals, which can lead to a denial-of-service (DoS) state.
"A recursive DNS resolver following an infinite chain of referrals can result in high process memory and CPU usage and eventually process termination. The effect can range from increased server response time to clients to complete interruption of the service," CERT/CC noted in its advisory. "Resolvers that follow multiple referrals at once can cause large bursts of network traffic."
Full Article
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.