Recursive servers need patching: BIND CVE 2016-8864

2016-11-01 - News - Tony Finch

ISC.org have just announced a denial-of-service vulnerability in BIND's handling of DNAME records in DNS responses. Recursive DNS servers are particularly vulnerable.

I am in the process of patching our central DNS servers; you should patch yours too.

(This bug was encountered by Marco Davids of SIDN Labs, and I identified it as a security vulnerability and reported it to ISC.org. You can find us in the acknowledgments section of the security advisory.)