Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Updates to ISC BIND InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Updates to ISC BIND

Published: 2009-03-21
Last Updated: 2009-03-21 08:40:23 UTC
by Stephen Hall (Version: 1)
0 comment(s)

Internet Systems Consortium have released a new version of their popular DNS implementation. New versions of BIND 9.4, and 9.5 are available both of which address a security related issue with DNSSEC Lookaside Validation (DLV). The issue was found once DNSSEC DLV was used to sign the .gov zone as the NSEC3RSASHA1 signature algorithm used was not supported with the older versions of 9.4.x and 9.5.x. 

So if your not using DNSSEC DLV and you were already on the latest release prior to those shown below, you have no reason to update unless you want to use DNSSEC DLV.

The release comments: 

BIND 9.4.3-P2 is a SECURITY patch for BIND 9.4.3.  It addresses a bug in DNSSEC lookaside validation (DLV): unrecognized signature algorithms, which should have been treated as the equivalent of an unsigned zone, were instead treated as a validation failure.

 BIND 9.4.3-P2 can be downloaded from:  ftp://ftp.isc.org/isc/bind9/9.4.3-P2/bind-9.4.3-P2.tar.gz

 BIND 9.5.1-P2 can be downloaded from:  ftp://ftp.isc.org/isc/bind9/9.5.1-P2/bind-9.5.1-P2.tar.gz

Also, the latest BIND 9.6 beta release has been updated: ftp://ftp.isc.org/isc/bind9/9.6.1b1/bind-9.6.1b1.tar.gz

 

Keywords: DLV DNSSEC ISC
0 comment(s)
Diary Archives