Internet Systems Consortium have released a new version of their popular DNS implementation. New versions of BIND 9.4, and 9.5 are available both of which address a security related issue with DNSSEC Lookaside Validation (DLV). The issue was found once DNSSEC DLV was used to sign the .gov zone as the NSEC3RSASHA1 signature algorithm used was not supported with the older versions of 9.4.x and 9.5.x.
So if your not using DNSSEC DLV and you were already on the latest release prior to those shown below, you have no reason to update unless you want to use DNSSEC DLV.
The release comments:
BIND 9.4.3-P2 is a SECURITY patch for BIND 9.4.3. It addresses a bug in DNSSEC lookaside validation (DLV): unrecognized signature algorithms, which should have been treated as the equivalent of an unsigned zone, were instead treated as a validation failure.
BIND 9.4.3-P2 can be downloaded from: ftp://ftp.isc.org/isc/bind9/9.4.3-P2/bind-9.4.3-P2.tar.gz
BIND 9.5.1-P2 can be downloaded from: ftp://ftp.isc.org/isc/bind9/9.5.1-P2/bind-9.5.1-P2.tar.gz
Also, the latest BIND 9.6 beta release has been updated: ftp://ftp.isc.org/isc/bind9/9.6.1b1/bind-9.6.1b1.tar.gz
Mar 21st 2009
9 years ago