Blogs

  • About CVE-2015-5477

    As the security incident manager for this particular vulnerability notification, I’d like to say a little extra, beyond our official vulnerability disclosure about this critical defect in BIND.

    Many of our bugs are limited in scope or affect only users having a particular set of configuration choices. CVE-2015-5477 does not fall into that category.

    Read more
    0
  • CVE-2015-5477: An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure

    A deliberately constructed packet can exploit an error in the handling of queries for TKEY records, permitting denial of service. CVE: CVE-2015-5477 Document Version:          2.0 Posting date:   28 July 2015 Program Impacted:  BIND Versions affected:  9.1.0 -> 9.8.x, 9.9.0->9.9.7-P1, 9.10.0->9.10.2-P2 Severity:  Critical Exploitable:  Remotely Description: An error in the handling of TKEY queries can be exploited

    Read more
    0
  • 2014 Annual Report

    Letter from the President   We are now a trimmer and more functional organization, with financial controls, stability and predictability. We determined that BIND revenues had been subsidizing our other efforts, so we put more back into BIND, adding three DNS engineers in early 2015. On the operations side, we are cutting back on subsidized programs that no longer make

    Read more
    0
  • Resolver DDOS Mitigation

    Early in 2014 a couple of our BIND support customers told us about some intermittent periods of very heavy query activity that swamped their resolvers and asked us for help. It emerged that these were just the first signs of a long series of similar DDOS (Distributed Denial of Service) attacks that began in early 2014 and are continuing today around the Internet.

    Read more
    0
  • Benchmarking DNS Reliably on Multi-core Systems

    Introduction As part of an ongoing study into DNS server performance, we wanted to establish a baseline figure for the absolute maximum throughput that can be achieved using standard APIs.  To this end we have developed a tiny DNS server that does nothing except echo the received packet back to the client, albeit with the “QR” bit flipped to indicate

    Read more
    0

Last modified: January 30, 2014 at 12:11 pm