Blogs

  • ISC’s DHCP client can be used as a delivery vector for bash bug

    Despite reports to the contrary saying that a 2011 change (CVE-2011-0997) to dhclient prevents exploitation of this flaw, ISC has confirmed that the DHCP client provided as a part of ISC DHCP can be used to exploit the bash vulnerability if the operator of a rogue DHCP server passes a specially constructed value as the payload of a DHCP option field.

    Read more
    0
    0
  • Certificate Authority Authorization Records

    Support for the CAA record was added to BIND with the 9.10.1B release, after Rick Andrews of Symantec approached us at an IETF meeting and asked why we didn’t have it already.  Rick is an expert and evangelist for the use of certificates, so we invited Rick to explain why people should use CAA records.   Certificate Authority Authorization (CAA, RFC 6844)

    Read more
    5
    0
  • Public Source Code Repository

    We have had many requests for a public repository to enable users or OS package maintainers to back-port specific fixes, or to cherry pick fixes for a platform release.   We used to provide access to a read-only git as a benefit of BIND- and DHCP-Membership. We ended the BIND and DHCP-Members programs in mid-2013, but we have kept the read-only

    Read more
    0
    0
  • Codenomicon Testing for BIND

    Our users value stability and security above anything else, when it comes to BIND.  Every time we have to issue a security advisory we are inconveniencing thousands of network administrators.  We also know they would rather be informed if there is some way to compromise or crash BIND.  So, when we read that Codenomicon discovered the Heartbleed bug in OpenSSL, we decided to

    Read more
    0
    0
  • Recent ISC Network Update

    We apologize for our recent network problems. Beginning at 2 AM Pacific time yesterday, most if not all, of the links serving ISC were saturated with DDoS attack traffic targeted at one of our Hosted@ and SNS-Public Benefit customers. We’re largely back on-line, as of late last evening yesterday. We have communicated to our Hosted@ customers via the “noc-notice”, and in response

    Read more
    0
    0
  • DNSSEC Key Security Webinar Scheduled for July 8th, 10 AM PST

    We held the webinar, and the recording is posted here. This webinar is a joint presentation with ISC and Thales e-Security, who will discuss using their nShield HSM in conjunction with BIND. Because DNS was never designed with security in mind, inherent DNS vulnerabilities pose a risk to all Internet services. To counter these risks, DNSSEC is being deployed across

    Read more
    0
    0
  • Kea DHCP Server mailing lists added

    We are actively working on Kea, our new DHCP server.  Following the conclusion of the BIND 10 project, we are removing the Kea application from the BIND 10 framework, which we are no longer maintaining.  Kea will be ready for production deployment in 2015, and is intended to eventually replace our current ISC DHCP server implementation. The Kea project team

    Read more
    0
    0
  • BIND 9.10 – DNSSEC, Crypto and Changes to Existing Behavior

    This is the last of three blog posts introducing the new features in BIND 9.10.  With BIND 9.10 we continue improving DNSSEC support. For the complete list of new features, see the 9.10 Release Note. DNSSEC Improvements PKCS#11 API for direct control of HSM.  A new compile-time option (“configure –enable-native-pkcs11”) allows the BIND 9 cryptography functions to use the PKCS#11

    Read more
    0
    0
  • ISC Responds to Questions Raised About SRTT Algorithm Flaw

    This week several of our customers have contacted us to inquire about our reaction to an article entitled “Critical Vulnerability in BIND Software Puts DNS Protocol Security at Risk”

    ISC would like to clarify that we evaluated the risk from this issue in 2013 when it was disclosed to us, and do not judge it to be a “critical vulnerability” or feel that it “puts DNS protocol security at risk.” (read more..)

    Read more
    0
    0
  • BIND 9.10 – Statistics, Troubleshooting and Zone Configuration

    BIND 9.10 brings updates to statistics, troubleshooting tools and some helpful utilities for zone configuration. The release notes are now posted alongside the software download, and we have created a folder in the knowledge base for articles on the new features. Statistics Update XML statistics reported from BIND refocused on “newer” format.   BIND can provide statistics in either XML or JSON formats. JSON is significantly

    Read more
    0
    0
  • BIND 9.10 – A New Branch

    We are proud to announce that today we posted a major new release of BIND.  This new 9.10 branch will be the fourth simultaneous release train ISC is supporting, alongside 9.8, 9.9 and 9.9-subscriber.  (In January 2014 ISC ended support for the 9.6 branch, launched in 2008, as previously announced.)  We recommend that large system administrators run one of our

    Read more
    0
    0
  • ISC concludes BIND 10 development with Release 1.2

    Internet Systems Consortium (ISC) today announced the release of version 1.2 of its BIND 10 software, and with that release announced that ISC has concluded its development work on BIND 10 and will no longer be updating the source pool. BIND 10 release 1.2 consists of an authoritative server, a control framework, an application interface, a statistics server, a logging

    Read more
    0
    0

Last modified: November 1, 2016 at 1:25 pm