ISC BIND

BIND (Berkeley Internet Name Domain) is an implementation of the Domain Name System (DNS) protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System, including:

The BIND DNS Server is used on the vast majority of name serving machines on the Internet, providing a robust and stable architecture on top of which an organization's naming architecture can be built. The resolver library included in the BIND distribution provides the standard APIs for translation between domain names and Internet addresses and is intended to be linked with applications requiring name service.

Downloads
BIND is available at no charge under the BSD License.
Software packages are signed using ISC's PGP Key.

Download Current Release
  BIND 9.5.0-P2
  BIND 9.4.2-P2
  BIND 9.3.5-P2

Download Software under Development
  BIND 9.5.1b1
  BIND 9.4.3b2

Download other versions

Mailing Lists
Suggestions for features, enhancements, etc. should be sent to <bind-suggest@isc.org>
The following mailing lists are available: <bind-announce@isc.org> & <bind-users@isc.org>, Click here to subscribe to these lists.
Archives for the BIND mailing lists

Documentation / References
BIND 9.5 Administrator Reference Manual [ PDF single HTML ]
BIND 9.4 Administrator Reference Manual [ PDF single HTML ]
BIND 9.3 Administrator Reference Manual [ PDF ]
BIND 9.2 Administrator Reference Manual [ PDF ]
BIND FAQ
BIND 9.5 features for the non-programmer
CERT VU#800113 Vulnerability Discussion
DNSSEC in 6 Minutes
DNSSEC Introduction and Resources
Additional Documentation / References
The Software Guild aka BIND Forum
BIND History
Red Hat RPMs for ISC BIND
Other BIND and DNS Resources
Vendor products based on BIND
ISC BIND delegation-only Feature
Draft NIST Special Publication 800-81 Secure Domain Name System (DNS) Deployment Guide
ISC now provides support contracts for BIND.
ATTENTION
Security Advisory against all ISC BIND releases prior to July 2008 - Upgrade Now!
Read more about query port randomization or forwarding your queries.
See Documentation / References below for new DNSSEC materials.
ISC Response to Recent DNS Transaction ID Issues
Security Advisory against ISC BIND 9.4.0 and later releases - Upgrade Now!
Training and Support contracts for BIND are now available!
BIND S/W Versions and Support
BIND4/BIND8
Unsuitable for Forwarder Use
If a nameserver -- any nameserver, whether BIND or otherwise -- is configured to use ``forwarders'', then none of the the target forwarders can be running BIND4 or BIND8. Upgrade all nameservers used as ``forwarders'' to BIND9 . There is a current, wide scale Kashpureff-style DNS cache corruption attack which depends on BIND4 and BIND8 as ``forwarders'' targets.

Alpha version of 9.5 available for testing -- stats, GSS-TSIG, ... are new features
See the BIND Security Matrix for security-related information.

ALERTS
URGENT: Recursive DNS spoofing vulnerability
CERT Advisory VU#927905 on BIND 8.x
UPGRADE: A sequence of queries can cause a recursive nameserver to exit.
UPGRADE: dereferencing freed fetch context can caused named to exit unintentionally.
DNSSEC Validation vulnerability.
Vulnerabilities around SIG Query processing and INSIST Failures
(5 Sept 2006) NISCC 172003 (5 Sept 2006) CERT Vulnerability Notes VU#915404 and VU#697164
NISCC-UNIRAS 20050125-00059 CERT Vulnerability Note VU#327633
NISCC-UNIRAS 20050125-00060 CERT Vulnerability Note VU#938617
NISCC-UNIRAS 20041130-00862 BIND versions 4, 8 and 9 are not vulnerable to this attack
BIND buffer overflow in inet_network()
CERT Advisory CA-2001-02 - 01/29/2001
CERT Advisory CA-2002-19 - 06/28/2002
CERT Advisory - CA-98.05 - 04/08/1998, revised 11/16/1998
CERT Advisory CA-99-14 - 11/10/1999
archive list

Bug Reports
Before submitting a bug report please ensure you are running a current version .

Bug reports for BIND should be sent to <bind9-bugs@isc.org>