BIND: Negative Cache DOS (negcache)
An attacker would configure a name server to return authoritative negative responses for a given target domain. Then, the attacker must convince a victim user to query the attacker's maliciously configured name server. When the attacker's name server receives the query, it will reply with an authoritative negative response containing a large TTL (time-to-live) value. If the victim's site runs a vulnerable version of BIND 8, it will cache the negative response and render the target domain unreachable until the TTL expires.
Disable recursion if possible, or limit recursion to specific clients.
Upgrade to BIND 8.4.3 or later
- BIND 10
- Other Software Projects
- security advisories
- software forums
- ABOUT ISC