Two BIND 9 Security Vulnerabilities Announced Today
ISC is releasing updated versions of BIND 9 to address two newly-discovered security vulnerabilities We have released new versions of BIND: 9.Read post
Earlier research by Geoff Huston, Researcher at APNIC, into the volume of root zone queries had identified that the majority of queries to the root zone were for non-existent domains (NXDOMAIN responses). These queries are unnecessary because a busy resolver already has enough prior negative responses to interpolate these additional negative responses. For example, if the resolver already has a definitive prior response in cache that no zones exist between “.abba” and “.acme”, then it is unnecessary to query for “.abcd”.
The benefits of aggressive negative caching are:
BIND 9.12.0 will synthesize negative answers from cached NXDOMAIN, NODATA, and wildcard responses supplied with NSEC records. The 9.12.0 alpha release is available now, supporting synthesis from NXDOMAIN responses only. The 9.12.0 beta release will add support for synthesizing replies based on NODATA and wildcard responses.
What's New from ISC