If you suspect you have found a vulnerability in BIND 9, Kea DHCP, Stork, or ISC DHCP, or if you wish to inquire about a vulnerability that you have learned about which has not yet been publicly announced, ISC encourages you to take one or more of the following actions:
- Open a confidential GitLab issue (strongly preferred) or send email to bind-security@isc.org - for BIND 9-related vulnerabilities
- Open a confidential GitLab issue - but be careful to check the box at the bottom of the form to make the issue confidential or send email to kea-security@isc.org - for Kea DHCP-related vulnerabilities
- Open a confidential GitLab issue - but be careful to check the box at the bottom of the form to make the issue confidential, or send email to stork-security@isc.org - for Stork-related vulnerabilities
Emails to any of the above addresses automatically create secure, confidential issues in ISC’s GitLab instance.
We strongly prefer that you open an issue in the respective ISC GitLab repo if at all possible because this makes it possible to keep you, the reporter, updated as we triage and remediate the issue. We use GitLab to organize all our development work and having some issues conducted via email is simply not workable. We are experiencing a historic increase in software vulnerability reports due to code analysis by LLMs and we appreciate your willingness to moderate the coordination overhead by using ISC’s GitLab for your vulnerability reports.
- security-officer@isc.org - for any other security issues*
* If this is an unusually sensitive security issue we ask that you please encrypt your communications to the security-officer@isc.org address using the ISC Security Officer public key found on our PGP Key page. Our OpenPGP keys are also available from our FTP site. PGP encryption is not usually necessary when reporting a suspected software vulnerability.
More information is available about How to Submit a Bug Report.
Learn more about ISC’s Software Defect and Vulnerability Disclosure Policy.
Report non-urgent BIND 9 issues.
Report non-urgent Kea DHCP issues.
Report non-urgent Stork issues.
Report non-urgent ISC DHCP issues.
Security Issues
DNS and DHCP are critical to the Internet infrastructure. We appreciate your cooperation, assistance, and initiative in informing us of any bugs you may find in our software. If you think you may be seeing a potential security vulnerability in BIND 9 (for example, a crash with a REQUIRE, INSIST, or ASSERT failure), please open a confidential GitLab issue. For a potential security vulnerability in Kea DHCP, please report it to us immediately at kea-security@isc.org. Please do not post security vulnerabilities on a public mailing list.
Crashes
If you have a crash, you may want to consult our KB article What to do if your BIND, Kea DHCP, Stork, or ISC DHCP server has crashed.
BIND 9 Bugs/Feature Requests
To report a non-security-related bug or request a feature in BIND, please navigate to our GitLab instance and enter your issue there. You will have the option of marking your issue confidential, if necessary. You will need to create an account on GitLab, but you can link your credentials from another GitLab instance or social media account.
Kea DHCP Bugs/Feature Requests
Kea has an open bug database in GitLab. Before opening a new issue, please look and see if someone has already logged the bug you wish to report. You may be able to add information to an existing report, or to find a workaround or updated status on the issue that impacts you. We also track feature requests in the issue tracker, so please submit feature requests there as well. Often it is helpful to first post these requirements on the kea-users mailing list to clarify whether there is already a way to accomplish what you need.
Stork Bugs/Feature Requests
Users are invited to visit our Stork issues list in GitLab. Before opening a new issue, please look and see if someone has already logged the bug you wish to report. You may be able to add information to an existing report, or to find a workaround or updated status on the issue that impacts you. We also track feature requests in the issue tracker, so please submit feature requests there as well. Often it is helpful to first post these requirements on the stork-users mailing list to clarify whether there is already a way to accomplish what you need.
ISC DHCP Bugs
ISC DHCP’s open bug database migrated to GitLab in March 2019. If you previously reported an issue, you may need to re-report it in GitLab. You are welcome to log feature requests, but at this point, we are unlikely to add new features to ISC DHCP because the software has reached End-of-Life. Often it is helpful to post your issue on the dhcp-users mailing list to clarify whether there is already a way to accomplish what you need. We also recommend that ISC DHCP users consider migrating to Kea.
Software Support
BIND 9, Kea DHCP, Stork, and ISC DHCP are open source software. We provide expert professional support for our enterprise users via support subscriptions. Please contact us to find out more about purchasing a support contract and contributing to our development work.
Community support is available on our public mailing lists: bind-users, kea-users, stork-users, and dhcp-users.
Due to a large ticket backlog and an even larger quantity of incoming spam, we may sometimes be slow to respond, especially if a bug is cosmetic or if a feature request is vague or low-priority. However, we truly appreciate and depend on community-submitted bug reports and will address all reports of serious defects.
Thank you for your support!