FreeBSD -- named(8) DNSSEC validation Denial of Service

ID 0F020B7B-E033-11E1-90A2-000C299B62E1
Type freebsd
Reporter FreeBSD
Modified 2012-07-24T00:00:00


Problem description:

BIND 9 stores a cache of query names that are known to be failing due to misconfigured name servers or a broken chain of trust. Under high query loads, when DNSSEC validation is active, it is possible for a condition to arise in which data from this cache of failing queries could be used before it was fully initialized, triggering an assertion failure.