BIND -- Large RRSIG RRsets and Negative Caching DoS

ID 1E1421F0-8D6F-11E0-89B4-001EC9578670
Type freebsd
Reporter FreeBSD
Modified 2016-08-09T00:00:00


ISC reports:

A BIND 9 DNS server set up to be a caching resolver is vulnerable to a user querying a domain with very large resource record sets (RRSets) when trying to negatively cache a response. This can cause the BIND 9 DNS server (named process) to crash.