A flaw was found in the bind package which may result in a Denial of Service in named
process. This is a result of a reachable assertion, leading named
to prematurely terminate when both conditions are met: nxdomain-redirect for the queried domain is configured and the resolver receives a PTR query, used for a reverse DNS lookup, for a RFC 1918 address that would normally result in an authoritative NXDOMAIN
response. A single query matching both conditions can lead to a Denial of Service in the named application.
To prevent this vulnerability, ensure the nxdomain-redirect
directive is not present in the /etc/named.conf
file. Disabling the nxdomain-redirect feature makes the faulty code path impossible to reach, preventing this flaw from being exploitable.