The DNS daemon bind is used to resolve and lookup addresses on the inter- net. Some month ago a vulnerability in the DNS protocol and its numbers was published that allowed easy spoofing of DNS entries. The only way to pro- tect against spoofing is to use DNSSEC. Unfortunately the bind code that verifys the certification chain of a DNS- SEC zone transfer does not properly check the return value of function DSA_do_verify(). This allows the spoofing of records signed with DSA or NSEC3DSA.
none