Joy Persaud
July 31, 2008

DNS patch slows BIND servers

Patches designed to address the recently publicized DNS flaw have slowed servers running the Berkeley Internet Name Domain (BIND) system, which is used on the majority of name-serving machines on the internet.

In a notice posted on a BIND mailing list, Paul Vixie, head of the Internet Systems Consortium (ISC), said there were issues that might affect the performance of high-traffic recursive servers that received more than 10,000 queries a second. He said an update of the patch [P2] for BIND will be available in the next week or so. This would “allow TCP queries and zone transfers while issuing as many outstanding UDP queries as possible”.

He added that organizations should not hold off installing P1, which was launched on July 8, in the meantime – even if servers run slowly as a result – because the vulnerability would result in a far worse scenario. Beta versions of the second patch for BIND 9.4.3 and BIND 9.5.1 are currently available.

Microsoft's first-round DNS patch (MS08-037) has also caused problems; in a post to its SBS blog, Microsoft said “some services may fail to start or may not work properly after installing MS08-037.”

 

 

Related Articles
Related Topics
Related Links

Sign up to our newsletters

More in News

IT decision makers are more optimistic about breach detection than they should ...

A new McAfee study released Monday said organizations are overwhelmed by Big Data, yet appear to be overvaluing their ability to detect data breaches.

Trojan uses fake Adobe certificate to evade detection

The backdoor can steal data, create and delete files, and capture screenshots off a victim's computer.

The new update for Java will close 40 security vulnerabilities

The company is planning to fix the flaws Tuesday when it releases its latest Critical Patch Update for Java SE.