DNS patch slows BIND servers

Share this article:

Patches designed to address the recently publicized DNS flaw have slowed servers running the Berkeley Internet Name Domain (BIND) system, which is used on the majority of name-serving machines on the internet.

In a notice posted on a BIND mailing list, Paul Vixie, head of the Internet Systems Consortium (ISC), said there were issues that might affect the performance of high-traffic recursive servers that received more than 10,000 queries a second. He said an update of the patch [P2] for BIND will be available in the next week or so. This would “allow TCP queries and zone transfers while issuing as many outstanding UDP queries as possible”.

He added that organizations should not hold off installing P1, which was launched on July 8, in the meantime – even if servers run slowly as a result – because the vulnerability would result in a far worse scenario. Beta versions of the second patch for BIND 9.4.3 and BIND 9.5.1 are currently available.

Microsoft's first-round DNS patch (MS08-037) has also caused problems; in a post to its SBS blog, Microsoft said “some services may fail to start or may not work properly after installing MS08-037.”

 

 

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.