DNS patch slows BIND servers

Share this article:

Patches designed to address the recently publicized DNS flaw have slowed servers running the Berkeley Internet Name Domain (BIND) system, which is used on the majority of name-serving machines on the internet.

In a notice posted on a BIND mailing list, Paul Vixie, head of the Internet Systems Consortium (ISC), said there were issues that might affect the performance of high-traffic recursive servers that received more than 10,000 queries a second. He said an update of the patch [P2] for BIND will be available in the next week or so. This would “allow TCP queries and zone transfers while issuing as many outstanding UDP queries as possible”.

He added that organizations should not hold off installing P1, which was launched on July 8, in the meantime – even if servers run slowly as a result – because the vulnerability would result in a far worse scenario. Beta versions of the second patch for BIND 9.4.3 and BIND 9.5.1 are currently available.

Microsoft's first-round DNS patch (MS08-037) has also caused problems; in a post to its SBS blog, Microsoft said “some services may fail to start or may not work properly after installing MS08-037.”

 

 

Share this article:

Sign up to our newsletters

More in News

Leahy bill would end bulk data collection, introduce reforms

Leahy bill would end bulk data collection, introduce ...

Sen. Patrick Leahy introduced an NSA reform bill that would update the USA Freedom Act.

House passes two cyber security bills

One bill aims to improve agencies' website security, while another works to thwart critical infrastructure attacks.

A five-month-long Tor attack attempting to 'deanonymize' users

For roughly five months beginning in January, traffic confirmation attacks were used to attempt to "deanonymize" Tor users.