DNS patch slows BIND servers

Share this article:

Patches designed to address the recently publicized DNS flaw have slowed servers running the Berkeley Internet Name Domain (BIND) system, which is used on the majority of name-serving machines on the internet.

In a notice posted on a BIND mailing list, Paul Vixie, head of the Internet Systems Consortium (ISC), said there were issues that might affect the performance of high-traffic recursive servers that received more than 10,000 queries a second. He said an update of the patch [P2] for BIND will be available in the next week or so. This would “allow TCP queries and zone transfers while issuing as many outstanding UDP queries as possible”.

He added that organizations should not hold off installing P1, which was launched on July 8, in the meantime – even if servers run slowly as a result – because the vulnerability would result in a far worse scenario. Beta versions of the second patch for BIND 9.4.3 and BIND 9.5.1 are currently available.

Microsoft's first-round DNS patch (MS08-037) has also caused problems; in a post to its SBS blog, Microsoft said “some services may fail to start or may not work properly after installing MS08-037.”

 

 

Share this article:

Sign up to our newsletters

More in News

Research shows vulnerabilities go unfixed longer in ASP

Research shows vulnerabilities go unfixed longer in ASP

A new report finds little difference in the number of vulnerabilities among programming languages, but remediation times vary widely.

Bill would restrict Calif. retailers from storing certain payment data

The bill would ban businesses from storing sensitive payment data, for any long than required, even if it is encrypted.

Amplification, reflection DDoS attacks increase 35 percent in Q1 2014

Amplification, reflection DDoS attacks increase 35 percent in ...

The Q1 2014 Global DDoS Attack Report reveals that amplification and reflection distributed denial-of-service attacks are on the rise.