Mystery Flaw Crashing DNS Servers Across The Internet
“The Domain Name System (DNS) is a critical part of the internet's infrastructure and most of the DNS servers on the Internet run BIND 9.”
By Dell Hill
Now, this is news. And it’s the kind of news that you will not appreciate. You’re reading this via the Internet and therein lies a serious problem.
“A zero-day vulnerability is causing BIND 9 DNS servers to crash across the internet. The flaw, described as an "as-yet unidentified network event", appears to be a denial of service vulnerability being exploited in-the-wild. The flaw affects all supported versions of BIND.
The internet Systems Consortium (ISC) have described the problem as follows:
An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure...
Affected servers crashed after logging an error in query.c with the following message: "INSIST(! dns_rdataset_isassociated(sigrdataset))
More details are available in their advisory.
The cause of the crash is still under investigation but the ISC have reacted swiftly with a set of temporary patches that will prevent servers from crashing. There is no known workaround for the problem and BIND users are encouraged to upgrade.
The Domain Name System (DNS) is a critical part of the internet's infrastructure and most of the DNS servers on the Internet run BIND 9.
We will keep you updated as we discover more information.”
In plain English, this means that your Internet service could go down at any second, depending on the success or failure of the servers involved in upgrading their security...and/or the hacker’s success or failure in defeating the security upgrades.
If the Internet goes down across the board, just about everything in the world will come to a grinding halt.