What is a denial of service attack and how is it related to BIND?

A denial of service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users, often through the coordinated attack on a single target, which causes a backlog of requests that slows down response times.

BIND is the most widely used Domain Name Server (DNS) software used today on the Internet.

On 28 July, researchers at the Internet Systems Consortium (ISC) responsible for overseeing the development and maintenance of BIND, announced that they had discovered a code defect which can allow DoS attacks to be executed relatively easily against BIND servers. A deliberately constructed packet can exploit an error in the handling of queries for TKEY records, permitting a DoS and affecting server availability.

How do I know if my systems are affected?

Due to the widespread use of BIND in Linux distributions, chances are good your systems are impacted. If you are using any currently available version of SUSE Linux Enterprise Server 10, 11 or 12, or a derivative server operating system product, your systems are likely to be affected.

All versions of BIND 9, beginning with and including BIND 9.1.0, up to BIND 9.9.7-P1 and BIND 9.10.2-P2 are vulnerable. You should verify which versions of BIND you are using with your SUSE Linux Enterprise server operating systems, and update them if necessary.

Are there cases of hackers using this vulnerability in BIND to execute a denial of service attack?

There are no known public exploits resulting from this vulnerability to date. However, the relative ease with which a DoS attack can be initiated using this BIND code defect suggests we may soon start to hear about them more frequently.

What should I do to maximize services availability on my systems?

Because this code defect occurs relatively early in packet processing before limits on authoritative or recursive services are applied, blocking DoS attacks using access control lists or server configuration is not feasible. Deployment of a patched version is the recommended fix. Patches that update BIND and close this vulnerability are available for SUSE customers.

Where can I go for more information?

More information about this code defect, and how to mitigate the risk of a DoS is available below: