Add it to your Download Basket!
Add it to your Watch List!
What's new in BIND 9.10.1-P1:
- Security Fixes:
- A flaw in delegation handling could be exploited to put named into an infinite loop, in which each lookup of a name server triggered additional lookups of more name servers. This has been addressed by placing limits on the number of levels of recursion named will allow (default 7), and on the number of queries that it will send before terminating a recursive query (default 50). The recursion depth limit is configured via the max-recursion-depth option, and the query limit via the max-recursion-queries option. The flaw was discovered by Florian Maury of ANSSI. For more information, see the security advisory at https://kb.isc.org/article/AA-01216/. [CVE-2014-8500] [RT #37580] (**)
- Two separate problems were identified in BIND's GeoIP code that could lead to an assertion failure. One was triggered by use of both IPv4 and IPv6 address families, the other by referencing a GeoIP database in named.conf which was not installed. ISC would like to thank Felipe Ecker for his help discovering these vulnerabilities. For more information, see the security advisory at https://kb.isc.org/article/AA-01217/. [CVE-2014-8680] [RT #37672] [RT #37679] (**)
- A less serious security flaw was also found in GeoIP: changes to the geoip-directory option in named.conf may be incomplete when running rndc reconfig, rndc reload, or sending SIGHUP to named. In theory, this could allow named to allow access to unintended clients or serve wrong data based on geolocation configuration. [RT #37720] (**)
- LICENSE TYPE:
- OUR RATING:
- DEVELOPED BY:
- ISC Software
- USER RATING:
- ROOT \ Internet \ DNS
Originally written at University of California at Berkeley, BIND was underwritten by numerous organizations, including Sun Microsystems, HP, Compaq, IBM, Silicon Graphics, Network Associates, U.S. Defense Information Systems Agency, USENIX Association, Process Software Corporation, Nominum, and Stichting NLNet – NLNet Foundation.
As mentioned, BIND comprises of a domain name system server, a domain name system resolver library and software tools for testing servers. While the DNS server implementation is in charge of answering all the received questions by using the rules stated in the official DNS protocol standards, the DNS resolver library resolves questions about domain names.
Supported operating systems
BIND has been specifically designed for the GNU/Linux platform and it should work well with any distribution of Linux, including Debian, Ubuntu, Arch Linux, Fedora, CentOS, Red Hat Enterprise Linux, Slackware, Gentoo, openSUSE, Mageia, and many others. It supports both 32-bit and 64-bit instruction set architectures.
The project is distributed as a single, universal tarball that includes the source code of BIND, allowing users to optimize the software for their hardware platform and operating system (see above for supported OSes and architectures).
BIND was reviewed by Marius Nestor, last updated on December 8th, 2014