Operational Notification: Some releases of BIND are too strict when handling referrals containing non-empty answer sections

Michael McNally mcnally at isc.org
Wed Sep 19 23:04:42 UTC 2018 

Posting date:        19 September 2018
Program Impacted:    BIND
Versions affected:   9.12.0 -> 9.12.2-P1. Also releases 9.13.0 ->
                     9.13.3 of the 9.13 development branch

Description:

   An unexpected side-effect introduced into the BIND 9.12 branch
   during code refactoring causes referrals with non-empty answer
   sections to be treated as errors, potentially preventing resolution
   of names when it involves referrals from servers providing such
   responses.

Impact:

   A properly constructed referral should not contain information
   in the answer section but prior to the BIND 9.12 branch named
   would tolerate such replies if they were otherwise comprehensible
   as a referral. Beginning with BIND 9.12.0 such messages were
   treated as errors, causing a situation where names which could
   be resolved by prior branches of BIND were no longer resolvable
   due to the stricter interpretation.

Workarounds: none

   Solution: If you are running a version affected by this bug you
   can prevent it by upgrading to a release containing the fix which
   reverses the change in behavior. The patched version can be
   downloaded from http://www.isc.org/downloads/all.

   +  BIND 9 version 9.12.2-P2

Do you have Questions? Questions regarding this notification should
go to support at isc.org.

Additional information on our Operational Notifications is here:
https://www.isc.org/software/notifications, and Phased Disclosure Process
is here: https://www.isc.org/security-vulnerability-disclosure-policy

Legal Disclaimer:

   Internet Systems Consortium (ISC) is providing this notice on
   an "AS IS" basis. No warranty or guarantee of any kind is expressed
   in this notice and none should be inferred. ISC expressly excludes
   and disclaims any warranties regarding this notice or materials
   referred to in this notice, including, without limitation, any
   implied warranty of merchantability, fitness for a particular
   purpose, absence of hidden defects, or of non-infringement. Your
   use of, or reliance on, this notice or materials referred to in
   this notice is at your own risk. ISC may change this notice at
   any time.

More information about the bind-announce mailing list