bind-9.8.1: INSIST(! dns_rdataset _isassociated(sigrdataset)) failed
jw354 at cornell.edu
Thu Nov 17 14:32:12 UTC 2011
I assume ISC does not deliberately insert aborts
triggerable by bad data in DNS queries and answers.
Much more likel,y they do it when something happens
that is supposed to be logically impossible whatever the
incoming data, and implies continuing to run is
potentially insecure and/or will just create a
subsequent, more obscure crash. I assume the fact
that bad data triggered an abort is due to a bug.
That said, in this case they might be changing this
specific abort to a warning, fixing up what state
they can and crossing their fingers.
On Nov 16, 2011, at 7:35 AM, David Ford wrote:
> can we have a paradigm shift from ISC please? instead of falling over
> dead with insist/assert, please bleat a warning and drop the
> issue on the floor instead and press on with business. many BIND DoS
> attacks (and zone typos) are very effective for just this reason.
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
> bind-users mailing list
> bind-users at lists.isc.org
More information about the bind-users