BIND 9.10.4 may have a fatal crash defect.

Michael McNally mcnally at
Wed May 11 08:49:30 UTC 2016

To our users:

Recently, on Thursday 28 April, ISC released two maintenance releases
of BIND 9:

-  BIND 9.9.9
-  BIND 9.10.4

Beginning after the release of BIND 9.10.4 we started receiving a
small number of reports from recursive server operators who have
encountered an INSIST assertion in code which checks the consistency
of the Red-Black Tree structure in which BIND stores cache information.

Based on these reports, we are concerned about the possibility
(which we are currently investigating) that this may represent a
crash bug introduced into the most recent versions of BIND and we
are advising that parties who are planning to update but have not
yet updated to BIND 9.10.4 postpone their plans until after the
issue is found and fixed.

At the current time we have no reports of crashes in BIND 9.9.9
which suggests, but does not prove, that the issue may be confined
to the BIND 9.10 and development master (9.11) branches.

We also only have crash reports from two operating systems:
MacOS X and FreeBSD.  We cannot yet conclude whether the problem
is limited to these OSes (and until we know more, recommend against
assuming so.)

As yet we are unable to say how the cache data structure is reaching
an inconsistent state and while we are working with several parties
who have encountered this bug and who are sharing crash data with us
we have not yet developed a reproduction or identified a root cause.
Updated information will be shared via this public list when
we know more.

BIND 9.10.4 is still available but is marked as "deprecated" on the page.  If you are in search of the
current stable release in the 9.10 branch we recommend BIND 9.10.3-P4

More information about the bind-users mailing list