BIND 9.10.4 may have a fatal crash defect.

Peter van Dijk peter.van.dijk at
Thu May 12 13:44:15 UTC 2016

Hello Michael,

On 11 May 2016, at 10:49, Michael McNally wrote:

> To our users:
> Recently, on Thursday 28 April, ISC released two maintenance releases
> of BIND 9:
> -  BIND 9.9.9
> -  BIND 9.10.4
> Beginning after the release of BIND 9.10.4 we started receiving a
> small number of reports from recursive server operators who have
> encountered an INSIST assertion in code which checks the consistency
> of the Red-Black Tree structure in which BIND stores cache 
> information.

OSX Homebrew had already upgraded to 9.10.4. They are now interested in 
rolling back, but they cannot simply undo the update - ‘brew 
upgrade’ will not ‘go back’ automatically then. As there is no 
‘epoch’ support like RPM and dpkg have, something else needs to 

I’ve heard two proposals:
(1) brew fakes up a version number X that sorts 9.10.4 < X < Y, where Y 
is whatever ISC is going to release next
(2) ISC ‘clones’ 9.10.3-P4 into 9.10.5 (or 9.10.4-P1 but that seems 
wrong) so the highest version in the BIND version tree is in fact a 
stable version

There’s also
(3) do nothing, wait for ISC to figure the issue out and fix it (which 
will obviously be in a version higher than 9.10.4); doing nothing 
increases the odds of somebody running into the crash but one might 
argue that this is helpful!

I think all three options are a bit ugly, to be fair. I don’t have any 


Kind regards,
Peter van Dijk

More information about the bind-users mailing list