New BIND 9 releases: 9.18.44, 9.20.18, 9.21.17

lasse at skrutten.nu lasse at skrutten.nu
Wed Jan 21 17:00:03 UTC 2026 

I believe dnsdist can do this
https://www.powerdns.com/powerdns-dnsdist






-----Original Message-----
From: bind-users <bind-users-bounces at lists.isc.org> On Behalf Of Ondřej Surý
Sent: Wednesday, 21 January 2026 17:53
To: Sebby, Brian A. <sebby at anl.gov>
Cc: bind-users at lists.isc.org
Subject: Re: New BIND 9 releases: 9.18.44, 9.20.18, 9.21.17

> Does this apply to all resolvers that support these record types

Yes

> Is there any way to configure BIND to not support serving these types of records?

No. You can probably delete the implementation and recompile the old version, but then it just might be easier to upgrade (or apply the patch for these two).

Ondrej
--
Ondřej Surý (He/Him)
ondrej at isc.org

My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.

> On 21. 1. 2026, at 17:49, Sebby, Brian A. via bind-users <bind-users at lists.isc.org> wrote:
> 
> I apologize; I accidentally hit Send before completing my message.
> 
> Just for a bit of clarity, the security vulnerability indicates that it can cause a resolver to crash with malformed BRID or HHIT records.  Does this apply to all resolvers that support these record types, or only in cases where your server does serve records of these types?  I’m assuming the former but just wanted to check.  Is there any way to configure BIND to not support serving these types of records?
> 
> 
> Thanks,
> 
> Brian
> 
> -- 
> Brian Sebby (he/him/his)      |  Lead Systems Engineer
> Email: sebby at anl.gov          |  Information Technology Infrastructure
> Phone: +1 630.252.9935        |  Business Information Services
> Cell:  +1 630.921.4305        |  Argonne National Laboratory
> From: Sebby, Brian A. <sebby at anl.gov>
> Date: Wednesday, January 21, 2026 at 10:44 AM
> To: bind-users at lists.isc.org <bind-users at lists.isc.org>
> Subject: Re: New BIND 9 releases: 9.18.44, 9.20.18, 9.21.17
> 
> Just for a bit of clarity, the security vulnerability indicates that 
> it can cause a resolver to crash with malformed BRID or HH
> 
> -- 
> Brian Sebby (he/him/his)      |  Lead Systems Engineer
> Email: sebby at anl.gov          |  Information Technology Infrastructure
> Phone: +1 630.252.9935        |  Business Information Services
> Cell:  +1 630.921.4305        |  Argonne National Laboratory
> From: bind-announce <bind-announce-bounces at lists.isc.org> on behalf of 
> Suzanne Goldlust <sgoldlust at isc.org>
> Date: Wednesday, January 21, 2026 at 7:03 AM
> To: bind-announce at lists.isc.org <bind-announce at lists.isc.org>
> Subject: New BIND 9 releases: 9.18.44, 9.20.18, 9.21.17
> 
> This Message Is From an External Sender This message came from outside 
> your organization.
>   Our January 2026 maintenance releases of BIND 9 are available and can be downloaded from the links below. Packages and container images provided by ISC will be updated later today.
> 
> In addition to bug fixes and feature improvements, these releases also contain fixes for a security vulnerability. More information can be found in the following Security Advisory:
> 
> https://urldefense.us/v3/__https://kb.isc.org/docs/cve-2025-13878__;!!
> G_uCfscf7eWS!d0s-4i1hti59FxMTbbE4MFk1Sq6MdrsFh95Ob-Mt064-pwP5hDq1UeJQf
> 4Ixna0nEpQ8OIROe1yRJew$
> 
> A link to each newly-released version follows. Each release directory includes a complete source tarball, cryptographic signature, and release notes. The release notes provide a summary of significant changes, and should be reviewed before upgrading.
> 
> - Current supported stable branches:
> 
> - 9.18.44 - 
> https://urldefense.us/v3/__https://downloads.isc.org/isc/bind9/9.18.44
> /__;!!G_uCfscf7eWS!d0s-4i1hti59FxMTbbE4MFk1Sq6MdrsFh95Ob-Mt064-pwP5hDq
> 1UeJQf4Ixna0nEpQ8OIROLLuMLQw$
> - 9.20.18 - 
> https://urldefense.us/v3/__https://downloads.isc.org/isc/bind9/9.20.18
> /__;!!G_uCfscf7eWS!d0s-4i1hti59FxMTbbE4MFk1Sq6MdrsFh95Ob-Mt064-pwP5hDq
> 1UeJQf4Ixna0nEpQ8OIROMXXa1DI$
> 
> - Experimental development branch:
> 
> - 9.21.17 - 
> https://urldefense.us/v3/__https://downloads.isc.org/isc/bind9/9.21.17
> /__;!!G_uCfscf7eWS!d0s-4i1hti59FxMTbbE4MFk1Sq6MdrsFh95Ob-Mt064-pwP5hDq
> 1UeJQf4Ixna0nEpQ8OIROrLsT550$
> 
> For more information and other release formats, consult the ISC 
> software download page: 
> https://urldefense.us/v3/__https://www.isc.org/download/__;!!G_uCfscf7
> eWS!d0s-4i1hti59FxMTbbE4MFk1Sq6MdrsFh95Ob-Mt064-pwP5hDq1UeJQf4Ixna0nEp
> Q8OIRO9iZzXSA$
> 
> ---
> 
> As a reminder, BIND’s supported platforms are listed in the ARM (https://urldefense.us/v3/__https://bind9.readthedocs.io/en/stable/chapter2.html*supported-platforms__;Iw!!G_uCfscf7eWS!d0s-4i1hti59FxMTbbE4MFk1Sq6MdrsFh95Ob-Mt064-pwP5hDq1UeJQf4Ixna0nEpQ8OIROyUh2pHU$) and in this knowledgebase article (https://urldefense.us/v3/__https://kb.isc.org/docs/supported-platforms__;!!G_uCfscf7eWS!d0s-4i1hti59FxMTbbE4MFk1Sq6MdrsFh95Ob-Mt064-pwP5hDq1UeJQf4Ixna0nEpQ8OIRO-WnT8VQ$).
> --
> bind-announce mailing list
> bind-announce at lists.isc.org
> https://urldefense.us/v3/__https://lists.isc.org/mailman/listinfo/bind
> -announce__;!!G_uCfscf7eWS!d0s-4i1hti59FxMTbbE4MFk1Sq6MdrsFh95Ob-Mt064
> -pwP5hDq1UeJQf4Ixna0nEpQ8OIRO1Jf2C5o$
> 
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list.

--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list.

More information about the bind-users mailing list