BIND 9.8.0-P4

Mark Andrews marka at
Tue Jul 5 13:17:02 UTC 2011


   BIND 9.8.0-P4 is security patch for BIND 9.8.0.

   Please see the CHANGES file in the source code release for a complete
   list of all changes.


   The latest versions of BIND 9 software can always be found on our web
   site at There you will find
   additional information about each release, source code, and some
   pre-compiled versions for certain operating systems.


   Product support information is available on for paid support options. Free
   support is provided by our user community via a mailing list.
   Information on all public email lists is available at

Security Fixes


     * Using Response Policy Zone (RPZ) with DNAME records and querying
       the subdomain of that label can cause named to crash. Now logs that
       DNAME is not supported. [RT #24766]
     * If named is configured to be both authoritative and resursive and
       receives a recursive query for a CNAME in a zone that it is
       authoritative for, if that CNAME also points to a zone the server
       is authoritative for, the recursive part of name will not follow
       the CNAME change and the response will not be a complete CNAME
       chain. [RT #24455]
     * Using Response Policy Zone (RPZ) to query a wildcard CNAME label
       with QUERY type SIG/RRSIG, it can cause named to crash. Fix is
       query type independant. [RT #24715] [CVE-2011-1907]
     * Change #2912 (see CHANGES) exposed a latent bug in the DNS message
       processing code that could allow certain UPDATE requests to crash
       named. This was fixed by disambiguating internal database
       representation vs DNS wire format data. [RT #24777] [CVE-2011-2464]

Thank You

   Thank you to everyone who assisted us in making this release possible.
   If you would like to contribute to ISC to assist us in continuing to
   make quality open source software, please visit our donations page at
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE:	+61 2 9871 4742		         INTERNET: marka at

More information about the bind-workers mailing list