bind10-devel-20120119 recurrent RRSIG query warnings

JINMEI Tatuya / 神明達哉 jinmei at isc.org
Tue Feb 28 19:18:14 UTC 2012


At Sat, 25 Feb 2012 16:32:23 +0000,
"Spain, Dr. Jeffry A." <spainj at countryday.net> wrote:

> >> 2012-02-24 03:36:50.926 DEBUG [b10-auth.datasrc] DATASRC_QUERY_PROCESS 
> >> processing query 'jaspain.net./RRSIG' in the 'IN' class
> >> 2012-02-24 03:36:50.927 WARN  [b10-auth.datasrc] DATASRC_QUERY_RRSIG 
> >> unable to answer RRSIG query @@Missing placeholder %1 for 'jaspain.net.'@@
> > 
> >> The warning messages seem to have some improper parameter substitution obscuring their meaning. What is the significance of this, if any? Thanks.
> 
> > Sorry for the mess.  I believe the 1-line patch copied below should fix it.  It's already in the master version and will appear in the next release.
> 
> I correlated these warning messages with a packet capture. The queries for jaspain.net RRSIG are originating from resolver2.atlanta.linode.com via both IPv4 and IPv6. There are other queries from li174-113.members.linode.com. My guess is that this is a denial-of-service attack to which bind 9.7.1 was vulnerable (it entered an infinite loop). See http://www.isc.org/software/bind/advisories/cve-2010-0213. Bind10-devel-20120119 apparently is not vulnerable, so good on you. Thanks. Jeff.

Yeah, but it's a vulneratibily for the BIND 9 resolver, so, even
without considering the code base is different it's not surprising
BIND 10 is "not vulnerable".  Anyway thanks for the check.

---
JINMEI, Tatuya
Internet Systems Consortium, Inc.


More information about the bind10-users mailing list