BIND Patches Make Bad Situation Worse
An anonymous reader writes "After .COM and .NET started using a wildcard, the internet community busily started
creating patches to various pieces of software to circumvent this. It was
said that this was a grave problem to the internet. Several official BIND
patches were
announced over the next few days. However, it turns out they weren't necessarily
too well thought through. Usage of the patch unexpectedly
broke at least 7 Top Level Domains, ISC announced 3 weeks later, after
users
started having problems. The .NAME registry has sent a formal letter to ICANN's Security and Stability Advisory Comittee to warn against using the BIND patch, which they will look into in their next meeting. The intention may have been good, but...
Stability? Anyone?"
It's nowhere near as difficult to set up as BIND, it's more secure than BIND, and there's a patch available to block Verisign's wildcard lookups. I've been running the patched version at home and at work since shortly after Verisign added the wildcard records and haven't had issues with any DNS queries.
20 January 2017: the End of an Error.