High Severity BIND Vulnerability Advisory Issued

wiredmikey writes "The Internet Systems Consortium (ISC) and US-CERT have issued a high severity vulnerability warning, discovered by Neustar, which affects BIND, the most widely used DNS software on the Internet. Successful exploitation could enable attacker to cause Bind servers to stop processing all requests. According to the disclosure, 'When an authoritative server processes a successful IXFR transfer or a dynamic update, there is a small window of time during which the IXFR/update coupled with a query may cause a deadlock to occur. This deadlock will cause the server to stop processing all requests. A high query rate and/or a high update rate will increase the probability of this condition.'"

Many companies avoid using networked nameservers.

This is not well known, but every computer connected to the Internet is capable of being its own nameserver.

Through an obscure file called hosts.txt, it is possible to store a list of domain names. Next to these names, the IP (Internet Protocol) address of the computers they represent can be added. In this fashion, all network name lookups can be self contained, or performed from the computer itself.

Professional consultants understand that an alternative to nameservers is thus possible by creating a list of machines a company may reach, then circulating that list to the company computers using P2P (peer-to-peer) filesharing. Not only does this avoid the vulnerability present in relying on yet another redundant server for basic network operations, but it also permits the company to defacto limit the webservers that employees may visit.