DNS patch causes BIND unstability

The group responsible for maintaining the internet's most popular domain name software BIND has admitted it caused problems by fast-tracking a security patch designed to fix the widescale DNS flaw discovered by researcher Dan Kaminsky this month. Paul Vixie, president of non-profit Internet Systems Consortium (ISC), the organisation which maintains BIND (the Berkeley Internet Name […]

The group responsible for maintaining the internet's most popular domain name software BIND has admitted it caused problems by fast-tracking a security patch designed to fix the widescale DNS flaw discovered by researcher Dan Kaminsky this month.

Paul Vixie, president of non-profit Internet Systems Consortium (ISC), the organisation which maintains BIND (the Berkeley Internet Name Domain), admitted yesterday the patch for BIND version 9 was unstable and recommended users to install beta (early test) versions of the software instead.

“During the development cycle we became aware of a potential performance issue on high-traffic recursive servers, defined as those seeing a query volume of greater than 10,000/queries per second,” Vixie explained via an e-mail mailing list.

The faulty patches ISC issued were for BIND 9.3, 9.4 and 9.5, and were tagged as “-P1”.

Full Article