A spate of DNS server crashes over the past couple of days is being blamed on a zero-day vulnerability that is being exploited by someone launching a series of DOS (denial of service) attacks. And so far the flaw – which allegedly affects the commonly-used BIND 9 DNS servers – has not been identified.
The Internet Systems Consortium (ISC) has issued an advisory about the problem and has released a patch to deal with the problem while the root problem is uncovered. Users of BIND 9 are being encouraged to update as soon as possible to ensure that this temporary fix is at least available for their services.
The patches don’t seem to fix the actual vulnerability, instead patching the specific error that causes the systems to crash. The flaw is said to affect BIND 9.4-ESV, 9.6-ESV, 9.7.x, and 9.8.x, but there’s no word so far as to which sites have been affected. More information on the flaw is expected to be revealed later today.