"A critical defect in BIND 9 allows an attacker to cause excessive memory
consumption in named or other programs linked to libdns.
The problem is encountered when a program compiled to link to libdns
receives a maliciously-constructed regular expression via any of several
delivery methods."
https://kb.isc.org/article/AA-0087
A specific query can cause BIND nameservers using DNS64 to exit
with a REQUIRE assertion failure.
BIND nameservers that are not using DNS64 are not at risk.
https://kb.isc.org/article/AA-00828 CVE-2012-5688
version of BIND than is in the base OS (some people require features
from this version e.g. DNS64), but note that it does not include
the hardening changes made to the version in base.
feedback from naddy@ giovanni@, ok giovanni@.
"BIND is open source software that implements the Domain Name System
(DNS) protocols for the Internet. It is a reference implementation
of those protocols, but it is also production-grade software,
suitable for use in high-volume and high-reliability applications."
