pl
en
BIND 9 is vulnerable to remote Denial-of-Service attack (CVE-2011-4313). The vulnerable code is located in query.c file and the server itself crashes after logging: : INSIST(! dns_rdataset_isassociated(sigrdataset)) message. It seems that the vulnerability has been found by accindent due to error in network traffic, traffic samples shows evidence that this was rather another accident and not deliberate action.
This vulnerability is critical to all service providers relying on BIND as their core DNS server. Recommended solution is to apply appropriate upgrade or patch, in case of FreeBSD and NetBSD systems such patches are provided for the operating system for example.
It is interesting to note that even today, vulnerabilities can still be found accidentally in popular software packages.