ISC BIND DNS DoS

April 1, 2016

Berkeley Internet Name Domain (BIND) is the Domain Name Service implementation suit maintained by Internet Systems Consortium (ISC). BIND can be used for purpose of keeping and responding to requests regarding authoritative information about domains as well as it can act as recursive name server.

A DNS message consists of several types of resource records (RRs) like type A and AAAA to specify details about DNS resources and entities. Extension Mechanism for DNS (EDNS0) is used to send additional capability information like Payload Size which uses OPT pseudo-RR. This pseudo RR contains various options, one of them is DNS Cookie Option which is used to provide security for clients and servers against DoS and forgery attacks.

BIND is prone to DoS. Function process_opt() is called when BIND receives OPT pseudo-RR which checks variables, sitbad and sitgood are zero upon receiving COOKIE option using INSIST assertion and then it sets one of the variables to one according to cookie received. If it encounters second COOKIE option, it leads to an assertion failure because of previously set one of sitbad or sitgood variables. This causes BIND to terminate.

Remote attacker can exploit this vulnerability by sending crafted DNS messages which can lead to Daniel of service condition.

This vulnerability affects the following products:

  • ISC BIND 9.10.0 through 9.10.3-P3

Dell SonicWALL Threat Research Team has researched this vulnerability and released following signatures to protect their customers:

  • IPS:11525 ISC BIND Cookie Option DoS