BIND 9.8.0-P4 is security patch for BIND 9.8.0.

Please see the CHANGES file in the source code release for a complete list of all changes.


The latest versions of BIND 9 software can always be found on our web site at There you will find additional information about each release, source code, and some pre-compiled versions for certain operating systems.


Product support information is available on for paid support options. Free support is provided by our user community via a mailing list. Information on all public email lists is available at

Security Fixes


  • Using Response Policy Zone (RPZ) with DNAME records and querying the subdomain of that label can cause named to crash. Now logs that DNAME is not supported. [RT #24766]
  • If named is configured to be both authoritative and resursive and receives a recursive query for a CNAME in a zone that it is authoritative for, if that CNAME also points to a zone the server is authoritative for, the recursive part of name will not follow the CNAME change and the response will not be a complete CNAME chain. [RT #24455]
  • Using Response Policy Zone (RPZ) to query a wildcard CNAME label with QUERY type SIG/RRSIG, it can cause named to crash. Fix is query type independant. [RT #24715] [CVE-2011-1907]
  • Change #2912 (see CHANGES) exposed a latent bug in the DNS message processing code that could allow certain UPDATE requests to crash named. This was fixed by disambiguating internal database representation vs DNS wire format data. [RT #24777] [CVE-2011-2464]

Thank You

Thank you to everyone who assisted us in making this release possible. If you would like to contribute to ISC to assist us in continuing to make quality open source software, please visit our donations page at