Introduction

BIND 9.8.0-P1 is security patch for BIND 9.8.0.

Please see the CHANGES file in the source code release for a complete list of all changes.

Download

The latest development versions of BIND 9 software can always be found on our web site at http://www.isc.org/downloads/development. There you will find additional information about each release, source code, and some pre-compiled versions for certain operating systems.

Support

Product support information is available on http://www.isc.org/services/support for paid support options. Free support is provided by our user community via a mailing list. Information on all public email lists is available at https://lists.isc.org/mailman/listinfo.

Security Fixes

9.8.0-P1

  • BIND 9.8.0 introduced Response Policy Zones (RPZ), a mechanism for modifying DNS responses returned by a recursive server according to a set of rules which are either defined locally or imported from a reputation provider.

    In typical configurations, RPZ is used to force negative (NXDOMAIN) responses for untrusted names. However, it can also be used to replace the answer for a given query, returning a positive response defined by local policy.

    In BIND 9.8.0, when an RPZ was configured to replace the answer RRset for a given name, a query of type RRSIG for that name could trigger an assertion failure and cause the name server process to exit. [RT #24280] [CVE-2011-1907]

Known issues in this release

  • None.

Thank You

Thank you to everyone who assisted us in making this release possible. If you would like to contribute to ISC to assist us in continuing to make quality open source software, please visit our donations page at http://www.isc.org/supportisc.