Security focus – Bind vulnerability (CVE-2020-8616) – 20th May 2020

Preface: BIND is open source software that enables you to publish your Domain Name System (DNS) information on the Internet, and to resolve DNS queries for your users.

About traditional DNS attack: An example of a DoS attack is the SYN
flood, which uses a the TCP SYN packet to create half open TCP connections on the server, which lead to the server having a massive pool of half open TCP connections and not allowing for anymore connections from legitimate hosts.

Vulnerability details: The recursion refers to the process of having the DNS server itself to make queries to other DNS servers on behalf of the client who made the original request.
In order for a server performing recursion to locate records in the DNS graph it must be capable of processing referrals, such as those received when it attempts to query an authoritative server for a record which is delegated elsewhere. But the original design did not have limitation. So such circumstance can potentially degrade the performance of DNS server. Official announcement shown in this url:

Additional vulnerability:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.