Two vulnerabilities in the popular BIND 9 DNS server jeopardise the server's stability and can cause the service to crash. One of the flaws can be exploited remotely via specially crafted UPDATE requests and affects both recursive and authoritative servers. The developers say that the nature of the defect makes it impossible to prevent potential attacks using Access Control Lists (ACLs).
The second defect is triggered by flawed request processing in servers that use "Response Policy Zones" (RPZs). Certain DNAME and CNAME records will cause BIND to crash. The intended use of the RPZ feature is to specify domain names that are not to be resolved. The domain names in question can, for instance, be established via a reputation database. RPZ is designed to counteract the thousands of spamming and malware domains that are registered every day.

The link for this article located at H Security is no longer available.