https://support.menandmice.com/jforum/posts/list/10.page JForum - http://www.jforum.net
When an authoritative server processes a successful IXFR transfer or a dynamic update, there is a small window of time during which the IXFR/update coupled with a query may cause a deadlock to occur. This deadlock will cause the server to stop processing all requests. A high query rate and/or a high update rate will increase the probability of this condition.

more information
http://www.isc.org/software/bind/advisories/cve-2011-0414

[b]Workarounds:[/b]
Depending on your performance requirements, a work-around may be available. ISC was not able to reproduce this defect in 9.7.2 using -n1, which causes named to use only one worker thread, thus avoiding the deadlock. If your server is powerful enough to serve your data with a single processor, this option may be fast to implement until you have time to perform an upgrade.

[b]Active exploits:[/b]
None known, but a description of the issue is available in the release notes for BIND 9.6.3 and 9.7.3.

[b]Solution:[/b]

If you run BIND 9.7.1 or 9.7.2, upgrade to BIND 9.7.3. Earlier versions are not vulnerable. If you run BIND 9.6.x, 9.6-ESV-Rx, or 9.4-ESV-R4, you do not need to upgrade.

BIND 9.5 is End of Life and is not supported by ISC. BIND 9.8 is not vulnerable.
]]> https://support.menandmice.com/jforum/posts/preList/234/973.page https://support.menandmice.com/jforum/posts/preList/234/973.page GMT