Patches designed to address the DNS flaw that was recently made public have slowed servers running the Berkeley Internet Name Domain (BIND), which is used on the majority of name serving machines on the internet.
Internet Systems Consortium (ISC) head, Paul Vixie, is reported as saying that there were issues that might affect the performance of high-traffic recursive servers that received more than 10,000 queries a second. He says an update of the patch [P2] for BIND will be available in the next week or so. This would “allow TCP queries and zone transfers while issuing as many outstanding UDP queries as possible”.
He added that organisations should not hold off installing P1, which was launched on July 8, in the meantime – even if servers run slowly as a result – because the vulnerability will be a far worse scenario. Beta versions of the second patch for BIND 9.4.3 and BIND 9.5.1 are currently available.
Microsoft's first-round patch has also caused problems, with its July 8 DNS update – MS08-037 – said to cause interruptions in the exchange server systems. Some users running Windows Small Business Server had no access to the internet.
As reported by SC earlier this month, security researcher Dan Kaminsky had intended to reveal details on the DNS vulnerability – that could allow hackers to redirect system traffic undetected – at Black Hat, the technical security conference later this year.
He had kept details under wraps to give ISPs time to patch the breach but did not give any details of the matter. He went on to urge IT security staff to patch the flaw after the bug was made public when security researcher Halvar Flake posted his speculation on his own blog and this was subsequently confirmed by a security firm amid much criticism.
Unchecked the bug allows hackers to impersonate any website, such as Google or banking sites, potentially causing chaos.