Bind 9 Recursion Vulnerability

Lee-E
Lee-E used Ask the Experts™
on
Can anyone tell me what the vulnerability is in the most recent release of Bind is regarding Forwarding and Recursive lookups?  

We want to implement GSLB(Global Server Load Balancing) on our Netscalers and the only way I know how to do that is to forward requests for my subdomain from the main DNS Server.  

The DNS team is saying that it is a major security risk to allow recursion but my understanding is that bind 9.5 patched this vulnerability right?  They are saying that if someone tries a recursive lookup our Netscalers will get DOS'd and that it wouldn't just send recursive lookups for the subdomain.  

I have googled and searched but I cannot get a clear answer on if this  has been patched or not.  We have it set up and running in a lab just fine so I know it can be done with Unix based Bind and Netscaler GSLB using recursion.

Any Bind guru's out there?

Thanks!

John
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Linux Systems Admin
Commented:
See
https://www.isc.org/software/bind/security
The most recent advisories are listed there and a links to a complete listing.
It also contains a link to the international CVE registry (Common Vulnerabilities and Exposures)

Author

Commented:
I was directed to a site that referenced vulnerabilities but An "A" would have included why recursion is an issue.

It was very helpful though.

John

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial