Hi, I am sorry for being so dense but I am confused about what to do about protecting my BIND DNS servers running 9.9.1-P4 from the regex issue.
The link https://kb.isc.org/article/AA-00871 says this ... Impact: ... Intentional exploitation of this condition can cause denial of service in all authoritative and recursive nameservers running affected versions of BIND 9 [all versions of BIND 9.7, BIND 9.8.0 through 9.8.5b1 (inclusive) and BIND9.9.0 through BIND 9.9.3b1 (inclusive)]. OK ... I run 9.9.1-P4 so my DNS server could be affected by this issue. But later on in the link it says ... Solution: Compile BIND 9 without regular expression support as described in the "Workarounds" section of this advisory or upgrade to the patched release most closely related to your current version of BIND. These can be downloaded from http://www.isc.org/downloads/all. * BIND 9 version 9.9.2-P2 But its 9.9.2-P2 with in BIND9.9.0 through BIND 9.9.3b1? So is 9.9.2-P2 also affected? If I build from the 9.9.2-P2 tarball do I need to patch the config.h as discussed in the "Workarounds" section? Thanks Red
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
