DNS patches cause problems, developers admit
Patches released earlier this month to quash a critical bug in the Domain Name System (DNS) have slowed servers running BIND, the Internet's most popular DNS software, and crippled some systems using Windows Server.
Paul Vixie, who heads the Internet Systems Consortium (ISC), the group responsible for the BIND (Berkeley Internet Name Domain) software, acknowledged that there were problems with the July 8 fix that was rolled out as part of a multivendor update meant to patch a cache poisoning flaw discovered months before by researcher Dan Kaminsky.
"During the development cycle, we became aware of a potential performance issue on high-traffic recursive servers, defined as those seeing a query volume of greater than 10,000/queries per second," said Vixie in a message posted Monday afternoon to a BIND mailing list. "Given the limited time frame and associated risks, we chose to finish the patches ASAP and accelerate our work on the next point releases that would address the high-volume server performance concerns.
"Our immediate goal was to make patches publicly available as soon as possible," Vixie explained.
Vixie wasn't specific about the extent of the performance problems facing high-volume DNS servers, but he said that a second round of patches, due later this week, will remedy port allocation issues and "allow TCP queries and zone transfers while issuing as many outstanding UDP queries as possible."
Versions of the second update, which will be designated P2 when they're unveiled, are currently available in beta form for BIND 9.4.3 and BIND 9.5.1.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
DNS flaw
Powered by TwitterOn Twitter now
DNS flaw
Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers
Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal
Tom Henderson
Top Ten General Operating Systems Rants
pasmith
PS3 motion controller delayed; goes up against Project Natal
sjvn
Neolithic Windows security hole alive and well in Windows 7
claird
Perl source code comparison makes for good reading
mikelgan
Cell phones don't create stress or interrupt much
Sandra Henry-Stocker
How to: The Unix Interview
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
- Ubuntu advances: Why Ubuntu server installations will surge in 2010
- Social media marketing: How to make friends with benefits
- More...
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
