Red Hat Bugzilla – Bug 616706
CVE-2010-0213 BIND: DoS (infinite loop of RRSIGs queries to authoritative servers) via certain RRSIG query
Last modified: 2016-03-04 07:04:07 EST
ISC BIND upstream recently released a fix:
for a deficiency in the way BIND processed certain RRSIG queries. More
exact details from :
If a query is made explicitly for a record of type 'RRSIG' to a validating
recursive server running BIND 9.7.1 or 9.7.1-P1, and the server has one or
more trust anchors configured statically and/or via DLV, then if the answer
is not already in cache, the server enters a loop which repeatedly generates
queries for RRSIGs to the authoritative servers for the zone containing the
Affected BIND versions: v9.7.1, v9.7.1-P1
 http://www.kb.cert.org/vuls/id/211905 (not available yet)
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0213 (not
Credit: Upstream acknowledges Marco Davids of SIDN for discovering and
testing the issue.
This issue did NOT affect the versions of the bind package, as shipped
with Red Hat Enterprise Linux 3, 4, or 5.
This issue did NOT affect the version of the bind package, as shipped
with Fedora release of 12.
This issue affects the version of the bind package, as shipped with
Fedora release of 13. Updates will be available shortly.
Not vulnerable. This issue did not affect the versions of the bind as shipped with Red Hat Enterprise Linux 3, 4, or 5.
bind-9.7.1-2.P2.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.