ISC BIND upstream recently released a fix: [1] http://www.isc.org/software/bind/advisories/cve-2010-0213 for a deficiency in the way BIND processed certain RRSIG queries. More exact details from [1]: If a query is made explicitly for a record of type 'RRSIG' to a validating recursive server running BIND 9.7.1 or 9.7.1-P1, and the server has one or more trust anchors configured statically and/or via DLV, then if the answer is not already in cache, the server enters a loop which repeatedly generates queries for RRSIGs to the authoritative servers for the zone containing the queried name. Affected BIND versions: v9.7.1, v9.7.1-P1 References: [2] http://www.kb.cert.org/vuls/id/211905 (not available yet) [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0213 (not available yet) Credit: Upstream acknowledges Marco Davids of SIDN for discovering and testing the issue.
This issue did NOT affect the versions of the bind package, as shipped with Red Hat Enterprise Linux 3, 4, or 5. This issue did NOT affect the version of the bind package, as shipped with Fedora release of 12. This issue affects the version of the bind package, as shipped with Fedora release of 13. Updates will be available shortly.
Statement: Not vulnerable. This issue did not affect the versions of the bind as shipped with Red Hat Enterprise Linux 3, 4, or 5.
bind-9.7.1-2.P2.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.