How to fix for DoS vulnerability in BIND DNS service? Linux

BIND DNS servers versions 9.1.0 to 9.9.7-P1 and 9.10.2-P2 allow a remote attacker to exploit an error in handling TKEY queries to launch a Denial of Service DoS vulnerability in BIND DNS service, server crashing.

You should consider patching if the cPanel/WHM, Odin Plesk, or DirectAdmin servers are not patched.

There is no workaround to bypass this vulnerability. The only solution is to apply the patch to fix it. All major Linux vendors have already released patches for this vulnerability.

RedHat and CentOS Servers

Run the below command

# yum update bind

Enable Continuous Release (CR) Repository to get this patch. To Install and enable CR repo and update the BIND, the following commands need to be executed –

# yum install centos-release-cr

# yum-config-manager –enable cr

# yum update bind

To disable the CR repo, execute the following command

# yum-config-manager –disable cr

Debian and Ubuntu Servers

# apt-get install bind9

OpenSUSE servers

                # zypper update bind

If you are unable to run a normal package upgrade in cPanel/WHM, Odin Plesk or DirectAdmin servers, you need to custom compile BIND to the latest version

At Velan, our server support engineers can help you fix DoS vulnerability in BIND DNS service issue. For details, please visit Managed IT Support Services


Quick Connect With Us