## page was renamed from DNS/BIND/bug
DNS/BIND/bugについて、ここに記述してください。

http://www.isc.org/software/bind/security/matrix
[[/security_matrix]] ftp://ftp.isc.org/isc/bind9/

Kaminsky bug: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
  BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; 

http://www.cvedetails.com/vulnerability-list/vendor_id-64/product_id-144/version_id-71685/ISC-Bind-9.5.0-p1.htm
{{{
< 	--- 9.5.0-P1 released ---
< 
< 2375.   [security]      Fully randomize UDP query ports to improve
< 			forgery resilience. [RT #17949]
< 
}}}

その後：　まともな対策はされなかったらしい。　（問題点を理解していなかったのか。）
{{{
3 	CVE-2009-4022 				2009-11-25 	2011-07-18 	
2.6
	None 	Remote 	High 	Not required 	None 	Partial 	None
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438. 
}}}

こう書いているということは、キャッシュ毒盛攻撃はport randomizationで十分対応できていると考えてもよさそうだ。
-- ToshinoriMaeno <<DateTime(2011-08-14T23:11:09+0900)>>

https://www.scmagazineus.com/new-bind-9-dns-flaw-is-worse-than-kaminskys/article/140872/

<<MonthCalendar(,,,,,False)>>

http://jprs.jp/tech/security/2011-07-05-bind9-vuln-remote-packet-auth-and-recurse.html
 （緊急）BIND 9.xの脆弱性を利用したサービス不能（DoS）攻撃について
  - キャッシュ／権威DNSサーバーの双方が対象、バージョンアップを強く推奨 -

http://jprs.jp/tech/security/2011-07-05-bind98-vuln-rpz-dname.html 
   BIND 9.8.xのResponse Policy Zones（RPZ）機能の実装上のバグによる
  namedのサービス停止について - バージョンアップを強く推奨 -


5月末にもなにかあったが。

-----
https://lists.isc.org/pipermail/bind-announce/2011-March/000685.html

    BIND 9.6-ESV-R4 is a maintenance release for BIND 9.6-ESV. It is critical for those using DNSSEC validation, and strongly recommended otherwise.