Hi

[supriya samanta]

Hello All,

       

As per ISC security bulletin CVE-2009-4022 There is a problem with BIND 9 Cache Update From Additional Section

   

Problem Description: A Nameserver with DNSSEC validation enabled may incorrectly add records to its cache from the additional section of responses received during resolution of a recursive client query.This behavior only occurs when processing client queries with checking disabled

(CD).It may occur both when requesting,and not when requesting,DNSSEC records(DO).If the nameserver is authoritative-only this will not occur.

 

We have some business requirement where we need to reproduce the problem.

 

Could anyone advice a test case which I may use or direct me to some website which could be useful for this purpose.

 

Any help will be appreciated.

 

Many Thanks,

Supriya Samanta

[Danny Mayer]

supriya samanta wrote:
> Hello All,
>

> As per ISC security bulletin *CVE-2009-4022* There is a problem with

> BIND 9 Cache Update From Additional Section
>

> *Problem Description:* A Nameserver with DNSSEC validation enabled may

> incorrectly add records to its cache from the additional section of
> responses received during resolution of a recursive client query.This
> behavior only occurs when processing client queries with checking disabled
> (CD).It may occur both when requesting,and not when requesting,DNSSEC
> records(DO).If the nameserver is authoritative-only this will not occur.
>
> We have some business requirement where we need to reproduce the problem.
>
> Could anyone advice a test case which I may use or direct me to some
> website which could be useful for this purpose.
>

You should contact ISC directly about this rather than the mailing list.

Danny

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.