CVE-2010-0213

Name of the Vulnerable Software and Affected Versions BIND versions 9.7.1 through 9.7.1-P1

Description The issue allows remote attackers to cause a denial of service, resulting in an infinite loop. This occurs when a recursive validating server has a trust anchor configured statically or via DNSSEC Lookaside Validation (DLV), and it receives a query for an RRSIG record whose answer is not in the cache. As a result, the server repeatedly sends RRSIG queries to the authoritative servers.

Recommendations For BIND versions 9.7.1 through 9.7.1-P1, consider disabling DNSSEC Lookaside Validation (DLV) as a temporary workaround to minimize the risk of exploitation. Restrict access to RRSIG records to prevent infinite loop scenarios until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.