BIND Security Advisories, Vulnerabilities, and Upgrade Recommendations

On rare occasions, software exposed to public access on the Internet is found to have some sort of flaw that could enable unauthorized access. When this happens, ISC notifies the international CVE Registry (Common Vulnerabilities and Exposures) maintained by the Mitre Corporation, and other security organizations as appropriate, such as US-CERT (Computer Emergency Readiness Team). ISC then corrects the flaw and issues an ISC Security Advisory giving users of our software our advice for how best to respond to this flaw.

This page has the complete list of all security advisories ever issued for ISC BIND.

Using obsolete versions of BIND

We recommend that you not use obsolete versions of any ISC software. It was updated for a reason. But there is one situation in which you really must not run older versions of BIND.

If a nameserver — any nameserver, whether BIND or other software — is configured to use "forwarders'', then none of its targets (the servers to which it forwards the requests) can be running BIND4 or BIND8. Upgrade all nameservers used as forwarders to a current version. There is a wide scale Kashpureff-style DNS cache corruption attack that depends on BIND4 and BIND8 being the targets of DNS forwarders. Both BIND 4 and BIND 8 have end-of-life status.

See the BIND Security Matrix for an index of the vulnerability of BIND 9 versions to all known security alerts. See the BIND Historical Security Matrix for information about the vulnerability of older versions.

Reporting a bug in BIND

Before submitting a bug report please ensure first that you are running a current version. Then send your report to [email protected]. For suggestions for new features, email [email protected].

Reporting security issues

If you need to report a security issue with any ISC product or service, please do so here.

Please see our Security Vulnerabilty Disclosure Policy for details on how we publish security vulnerabilities.