Some of the most widely used DNS software, Bind 9, is suffering unexpected crashes, prompting some security experts to speculate whether servers are suffering from zero-day attacks.
The Internet Systems Consortium (ISC), which maintains Bind, warned on Wednesday that nameservers running Bind 9 were crashing.
"Organisations across the internet reported crashes interrupting service on Bind 9 nameservers performing recursive queries," ISC said in an advisory. "Affected servers crashed after logging an error in query.c with the following message: 'INSIST(! dns_rdataset_isassociated(sigrdataset))' Multiple versions were reported being affected, including all currently supported release versions of ISC Bind 9."
ISC said there were no workarounds, and that Bind users should update to one of the following patched versions: Bind 9.8.1-P1; Bind 9.7.4-P1; Bind 9.6-ESV-R5-P1; Bind 9.4-ESV-R5-P1.
Security training organisation Sans Institute said that there was a potential zero-day issue with Bind 9 in a blog post on Wednesday.
"Several honeypots have been hit with unsolicited recursive DNS queries," said Sans. "While the query itself is normal, it is possible that this is part of a scan looking for servers that may be vulnerable. If you happen to be monitoring your DNS, and you notice a recursive request, let us know."