isc

Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. Thi…

If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in ca…

Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded p…

A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server…

The TLS certificate validation code is flawed. An attacker can obtain a TLS certificate from the Stork server and use it to connect to the Stork agen…

To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods…

If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name ca…

A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these …

A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect <domain>;` is configured,…

The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS …