|Denial of service
DNAME records, described in RFC 6672, provide a way to redirect a subtree of the domain name tree in the DNS. A flaw in the way "named" processes these records may trigger an attempt to add the same RRset to the ANSWER section more than once. In BIND before version 9.16.14, when a vulnerable version of "named" receives a query for a record triggering the flaw described above, the "named" process will terminate due to a failed assertion check.
|29 Apr 2021