COMMAND

    BIND

SYSTEMS AFFECTED

    BIND 9.1.0

PROBLEM

    Several people found out that when  using nmap (e.g. O -sT -p  53)
    will bring down Your Bind.  Maarten de Vries was the first one  to
    notice this.

    The "problem" probably lies in  file netaddr.c in bind 9.1.0, line
    231  with  "INSIST(0);"   You  can  compile named without asserts.
    (#define ISC_CHECK_NONE in include/isc/assertions.h).

        void
        isc_netaddr_fromsockaddr(isc_netaddr_t *t, const isc_sockaddr_t *s) {
	        int family = s->type.sa.sa_family;
	        t->family = family;
	        switch (family) {
                case AF_INET:
		        t->type.in = s->type.sin.sin_addr;
                        break;
                case AF_INET6:
		        memcpy(&t->type.in6, &s->type.sin6.sin6_addr, 16);
                        break;
                default:
                        INSIST(0);
                }
        }

    Searching for  INSIST in  source code  tree also  reveals this  in
    "bin/tests/system/resolver/tests.sh":

        "# If the server has the "INSIST(!external)" bug, this query will kill it.
        $DIG +tcp www.example.com. a @10.53.0.1 -p 5300 >/dev/null || status=1"

    Here's a summary:
    * The 'bug' seems to manifest itself randomly.  This might explain
      why relatively few people were able to reproduce it.
    * Running nmap without  any options at all  can crash it; no  need
      for '-O -St' or somesuch.
    * Nessus was reported by someone to have the same effect.
    * Besides  Free- Open-  and NetBSD  folks, some  Linux users  with
      various kernels confirmed findings as well.

SOLUTION

    Bind 9.1.1rc1 is now available, and may resolve this issue.   More
    info on this is available at:

        http://www.isc.org/products/BIND/bind9-beta.html

    and the software itself is here:

        ftp://ftp.isc.org/isc/bind9/9.1.1rc1/bind-9.1.1rc1.tar.gz