[LWN Logo]
[Timeline]
Date: Mon, 29 Jan 2001 10:17:19 -0800
From: susanl@connectedbrands.com
Subject: Upgrade to BIND Version 9.1 Software Imperative
To: LWN@LWN.NET

Upgrade to BIND Version 9.1 Software Imperative

Prior Releases of Domain Name System Software Are Vulnerable

Redwood City, California - January 29, 2001- Nominum, Inc.,
www.nominum.com, and Internet Software Consortium, www.isc.org, strongly
recommend that all users of the BIND Domain Name System (DNS) software
upgrade to version 9.1.  CERT Coordination Center (CERT/CC),
www.cert.org, today announced a vulnerability in older versions of the
BIND software that is used in many of the Internet domain servers.  This
vulnerability was discovered by COVERT Labs, a part of Network Associates
Inc, www.NAI.com. According to Jim Magdych, Manager of Covert Labs, "We
found the vulnerability in the older version of BIND during an intensive
audit.   Nominum and ISC responded effectively with a patch release for
the older versions, and no such vulnerability was found in their current
software."

Since its introduction in 1986, BIND (Berkeley Internet Name Domain) DNS
software has been used as the foundation for communication on the
Internet.  DNS software translates the name of a computer, which is more
easily read, understood and remembered by humans, into the required IP
network address. Most, if not all, modern Internet based applications
including web services and email, fully depend on the underlying DNS
infrastructure.  The BIND software package, which implements the DNS
protocol suite, has long been available as Open Source software.  Its
wide distribution and reliability have made it the de facto standard for
DNS.

The requirements of DNS have changed over time as the Internet has grown.
The ISC is dedicated to the principle of making reference
implementations of core Internet protocols such as DNS and DHCP freely
available to everyone.  Knowing that continuing to patch BIND versions 4
and 8 would not meet coming requirements, the ISC selected Nominum to
write BIND 9.  "With the requirement of DNSSEC (security) and IPv6, I
knew continuing to modify the old code base wasn't going to cut it; BIND
needed to be completely re-written.  BIND 9, a collaborative effort by
ISC and Nominum, was the result of that decision.  Their (Nominum's)
staff are among the most knowledgeable DNS experts in the world." say
Paul Vixie, Chairman of the Board for ISC.

"BIND 9 is an entirely new code base written from scratch with security
as a basic premise.   Version 9 is not susceptible to the same issues
found in earlier versions of the BIND DNS software, says David Conrad,
CTO of Nominum.  "We strongly encourage all users of BIND to upgrade to
BIND version 9 or later," he states.   BIND 9 has been available from the
ISC website since October 9th of last year.  BIND 9.1 was released on
January 17, 2001.

The software is freely available from the ISC website,
http://www.isc.org/products/BIND/.  Nominum offers a full suite of
professional services to systems and network administrators in completing
the transition from older versions of BIND to version 9, or with
installing most recent releases to the older versions, 4.9.8 or 8.2.3.
Additional information about the vulnerability can be found at
www.nominum.com/resources/alerts/security-faq.html.

About Nominum

Nominum, Inc. is the world's leading provider of Internet naming and
address management solutions that provide the Domain Name Service (DNS)
necessary for virtually all internetworking software. Nominum supports
and has written the latest version of the Berkeley Internet Name Domain
(BIND) package, the most commonly used domain name server on the
Internet, as well as ISC's Dynamic Host Configuration Protocol (DHCP),
the most widely used Open Source package for the automated assignment of
IP addresses. BIND and DHCP are freely available as Open Source via the
Internet Software Consortium's website: http://www.isc.org/. Nominum
offers enterprise customers, e-commerce businesses, Internet Service
Providers and telecommunications companies' infrastructure assistance
with their most demanding name and IP address management requirements via
training, technical support, consulting and outsourcing solutions.  For
more information about Nominum, please visit their web site at
www.nominum.com.

Contacts:

Nominum, Inc.                                           
Laura Hendriksen                                                
(650) 381-6018                                          
Laura.Hendriksen@nominum.com  

ConnectedBrands
Susan Luinetti
susanl@connectedbrands.com
650-306-1558