Hi Everyone, I'm hoping I can get some insight about the vulnerability mentioned above. We had been running BIND 9.20.4 in our infrastructure, and upgraded to 9.20.6 just recently. CVE-2024-12705 does not apply to our setup, yet we have a suspicion that we were impacted by CVE-2024-11187, but cannot confirm it.
The symptoms we experienced were a sudden increase in CPU utilization that stayed high, which I mean way higher than usual, but BIND didn't stop working. We couldn't find anything unusual in our logs. We have 'minimal-responses' set to 'yes' in the BIND config. My questions are: - Would the 'minimal-responses' setting prevent CVE-2024-11187 being exploited, or is it mitigation only? - Would there be any log messages that indicate the exploitation, any keywords I should be looking for? - Could something else have caused such symptoms, other than the vulnerability? Our DNS servers are open to the internet. Many thanks in advance. Any help is much appreciated. Kind Regards, Laszlo
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
