Name Server Operations Guide for BIND Release 4.9.5 : Security : Denial of Service: TTL Inconsistency Attacks
Previous: Denial of Service: Hash Bug Exploit
Next: Types of Zones

3.4. Denial of Service: TTL Inconsistency Attacks

If you are still using multiple TTL values within a RRset you can be subject to a denial of service attack. BIND 4.9.5 onwards uses multiple ttl values within a RRset to reject obviously bad RRset.

It is recommend that you upgrade to BIND 4.9.5 or later as these server prevent you loading multiple TTL values and doesn't merge answers received across the network.


Name Server Operations Guide for BIND Release 4.9.5 : Security : Denial of Service: TTL Inconsistency Attacks
Previous: Denial of Service: Hash Bug Exploit
Next: Types of Zones