[原文]named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on an authoritative record that is not cached, aka the "zxfr bug."
BIND is the Berkeley Internet Name Daemon, a free Name Resolution software package maintained by the Internet Software Consortium. A Denial of Service exists in current implementations.
The problem occurs in the Compressed Zone Transfer (ZXFR) functionality of BIND. A default installation of BIND does not support the transfer of compressed zone files. However, daemon that allows zone transfers and recursive queries will crash if queried for a compressed zone transfer that is not in the nameserver cache. This could result in a name resolution Denial of Service for all users and systems depending upon nameservers using the affected software.
named-xfer -z zone.pippo.com -d 9 -f pics -Z dns.pippo.com
ISC BIND Compressed ZXFR Name Service Query Remote DoS
Remote / Network Access
Denial of Service
Loss of Availability
This host is running an old version of the BIND name server software. BIND versions between 8.2.2p1 and 8.2.2p6 are vulnerable to a denial of service attack in the zone transfer request parsing code. An attacker can exploit this to remotely disable the DNS service on this machine.
Ugrade to that latest version of BIND available from http://www.isc.org.