Bug #6420: bind: A problem handling responses containing a DNAME answer can lead to an assertion failure (CVE-2016-8864)
[3.1] bind: A problem handling responses containing a DNAME answer can lead to an assertion failure (CVE-2016-8864)
During processing of a recursive response that contains a DNAME record in the answer section,
BIND can stop execution after encountering an assertion error in resolver.c (error message: "INSIST != 0) failed")
or db.c (error message: "REQUIRE0) && *targetp == ((void *)0)) failed").
A server encountering either of these error conditions will stop, resulting in denial of service to clients.
The risk to authoritative servers is minimal; recursive servers are chiefly at risk.
9.0.x -> 9.8.x, 9.9.0 -> 9.9.9-P3, 9.9.3-S1 -> 9.9.9-S5, 9.10.0 -> 9.10.4-P3, 9.11.0
BIND 9 version 9.10.4-P4