DNS: RRSIG Query
This signature detects DNS RRSIG queries. RRSIG queries are used by the DNS-SEC specification to securely confirm valid DNS records. Recent security vulnerabilities in ISC BIND's implementation of DNS-SEC are leveraged by RRSIG queries, which are site-configuration-specific. A generic detection signature, other than detecting all RRSIG queries, is not possible. RRSIG queries are not inherently malicious.
Extended Description
ISC BIND is prone to multiple remote denial-of-service vulnerabilities under certain response policy zone (RPZ) configurations. An attacker can exploit these issues to cause the application process to crash, denying service to legitimate users.
Affected Products
Suse suse_linux_enterprise_server
Short Name
DNS:RRSIG-QUERY
Severity
Minor
Recommended
False
Recommended Action
None
Category
DNS
Keywords
CVE-2011-2464 CVE-2011-2465 Query RRSIG bid:48565 bid:48566
Release Date
07/18/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Isc
Red_hat
Suse
CVSS Score
2.6
5.0