A couple of weeks ago, a major bind (named) vulnerability was exposed. The denial-of-service vulnerability abused a flaw in the way TKEY DNS records were processed.
The TKEY vulnerability
A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet. (CVE-2015-5477)
Detecting CVE-2015-5477 in the wild
If you have bind nameservers running, you may see the following kind of logs appear in your syslog messages.
Aug 11 01:22:16 $server named[$pid]: message.c:2231: REQUIRE(*name == ((void *)0)) failed Aug 11 01:22:16 $server named[$pid]: exiting (due to assertion failure)
And as a result, your bind nameserver will be dead.
$ service named status named dead but subsys locked
Someone just sent a rogue TKEY packet to your server with the sole intent of crashing it.
Patching CVE-2015-5477
Patching is trivial, by now. This is the advantage of being late to the party, all major OS vendors have had their official packages updated.
On RHEL/CentOS:
$ yum update bind $ service bind restart
On Debian/Ubuntu:
$ apt-get install bind9 $ service bind9 restart
And you’re patched against CVE-2015-5477.