BIND 9.2.1 patch, multiple RR's for singleton types.

[Tim Gladding <tim () gladding com>]

With the release of the libbind buffer overflow a number of people have
suggested loading a copy of BIND locally and pointing your local resolver
at just that name server, providing a sanity check of all incoming DNS
traffic.  For the most part this will work, however, for it to work
effectively you must be using BIND 9.x because BIND 8.x does not
reconstruct all responses before forwarding them on.

For more information on the libbind buffer overflow bug please see:
http://www.cert.org/advisories/CA-2002-19.html

However, your situation may preclude you from running BIND 9 either locally
or at the site level.  One such situation would be that you are already
running BIND 8 and you have zones loaded that will not load in to BIND 9
because they have multiple resource records assigned to one singleton data
type.  For example, an A record pointing to a list of CNAMES:

        fuzzy   IN      CNAME   www.snuggie.com.
                IN      CNAME   www.r-9.net.

Normally BIND 9 would reject this as part of a zone.

To overcome this particular problem I have produced the attached patch(1)
to BIND 9.2.1 which, when applied, will again allow you to use multiple
CNAMEs etc. on one RR.  This patch is the equivalent of the 'multiple-cnames
yes;' option in bind 8.x.

WARNING!!  Although I am running this patch in a production environment
I cannot guarantee that this patch will work for you.  Please be sure to
double check the functionality of this patch before employing it in any
environment!!

-- 
Tim Gladding

Attachment: rdataslab.c.patch
Description: