An error in TSIG authentication has been found in Bind <= 9.11.1-P1, allowing a remote attacker to bypass authentication in order to perform unauthorized zone transfers or forge NOTIFY packets. The attacker needs to have knowledge of the key name, and should be allowed by the other ACL restrictions if any.
An error in TSIG authentication has been found in Bind <= 9.11.1-P1, allowing a remote attacker to bypass authentication in order to perform unauthorized zone transfers or forge NOTIFY packets. The attacker needs to have knowledge of the key name, and should be allowed by the other ACL restrictions if any.
https://kb.isc.org/article/AA-01504/74/CVE-2017-3142%3A-An-error-in-TSIG-authentication-can-permit-unauthorized-zone-transfers.html