How to Report or Inquire About Security Issues
If you suspect you have found a security defect in BIND, DHCP, or Kea, or if you wish to inquire about a security issue that you have learned about which has not yet been publicly announced, ISC encourages you to get in touch with our Security Officer by following the process described at https://www.isc.org/reportbug/.
Alternatively, you can email us at email@example.com. However, plain-text e-mail is not a secure choice for communications concerning undisclosed security issues so we ask that you please encrypt your communications to us using the ISC Security Officer public key which can be found on our website at: https://www.isc.org/pgpkey/.
Learn more about our Security Vulnerability Disclosure Policy here: ISC Software Defect and Security Vulnerability Disclosure Policy.
Defects that span multiple DNS implementations
If you believe you have found a security vulnerability that applies to DNS implementations generally, and you want to report this responsibly to a number of implementers, you might consider using the Open Source DNS Vulnerability mailing list, managed by DNS-OARC.