Downloads

Software Update: PowerDNS Recursor 4.1.1

By admin
Spread the love

PowerDNS is a dns server with a database as backend, which makes it easy to manage a large number of dns entries. The developers have previously decided to release the two parts that make up PowerDNS, a recursor and an authoritative name server, to allow for a faster and more targeted release of a new version, the developers said.

When you perform a dns lookup, a recursor initially starts by asking the lookup query to a dns root server. This can then redirect to other servers, from where it can redirect to other servers and so on, until finally a server is reached that knows the answer or knows that the look-up is not possible. The latter can be the case if the name does not exist or the servers do not respond. The process of going through different authoritative servers is called recursion. The developers have released PowerDNS Recursor 4.1.1. The changes in this release are as follows:

Version 4.1.1

This is the second release in the 4.1 train. This release fixes PowerDNS Security Advisory 2018-01. The full release notes can be read on the blog.

This is a release on the stable branch, containing a fix for the abovementioned security issue and several bug fixes from the development branch.

Improvements

  • Don’t process records for another class than IN. We don’t use records of another class than IN, but we used to store some of them in the cache which is useless. Just skip them.

Bug Fixes

  • Correctly handle ancestor delegation NSEC{,3} for children. Fixes the DNSSEC validation issue found in Knot Resolver, where a NSEC{3} ancestor delegation is wrongly use to prove the non-existence of a RR below the delegation. We already had the correct check for the exact owner name, but not for RRs below the delegation. (Security Advisory 2018-01)
  • Fix the computation of the closest encloser for positive answers. When the positive answer is expanded from a wildcard with NSEC3, the closest encloser is not always parent of the qname, depending on the number of labels in the initial wildcard.
  • Pass the correct buffer size to arecvfrom(). The incorrect size could possibly cause DNSSEC failures.
  • Fix to make primeHints threadsafe, otherwise there’s a small chance on startup that the root-server IPs will be incorrect.
  • Don’t validate signature for “glue” CNAME, since anything else than the initial CNAME can’t be considered authoritative.

Version number 4.1.1
Release status Final
Operating systems Linux, BSD, macOS, Solaris, UNIX
Website PowerDNS
Download
File size

1.17MB
License type GPL
You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Logitech acquires stream controller maker Loupedeck

News

Anticheat FaceIT gets Linux version, enables Steam Deck support