Software Update: PowerDNS Recursor 4.1.9

Spread the love

PowerDNS is a dns server with a database as backend, which makes it easy to manage a large number of dns entries. The developers previously decided to release the two parts that make up PowerDNS, a recursor and an authoritative name server, to make a new version faster and more targeted, the developers said.

When you perform a dns lookup, a recursor initially starts asking the lookup query to a dns root server. This can then redirect to other servers, from where it can redirect to other servers and so on, until finally a server is reached that knows the answer or knows that the look-up is not possible. The latter can be the case if the name does not exist or the servers do not respond. The process of going through different authoritative servers is called recursion. The developers have released PowerDNS Recursor 4.1.9. The changes in this release are as follows:

PowerDNS Recursor 4.1.9 Released

We are very happy to announce the 4.1.9 release of the PowerDNS Recursor. This release is fixing two security issues, and addressing a shortcoming in the way incoming queries are distributed to threads under heavy load.

  • PowerDNS Security Advisory 2019-01 (CVE-2019-3806): Lua hooks are not called over TCP
  • PowerDNS Security Advisory 2019-02 (CVE-2019-3807): DNSSEC validation is not performed for AA=0 responses

These issues respectively affect PowerDNS Recursor from 4.1.4 and 4.1.0, up to and including 4.1.8. PowerDNS Recursor 4.0.x and below are not affected.

Minimal patches are available at and patches/2019-02/.

The change log:

  • #7397: Load the Lua script in the distributor thread, check signature for AA=0 answers (CVE-2019-3806, CVE-2019-3807)
  • #7377: Try another worker before failing if the first pipe was full

The tarball (signature) is available at downloads.powerdns.com and packages for CentOS 6 and 7, Debian Jessie and Stretch, Ubuntu Bionic, Trusty and Xenial are available from repo.powerdns.com.

Please send us all feedback and issues you might have via the mailing list, or in case of a bug, via GitHub.

Version number 4.1.9
Release status Final
Operating systems Linux, BSD, macOS, Solaris, UNIX
Website PowerDNS
Download
License type Conditions (GNU/BSD/etc.)
You might also like