Software Update: PowerDNS Recursor 4.4.3

Spread the love

PowerDNS is a dns server with a database as backend, which makes it easy to manage a large number of dns entries. The developers have previously decided to release the two parts that make up PowerDNS, a recursor and an authoritative name server, to allow for a faster and more targeted release of a new version, the developers said.

When you perform a dns lookup, a recursor initially starts asking the lookup query to a dns root server. This can then redirect to other servers, from where it can redirect to other servers and so on, until finally a server is reached that knows the answer or knows that the look-up is not possible. The latter can occur if the name does not exist or the servers do not respond. The process of going through different authoritative servers is called recursion. The developers have released PowerDNS Recursor 4.4.3. The announcement of this release looks like this:

PowerDNS Recursor 4.4.3 Released

Today we are releasing PowerDNS Recursor 4.4.3.

This release fixes a bug where corrupted Newly Discovered Domain files could crash the recursor on startup and a bug where the wrong TTL could be used when inserting records into the packet cache. Additionally, a few minor DNSSEC related issues were fixed.

As usual, there were also other smaller enhancements and bug fixes. Please refer to the 4.4.3 changelog for details.

The 4.4.3 tarball (signature) is available at and packages for several distributions are available from

4.1 and older releases are EOL, refer to the documentation for details about our release cycles.

Please send us all feedback and issues you might have via the mailing list, or in case of a bug, via GitHub.

-Otto and the PowerDNS Team


  • Use a short-lived NSEC3 hashes cache for denial validation.

Bug Fixes

  • More fail-safe handling of Newly Discovered Domain files.
  • Handle policy (if needed) after post-resolve.
  • Return current rcode instead of 0 if there are no CNAME records to follow.
  • Lookup DS entries before CNAME entries.
  • Handle failure to start the web server more gracefully.
  • Test that we correctly cap the answer’s TTL in expanded wildcard cases.
  • Fix the gathering of denial proof for wildcard-expanded answers.
  • Make sure we take the right minimum for the packet cache TTL data in the SERVFAIL case.


  • Pull in libfstrm for el8 build.

Version number 4.4.3
Release status Final
Operating systems Linux, BSD, macOS, Solaris, UNIX
Website PowerDNS
License type Conditions (GNU/BSD/etc.)
You might also like