[Pdns-announce] Ongoing DNS Denial of Service attacks & 3.6.0

bert hubert bert.hubert at netherlabs.nl
Fri May 30 10:06:04 UTC 2014

Hi everybody,

To add some context to the RC1 release, many large scale resolver operators
are currently seeing high levels of DNS-based denial of service attacks.

3.6.0 contains specific countermeaures for the current wave of attacks, and
comes with a more generic Lua feature to rapidly filter malicious traffic
[1]. Together these mean that the deployments that have upgraded already are
weathering the current wave of attacks with no problems at all.

3.6.0 is in full production in a number of large places. If you are
currently suffering degraded performance because of DoS in 3.5 or earlier
versions, your upgrade to RC1 will help you and your users tremendously.

We consider RC1 production grade and will quickly follow up with the actual
3.6.0. If you upgrade now and have issues, please be assured that we will
help you swiftly.

Good luck!


[1] As an example, see http://pastie.org/9238804 based on the new pdns.DROP

> Release Candidate 1 of the PowerDNS Recursor 3.6.0 is available from:
> source: http://powerdnssec.org/downloads/pdns-recursor-3.6.0-rc1.tar.bz2
> semistatic packages: http://powerdnssec.org/downloads/packages/
> RHEL5/6 native: https://www.monshouwer.eu/download/3rd_party/pdns-recursor/rc1/
> You are cordially invited to (carefully) test this Release Candidate for
> correct behaviour.
> Full release notes, with clickable links, are available from:
> http://doc.powerdns.com/html/changelog.html#changelog-recursor-3.6.0

More information about the Pdns-announce mailing list