PowerDNS Recursor 3.1.6 released - contains a small security fix
bert.hubert at netherlabs.nl
Sat May 3 13:11:17 CEST 2008
Released on the 1st of May 2008 - contains a small security fix.
Generic GPL sources:
Release notes with clickable links:
This version fixes two important problems, each on its own important
enough to justify a quick upgrade.
* The new high-quality random generator was not used for all random
numbers, especially in source port selection. This means that 3.1.5 is
still a lot more secure than 3.1.4 was, and its algorithms more secure
than most other nameservers, but it also means 3.1.5 is not as secure
as it could be. A quick upgrade is recommended. Discovered by Thomas
Biege of Novell (SUSE), fixed in commit 1179.
* Version 3.1.5 had problems resolving several slightly misconfigured
domains, including for a time 'juniper.net'. Nameserver timeouts were
not being processed correctly, leading PowerDNS to not update the
internal clock, which in turn meant that any queries immediately
following an error would time out as well. Because of retries, this
would usually not be a problem except on very busy servers, for
domains with different nameservers at different levels of the
DNS-hierarchy, like 'juniper.net'.
This issue was fixed rapidly because of the help of XS4ALL (Eric
Veldhuyzen, Kai Storbeck), Brad Dameron and Kees Monshouwer. Fix in
http://www.PowerDNS.com Open source, database driven DNS Software
http://netherlabs.nl Open and Closed source services
More information about the Pdns-dev