[Pdns-dev] PowerDNS Recursor 4.1.7 Released

Pieter Lexis pieter.lexis at powerdns.com
Fri Nov 9 14:02:36 UTC 2018

Hi all,

Today we have released the PowerDNS Recursor 4.1.7. It is an update to
relax EDNS compliance requirements from upstream authoritative servers.

Recursor version 4.1.5 (and, by extension, 4.1.6), contains a fix for
Security Advisory 2018-07[1]. One part of that fix is a stricter
fallback to non-EDNS queries when EDNS queries fail. It turns out that
there are several authoritative servers on the Internet that have such
bad EDNS handling, that the domains hosted on them stop resolving with
4.1.5. The 4.1.7 release has relaxed the EDNS compliance requirement and
includes an alternative fix for 2018-07.

Since reports of this started coming in yesterday, some domains have
been fixed by their owners, but a long tail of broken zones remains for now.

We have decided to release this increase in strictness in the PowerDNS
Recursor 4.2.0, so that domain owners can work on their server's
compliance. We urge operators of authoritative servers to check their
domains and servers with the EDNS compliance tool[2] and act upon its
results. Increased EDNS compliance strictness will be added to many DNS
resolvers coming next February[3].

The changelog is as follows:

* #7172: Revert 'Keep the EDNS status of a server on FormErr with EDNS'
* #7174: Refuse queries for all meta-types

As always, the tarball[4](sig[5]) can be found on the downloads website
and packages for CentOS 6 and 7, Ubuntu Trusty, Xenial and Bionic and
Debian Jessie and Stretch can be found on repo.powerdns.com[6].

Best regards,

Pieter and the rest of the PowerDNS team

1 -
2 - https://ednscomp.isc.org/ednscomp
3 - https://dnsflagday.net/
4 - https://downloads.powerdns.com/releases/pdns-recursor-4.1.7.tar.bz2
5 - https://downloads.powerdns.com/releases/pdns-recursor-4.1.7.tar.bz2.sig
6 - https://repo.powerdns.com/
Pieter Lexis
PowerDNS.COM BV -- https://www.powerdns.com

More information about the Pdns-dev mailing list