[Pdns-users] PowerDNS Recursor 3.1.6 released - contains a small security fix

bert hubert bert.hubert at netherlabs.nl
Sat May 3 10:11:17 UTC 2008


Released on the 1st of May 2008 - contains a small security fix.

Generic GPL sources:
http://downloads.powerdns.com/releases/pdns-recursor-3.1.6.tar.bz2

32-bit Linux:
http://downloads.powerdns.com/releases/deb/pdns-recursor_3.1.6-1_i386.deb 
http://downloads.powerdns.com/releases/rpm/pdns-recursor-3.1.6-1.i386.rpm

64-bit Linux:
http://downloads.powerdns.com/releases/rpm/pdns-recursor-3.1.6-1.x86_64.rpm
http://downloads.powerdns.com/releases/rpm/pdns-recursor-3.1.6-1.x86_64.rpm

Release notes with clickable links:
http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-1-6

This version fixes two important problems, each on its own important
enough to justify a quick upgrade.

  * The new high-quality random generator was not used for all random
    numbers, especially in source port selection. This means that 3.1.5 is
    still a lot more secure than 3.1.4 was, and its algorithms more secure
    than most other nameservers, but it also means 3.1.5 is not as secure
    as it could be. A quick upgrade is recommended. Discovered by Thomas
    Biege of Novell (SUSE), fixed in commit 1179.

  * Version 3.1.5 had problems resolving several slightly misconfigured
    domains, including for a time 'juniper.net'. Nameserver timeouts were
    not being processed correctly, leading PowerDNS to not update the
    internal clock, which in turn meant that any queries immediately
    following an error would time out as well. Because of retries, this
    would usually not be a problem except on very busy servers, for
    domains with different nameservers at different levels of the
    DNS-hierarchy, like 'juniper.net'.

    This issue was fixed rapidly because of the help of XS4ALL (Eric
    Veldhuyzen, Kai Storbeck), Brad Dameron and Kees Monshouwer. Fix in
    commit 1178.

-- 
http://www.PowerDNS.com      Open source, database driven DNS Software 
http://netherlabs.nl              Open and Closed source services


More information about the Pdns-users mailing list