[Pdns-users] PowerDNS Recursor 4.1.7 Released

Steven Spencer steven.spencer at kdsi.com
Fri Nov 9 18:24:04 UTC 2018

I'm running just slightly behind on both the PowerDNS Recursor and
Authoritative servers (4.1.3-1). Out of curiosity, I ran the EDNS
compliance test, and everything comes back green except for edns512tcp.
Do I need to upgrade versions to get this compliance or am I missing a
setting somewhere?

Steven G. Spencer

On 11/9/18 8:02 AM, Pieter Lexis wrote:
> Hi all,
> Today we have released the PowerDNS Recursor 4.1.7. It is an update to
> relax EDNS compliance requirements from upstream authoritative servers.
> Recursor version 4.1.5 (and, by extension, 4.1.6), contains a fix for
> Security Advisory 2018-07[1]. One part of that fix is a stricter
> fallback to non-EDNS queries when EDNS queries fail. It turns out that
> there are several authoritative servers on the Internet that have such
> bad EDNS handling, that the domains hosted on them stop resolving with
> 4.1.5. The 4.1.7 release has relaxed the EDNS compliance requirement and
> includes an alternative fix for 2018-07.
> Since reports of this started coming in yesterday, some domains have
> been fixed by their owners, but a long tail of broken zones remains for now.
> We have decided to release this increase in strictness in the PowerDNS
> Recursor 4.2.0, so that domain owners can work on their server's
> compliance. We urge operators of authoritative servers to check their
> domains and servers with the EDNS compliance tool[2] and act upon its
> results. Increased EDNS compliance strictness will be added to many DNS
> resolvers coming next February[3].
> The changelog is as follows:
> * #7172: Revert 'Keep the EDNS status of a server on FormErr with EDNS'
> * #7174: Refuse queries for all meta-types
> As always, the tarball[4](sig[5]) can be found on the downloads website
> and packages for CentOS 6 and 7, Ubuntu Trusty, Xenial and Bionic and
> Debian Jessie and Stretch can be found on repo.powerdns.com[6].
> Best regards,
> Pieter and the rest of the PowerDNS team
> 1 -
> https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-07.html
> 2 - https://ednscomp.isc.org/ednscomp
> 3 - https://dnsflagday.net/
> 4 - https://downloads.powerdns.com/releases/pdns-recursor-4.1.7.tar.bz2
> 5 - https://downloads.powerdns.com/releases/pdns-recursor-4.1.7.tar.bz2.sig
> 6 - https://repo.powerdns.com/

Steven G. Spencer, Network Administrator
KSC Corporate - The Kelly Supply Family of Companies
Office 308-382-8764 Ext. 1131
Mobile 402-765-8010 

More information about the Pdns-users mailing list