We’re happy to announce the release of the PowerDNS Authoritative Server 4.0.1. The first bugfix release for the 4.0 series.
This release fixes several small issues and adds a setting to limit AXFR and IXFR sizes, in response to CVE-2016-6172.
Bug fixes
- #4126 Wait for the connection to the carbon server to be established
- #4206 Don’t try to deallocate empty PG statements
- #4245 Send the correct response when queried for an NSEC directly (Kees Monshouwer)
- #4252 Don’t include bind files if length <= 2 or > sizeof(filename)
- #4255 Catch runtime_error when parsing a broken MNAME
Improvements
- #4044 Make DNSPacket return a ComboAddredd for local and remote (Aki Tuomi)
- #4056 OpenSSL 1.1.0 support (Christian Hofstaedtler)
- #4169 Fix typos in a logmessage and exception (Christian Hofsteadtler)
- #4183 pdnsutil: Remove checking of ctime and always diff the changes (Hannu Ylitalo)
- #4192 dnsreplay: Only add Client Subnet stamp when asked
- #4250 Use toLogString() for ringAccount (Kees Monshouwer)
Additions
- #4133 Add limits to the size of received {A,I}XFR
- #4142 Add used filedescriptor statistic (Kees Monshouwer)
The sources are on the downloads site(sig). Packages for several distributions are available from our repositories.