PowerDNS Authoritative Server 4.0.2 released!

Jan 13, 2017

We are pleased to announce the release of the PowerDNS Authoritative Server 4.0.2. This release fixes several security issues reported to us in the last few months, as well as a memory leak in the Postgresql backend.

The following security issues were fixed:

  • 2016-02: Crafted queries can cause abnormal CPU usage
  • 2016-03: Denial of service via the web server
  • 2016-04: Insufficient validation of TSIG signatures
  • 2016-05: Crafted zone record can cause a denial of service

For those who cannot update, minimal patches are available (2016-02, 2016-03, 2016-04, 2016-05).

The full changelog is available, highlights include:

  • Don’t parse spurious RRs in queries when we don’t need them (Security Advisory 2016-02)
  • Don’t exit if the webserver can’t accept a connection (Security Advisory 2016-03)
  • Check TSIG signature on IXFR (Security Advisory 2016-04)
  • Correctly check unknown record content size (Security Advisory 2016-05)
  • ODBC backend: actually prepare statements
  • Improve root-zone performance
  • Plug memory leak in postgresql backend (Christian Hofstaedtler)
  • calidns: Don’t crash if we don’t have enough ‘unknown’ queries remaining
  • Improve PacketCache cleaning (Kees Monshouwer)
  • Bind backend: update status message on reload, keep the existing zone on failure
  • Fix TSIG for single thread distributor (Kees Monshouwer)
  • Change default for any-to-tcp to yes (Kees Monshouwer)
  • Don’t look up the packet cache for TSIG-enabled queries
  • Fix build with OpenSSL 1.1.0 final (Christian Hofstaedtler)
  • pdnsutil: create-slave-zone accept multiple masters (Hannu Ylitalo)

We highly recommend all users to update to the latest version.

Source tarball(signature) is available and packages for Debian Stable, Ubuntu Trusty, Xenial and Wily and CentOS 6 and 7 are available form our repositories.

About the author

Pieter Lexis

Pieter Lexis

Senior Developer at PowerDNS

Related Articles

PowerDNS Recursor 5.1.0-alpha1 Released

We are proud to announce the first alpha release of PowerDNS Recursor 5.1.0!

Otto Moerbeek May 15, 2024

PowerDNS Recursor 4.8.9, 4.9.6 and 5.0.5 Released

Today we have released PowerDNS Recursor 4.8.9, 4.9.6 and 5.0.5. These releases are maintenance releases that fix a few...

Otto Moerbeek May 14, 2024

PowerDNS Recursor Security Advisory 2024-02

Today we have released PowerDNS Recursor 4.8.8, 4.9.5 and 5.0.4. These releases fix PowerDNS Security Advisory 2024-02: if...

Otto Moerbeek Apr 24, 2024

PowerDNS Authoritative Server 4.9.0

This is release 4.9.0 of the Authoritative Server. It brings a few new features, and a collection of small improvements and...

Peter van Dijk Mar 15, 2024