PowerDNS Recursor 4.1.7 Released

Nov 9, 2018

Today we have released the PowerDNS Recursor 4.1.7. It is an update to relax EDNS compliance requirements from upstream authoritative servers.

Recursor version 4.1.5 (and, by extension, 4.1.6), contains a fix for Security Advisory 2018-07. One part of that fix is a stricter fallback to non-EDNS queries when EDNS queries fail. It turns out that there are several authoritative servers on the Internet that have such bad EDNS handling, that the domains hosted on them stop resolving with 4.1.5. The 4.1.7 release has relaxed the EDNS compliance requirement and includes an alternative fix for 2018-07.

Since reports of this started coming in yesterday, some domains have been fixed by their owners, but a long tail of broken zones remains for now.

We have decided to release this increase in strictness in the PowerDNS Recursor 4.2.0, so that domain owners can work on their server’s compliance. We urge operators of authoritative servers to check their domains and servers with the EDNS compliance tool and act upon its results. Increased EDNS compliance strictness will be added to many DNS resolvers coming next February.

The changelog is as follows:

  • #7172: Revert ‘Keep the EDNS status of a server on FormErr with EDNS’
  • #7174: Refuse queries for all meta-types

As always, the tarball(sig) can be found on the downloads website and packages for CentOS 6 and 7, Ubuntu Trusty, Xenial and Bionic and Debian Jessie and Stretch can be found on repo.powerdns.com.

About the author

Pieter Lexis

Pieter Lexis

Senior Developer at PowerDNS

Categories

Related Articles

PowerDNS Recursor 5.1.0-alpha1 Released

We are proud to announce the first alpha release of PowerDNS Recursor 5.1.0!

Otto Moerbeek May 15, 2024

PowerDNS Recursor 4.8.9, 4.9.6 and 5.0.5 Released

Today we have released PowerDNS Recursor 4.8.9, 4.9.6 and 5.0.5. These releases are maintenance releases that fix a few...

Otto Moerbeek May 14, 2024

PowerDNS Recursor Security Advisory 2024-02

Today we have released PowerDNS Recursor 4.8.8, 4.9.5 and 5.0.4. These releases fix PowerDNS Security Advisory 2024-02: if...

Otto Moerbeek Apr 24, 2024

PowerDNS Authoritative Server 4.9.0

This is release 4.9.0 of the Authoritative Server. It brings a few new features, and a collection of small improvements and...

Peter van Dijk Mar 15, 2024