PowerDNS DNSdist 1.7.5 and 1.8.2 released

Oct 11, 2023

Today we have released DNSdist 1.7.5 and 1.8.2, with absolutely no changes with, respectively, 1.7.4 and 1.8.1, apart from the fact that our own DNSdist packages have been rebuilt against our own fork of libh2o in order to mitigate CVE-2023-44487, also known as HTTP/2 rapid reset.

This attack exploits a vulnerability in most implementations of the HTTP/2 protocol, making it easier to cause a denial of service of HTTP/2 servers by sending them crafted queries. While the vulnerability does not come from DNSdist's code, all versions of DNSdist supporting DNS over HTTPS are impacted by this issue if incoming DNS over HTTPS is enabled, which is not the case by default.

As we warned earlier, libh2o is no longer supported as a stable library, and there will be no official release fixing this issue. For this reason we have forked the official h2o repository and backported the fix to the 2.2.x branch, making it available to the public. If you are not using our packages but are compiling DNSdist yourself, or relying on your distribution's packages, please ensure that you are using a patched version of libh2o in order to be protected.

In the very near future we will be releasing DNSdist 1.9.0 where DNS over HTTPS is provided by the nghttp2 library, so we do not have to rely on h2o any longer.

Please see the DNSdist website for the current documentation.

Please send us all feedback and issues you might have via the mailing list, or in case of a bug, via GitHub.

We are grateful to the PowerDNS community for the reporting of bugs, issues, feature requests, and especially to the submitters of fixes and implementations of features.

The tarballs (1.7.5, 1.8.2) and theirs signatures (1.7.5, 1.8.2) are available on the downloads website, and packages for several distributions are available from our repository.

Docker images have not been updated yet but will be soon.

 

About the author

Remi Gacogne

Remi Gacogne

Senior Developer at PowerDNS

Categories

Related Articles

PowerDNS Recursor 5.1.0-alpha1 Released

We are proud to announce the first alpha release of PowerDNS Recursor 5.1.0!

Otto Moerbeek May 15, 2024

PowerDNS Recursor 4.8.9, 4.9.6 and 5.0.5 Released

Today we have released PowerDNS Recursor 4.8.9, 4.9.6 and 5.0.5. These releases are maintenance releases that fix a few...

Otto Moerbeek May 14, 2024

PowerDNS DNSdist 1.9.4 released

We released PowerDNS DNSdist 1.9.4 today. This release fixes CVE-2024-25581, a denial of service security issue affecting...

Remi Gacogne May 13, 2024

PowerDNS Recursor Security Advisory 2024-02

Today we have released PowerDNS Recursor 4.8.8, 4.9.5 and 5.0.4. These releases fix PowerDNS Security Advisory 2024-02: if...

Otto Moerbeek Apr 24, 2024