Download PowerDNS Recursor 4.1.8

PowerDNS is a dns server with a database as backend, which makes it easy to manage a large number of dns entries. The developers have previously decided to release the two parts that make up PowerDNS, a recursor and an authoritative name server, to allow faster and more targeted release of a new version, the developers said.

When you perform a dns lookup, a recursor initially starts by asking the lookup query to a dns root server. This can then redirect to other servers, from where it can redirect to other servers and so on, until finally a server is reached that knows the answer or knows that the look-up is not possible. The latter can be the case if the name does not exist or the servers do not respond. The process of going through different authoritative servers is called recursion. The developers have released PowerDNS Recursor 4.1.8. The changes in this release are as follows:

PowerDNS Recursor 4.1.8 Released

We’ve released PowerDNS Recursor 4.1.8. This release fixes Security Advisory 2018-09 that we recently discovered, affecting PowerDNS Recursor from 4.1.0 up to and including 4.1.7. PowerDNS Recursor 4.0.x and below are not affected.

The issue is that a remote attacker can trigger an out-of-bounds memory read via a crafted query, while computing the hash of the query for a packet cache lookup, possibly leading to a crash. When the PowerDNS Recursor is run inside a supervisor like supervisord or systemd, a crash will lead to an automatic restart, limiting the impact to a somewhat degraded service.

A minimal patch is available at patches/2018-09/.

The change log:

• #7221: Crafted query can cause a denial of service (CVE-2018-16855)

The tarball (signature) is available at downloads.powerdns.com and packages for CentOS 6 and 7, Debian Jessie and Stretch, Ubuntu Bionic, Trusty and Xenial are available from repo.powerdns.com.

Please send us all feedback and issues you might have via the mailing list, or in case of a bug, via GitHub.