Download Powerdns Authoritative Server 2.9.21.1

Powerdns is a dns server with a database as backend, which makes it easy to manage a large number of dns entries. The developers decided in April 2006 to release the two parts that make up Powerdns, a recursor and an authoritative nameserver, separately. This allows for faster release of a new version, according to the developers. Version 2.9.21.1 of Powerdns Authoritative Server was recently released with the following announcement:

Security update: PowerDNS Authoritative Server 2.9.21.1 released

This release consists of a single patch to PowerDNS Authoritative Server version 2.9.21. Brian J. Dowling of Simplicity Communications has discovered a security implication of the previous PowerDNS behavior to drop queries it considers malformed. We are grateful that Brian notified us quickly about this problem.

This issue has been assigned CVE-2008-3337. The single patch is in commit 1239. More details can be found here.

The implication is that while the PowerDNS Authoritative server itself does not face a security risk because of dropping these malformed queries, other resolving nameservers run a higher risk of accepting spoofed answers for domains being hosted by PowerDNS Authoritative Servers before 2.9.21.1.

While the dropping of queries does not aid sophisticated spoofing attempts, it does facilitate simpler attacks.

It may be good to know that several large sites already run with this patch applied, as it has been in the public codebase for some weeks already.