Revisions of pdns-recursor
- no longer supports 32-bit arches -- requiers 64-bit time_t - specfile cleanup - drop initrd cases - build-require gcc7 on SLE-12 variant
- update to 4.4.3: Improvements Use a short-lived NSEC3 hashes cache for denial validation. References: #9856, pull request 10221 Bug Fixes More fail-safe handling of Newly Discovered Domain files. Handle policy (if needed) after postresolve. Return current rcode instead of 0 if there are no CNAME records to follow. Lookup DS entries before CNAME entries. Handle failure to start the web server more gracefully. Test that we correctly cap the answer’s TTL in expanded wildcard cases. Fix the gathering of denial proof for wildcard-expanded answers. Make sure we take the right minimum for the packet cache TTL data in the SERVFAIL case. For details see, https://doc.powerdns.com/recursor/changelog/4.4.html#change-4.4.3
- update to 4.4.2: Improvements * UUID: Use the non-cryptographic variant of the boost::uuid. * Keep a cached, valid entry over a fresher Bogus one. * Ensure socket-dir matches runtime directory on old systemd * Move to several distinct Bogus states, for easier debugging. * Do not chase CNAME during qname minimization step 4. Bug Fixes * Untangle the validation/resolving qnames and qtypes. * APL records: fix endianness problem. For details see, https://doc.powerdns.com/recursor/changelog/4.4.html#change-4.4.2
- update to 4.4.1 * Allow specifying a name in getMetric() that is used for Prometheus * Avoids a CNAME loop detection issue with DNS64 * No longer sends overly long NOD lookups. * If a.b.c CNAME x.a.b.c is encountered, switch off QName Minimization. * Fix the processing of answers generated from gettag.
Automatic submission by obs-autosubmit
- update to 4.3.5: * fixes cache pollution related to DNSSEC validation. (CVE-2020-25829, bsc#1177383) * now raise an exception on invalid content in unknown records * fixes the parsing of dont-throttle-netmasks in the presence of dont-throttle-names - 9070.patch: refreshed, looks like only partially upstreamed
- 9070.patch: backport compilation fix vs. latest Boost 1.74 based on https://github.com/PowerDNS/pdns/pull/9070 - update to 4.3.4 * fixes an issue where certain CNAMEs could lead to resolver failure * fixes an issue with the hostname reported in Carbon messages * allows for multiple recursor services to run under systemd - use HTTPS scheme for all URLs
- update to 4.3.2 * Fixes a access restriction bypass vulnerability where ACL applied to the internal web server via webserver-allow-from is not properly enforced, allowing a remote attacker to send HTTP queries to the internal web server, bypassing the restriction. (CVE-2020-14196, bsc#1173302) * improves CNAME loop detection * Fix the handling of DS queries for the root * Fix RPZ removals when an update has several deltas
- update to 4.3.1 * fixes an issue where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated (CVE-2020-12244, bsc#1171553) * fixes an issue where invalid hostname on the server can result in disclosure of invalid memory (CVE-2020-10030, bsc#1171553) * fixes an issue in the DNS protocol has been found that allows malicious parties to use recursive DNS services to attack third party authoritative name servers (CVE-2020-10995, bsc#1171553)
- update to 4.3.0: * A relaxed form of QName Minimization as described in rfc7816bis-01. This feature is enabled by default * Dnstap support for outgoing queries to authoritative servers and the corresponding replies. * The recursor now processes a number of requests incoming over a TCP connection simultaneously and will return results (potentially) out-of-order. * Newly Observed Domain (NOD) functionality * For details see https://blog.powerdns.com/2020/03/03/powerdns-recursor-4-3-0-released/
- update to 4.2.1: * Add deviceName field to protobuf messages * Purge map of failed auths periodically by keeping last changed timestamp. * Prime NS records of root-servers.net parent (.net) * Issue with “zz” abbreviation for IPv6 RPZ triggers * Basic validation of $GENERATE parameters * Fix inverse handler registration logic for SNMP
- update to 4.1.13: * Add the disable-real-memory-usage setting to skip expensive collection of detailed memory usage info * Fix DNSSEC validation of wildcards expanded onto themselves.
Displaying revisions 21 - 40 of 67