- Solution: Upgrade to any of the non-affected versions
- Workaround: Run your Recursor under a supervisor. Exposure can be
limited by configuring the
- ```allow-from`` <../recursor/settings.md#allow-from>`__ setting so
+ |allow-from|_ setting so
only trusted users can query your nameserver. There is no workaround
for the Authoritative server.
+.. |allow-from| replace:: ``allow-from``
+.. _allow-from: :ref:`setting-allow-from`
+
A bug was discovered in our label decompression code, making it possible
for names to refer to themselves, thus causing a loop during
decompression. On some platforms, this bug can be abused to cause
- Risk of system compromise: No
- Solution: Upgrade to PowerDNS Recursor 3.6.1
- Workaround: Restrict service using
- ```allow-from`` <../recursor/settings.md#allow-from>`__, install
+ |allow-from|_, install
script that restarts PowerDNS
+.. |allow-from| replace:: ``allow-from``
+.. _allow-from: :ref:`setting-allow-from`
+
Recently, we've discovered that PowerDNS Recursor 3.6.0 (but NOT
earlier) can crash when exposed to a specific sequence of malformed
packets. This sequence happened spontaneously with one of our largest
projects / thirdparty / pdns.git / commitdiff
