Software update: PowerDNS Recursor 4.1.8




PowerDNS is a dns server with a database as a back-end, so that the management of a large number of dns-entries can take place in an easy way. The developers have previously decided to release the two parts that make up PowerDNS, a recursor and an authoritative nameserver , which means that a new version can be released faster and more focused, according to the developers.

If you run a dns look-up, a recursor initially starts asking the look-up question to a dns root server. This can then refer to other servers, from where it can be redirected to other servers and so on, until finally a server is reached that knows the answer or knows that the look-up is not possible. This can be the case if the name does not exist or the servers do not respond. The process of walking past several authoritative servers is called recursion. The developers have released PowerDNS Recursor 4.1.8. The changes in this issue are as follows:

PowerDNS Recursor 4.1.8 Released

We’ve released PowerDNS Recursor 4.1.8. This release fixes Security Advisory 2018-09 that we recently discovered, affecting PowerDNS Recursor from 4.1.0 up to and including 4.1.7. PowerDNS Recursor 4.0.x and below are not affected.

The issue is that a remote attacker can trigger an out-of-bounds memory read through a crafted query, while computing the hash of the query for a packet cache lookup, possibly leading to a crash. When the PowerDNS Recursor is run inside a supervisor like supervisord or systemd, a crash will lead to an automatic restart, limiting the impact to a somewhat degraded service.

A minimal patch is available at

The changelog:
# 7221: Crafted query can cause a denial of service (CVE-2018-16855)
The tarball (signature) is available at and packages for CentOS 6 and 7, Debian Jessie and Stretch, Ubuntu Bionic and Trusty and Xenial are available from

Please send us all feedback and issues you may have via the mailing list, or in case of a bug, via GitHub.
Version number 4.1.8
Release status Final
Operating systems Linux, BSD, macOS, Solaris, UNIX
License type GPL


In: A Technology & Gadgets Asked By: [23225 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »