It was found [1] that in default configuration PowerDNS is allowed to consume more file descriptors than is available for a default Linux installation. This can potentially lead to the DoS attack. Patch is available at [2] External references: [1]: http://blog.powerdns.com/2014/02/06/related-to-recent-dos-attacks-recursor-configuration-file-guidance/ [2]: https://github.com/Habbie/pdns/commit/e24b124a4c7b49f38ff8bcf6926cd69077d16ad8
Hi, 1) It doesn't affect pdns. Only pdns-recursor is affected. 2) pdns-recursor for Fedora and Fedora-EPEL has already this patch. Please check: https://bugzilla.redhat.com/show_bug.cgi?id=1063304 http://pkgs.fedoraproject.org/cgit/pdns-recursor.git/commit/?id=28d9076a3f68177a3910dc9bdf27700e19dafc1e https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0524/pdns-recursor-3.5.3-2.el6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0511/pdns-recursor-3.5.3-2.el5 https://admin.fedoraproject.org/updates/FEDORA-2014-2318/pdns-recursor-3.5.3-2.fc20 https://admin.fedoraproject.org/updates/FEDORA-2014-2246/pdns-recursor-3.5.3-2.fc19
As upstream developer, I confirm that this bug is only present in the Recursor ('pdns-recursor'), not in the Authoritative server ('pdns').
Thanks for this, Peter, and the links to the fixed packages.