PowerDNS upstream released new pdns versions - 2.9.21.1 - fixing a security issue reported by Brian Dowling of Simplicity Communications and Florian Weimer of Debian Security Team: PowerDNS does not respond to certain queries it considers malformed. This in itself is not a problem, and was even thought of as a security measure. Brian and Florian have discovered that not answering a query for an invalid DNS record within a valid domain allows for a larger spoofing window of the valid domain. Because of the Kaminsky-discovery, this has become bad. For a sophisticated attacker, this provides no benefit. However, such a long window allows unsophisticated hackers to achieve better results. Upstream patch: http://wiki.powerdns.com/cgi-bin/trac.fcgi/changeset/1239
Keeping this private for a little longer, until embargo date/time chosen by upstream, even though it's more or less blown up now.
I've just build the updates for FC-8, FC-9 and devel. They've been requested in Bodhi to be pushed to stable.
pdns-2.9.21.1-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
pdns-2.9.21.1-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F8/FEDORA-2008-7083 https://admin.fedoraproject.org/updates/F9/FEDORA-2008-7048