A vulnerability in DNSSEC implementation of PowerDNS was found. Processing of wildcard synthesized NSEC records may result in improper validation for non-existance in some implementations of DNSSEC. While synthesis of NSEC records is allowed by RFC4592, the synthesized owner names should not be used in the NSEC processing.
Acknowledgments: Name: Ralph Dolmans (NLnet Labs), Karst Koymans (University of Amsterdam)
External References: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-01.html
Created pdns tracking bugs for this issue: Affects: epel-all [bug 1538010] Affects: fedora-all [bug 1538011]