On Wed, Feb 17, 2016 at 02:12:51PM +0100, Nick Douma wrote: > What about the static debian package on the website? I assume updating > the OS libc package is not enough?
Hi Nick, Good question. It turns out our recent static packages in fact link to the system libc. We call these 'semi-static', but did not change the package name. Check with ldd /usr/sbin/pdns_server or /usr/sbin/pdns_recursor to see if your version runs against the system libc. If it doesn't chances are you are running a version that needed to be updated anyhow! Secondly, as a nameserver, we try not to resolve names using the system library as this could create chicken/egg problems. We do use getaddrinfo() but not to resolve names, only to convert IPv6 addresses, and that only if inet_pton doesn't do the job. See http://blog.powerdns.com/2014/05/21/a-surprising-discovery-on-converting-ipv6-addresses-we-no-longer-prefer-getaddrinfo/ If you connec to a MySQL or PostgreSQL database using a *named* database host, those libraries might try to resolve a name, but we recommend against that. But chances are you are running a version of PowerDNS that does not contain a vulnerable libc anyhow. BErt _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
