Hello!We released PowerDNS DNSdist 1.9.10 today, fixing several bugs including a security issue tracked as CVE-2025-30193 where a remote, unauthenticated attacker can cause a denial of service via a crafted TCP connection. The issue was reported to us via our public IRC channel so once it was clear that the issue had a security impact we prepared to release a new version as soon as possible.
While we advise upgrading to a fixed version, a work-around is to temporarily restrict the number of queries that DNSdist is willing to accept over a single incoming TCP connection, via the setMaxTCPQueriesPerConnection directive. Setting it to 50 is a safe choice that does not impact performance in our tests.
Other fixes include: - On FreeBSD, only pass source addresses on sockets bound to ANY - Limit number of proxy protocol-enabled outgoing TCP connections - Fix cache lookup for unavailable TCP-only backends - Fix memory corruption when using getAddressInfo - Only set the proxy protocol payload size when actually addedPlease see the DNSdist website [1] for the more complete changelog [2] and the current documentation. The upgrade guide is also available there [3].
Please send us all feedback and issues you might have via the mailing list, or in case of a bug, via GitHub [4].
The release tarball [5] and its signature [6] are available on the downloads website, and packages for several distributions are available from our repository [7].
[1]: https://dnsdist.org [2]: https://dnsdist.org/changelog.html#change-1.9.10 [3]: https://dnsdist.org/upgrade_guide.html [4]: https://github.com/PowerDNS/pdns/issues/new/choose [5]: https://downloads.powerdns.com/releases/dnsdist-1.9.10.tar.bz2 [6]: https://downloads.powerdns.com/releases/dnsdist-1.9.10.tar.bz2.sig [7]: https://repo.powerdns.com Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
