-
|
Regrading https://blog.powerdns.com/2021/06/01/dns-cache-snooping-attack blog post: Is it still recommended to ignore this vulnerability report? The security team in my organization is curious to know if something has changed since publishing it. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Since 5.0.0, a new setting has been introduced and queries with the RD bit clear (so cache-only, not asking for recursion) are refused by default: https://docs.powerdns.com/recursor/settings.html#allow-no-rd |
Beta Was this translation helpful? Give feedback.
Since 5.0.0, a new setting has been introduced and queries with the RD bit clear (so cache-only, not asking for recursion) are refused by default: https://docs.powerdns.com/recursor/settings.html#allow-no-rd
We still don't consider the previous behaviour a vulnerability, but "security" tools reporting it as such made it annoying enough for everyone that it made sense to change the default. The discussion can be found here, if you are interested: #13386