[MaraDNS list] MaraDNS 2.0.06 and 1.4.11 released
Sam Trenholme
maradns at gmail.com
Sun Mar 11 14:25:52 EDT 2012
I have updated MaraDNS to use Deadwood 3.2.02. Deadwood 3.2.02 is a
security update to Deadwood 3.2.01. This update has been done in both
MaraDNS 2 and MaraDNS 1.4; MaraDNS 2.0.06 and MaraDNS 1.4.11 are the
releases with this update. MaraDNS 1.3 is not affected because it does
not include Deadwood.
For people who want to file a CVE report: Deadwood releases before
Deadwood 3.2.02 allow entries to remain in the cache for a long time.
In light of the Ghost domain exploit, this is a security problem.
Deadwood 3.2.02 is updated to only allow entries to remain in the
cache for one day. If max_ttl is set, one can choose store an entries
in the cache for up to 90 days.
It can be downloaded here:
http://www.maradns.org/download/2.0/2.0.06/
http://www.maradns.org/download/1.4/
I plan to work on MaraDNS/Deadwood again one day this month, after the
20th, unless a critical security bug is found.
More information about the list
mailing list