CVE-2020-10995

Name of the Vulnerable Software and Affected Versions PowerDNS Recursor versions 4.1.0 through 4.3.0

Description The issue in the DNS protocol allows malicious parties to use recursive DNS services to attack third-party authoritative name servers, resulting in degraded performance. This is triggered by random subdomains in the NSDNAME in NS records. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other authoritative name servers.

Recommendations For PowerDNS Recursor versions 4.1.0 through 4.1.15, consider updating to version 4.1.16 to mitigate the impact of this issue. For PowerDNS Recursor versions 4.2.0 through 4.2.1, consider updating to version 4.2.2 to mitigate the impact of this issue. For PowerDNS Recursor versions 4.3.0, consider updating to version 4.3.1 to mitigate the impact of this issue.