Support this website
I have updated MaraDNS to use Deadwood 3.2.02. Deadwood 3.2.02 is a
security update to Deadwood 3.2.01. This update has been done in both
MaraDNS 2 and MaraDNS 1.4; MaraDNS 2.0.06 and MaraDNS 1.4.11 are the
releases with this update. MaraDNS 1.3 is not affected because it does
not include Deadwood.
For people who want to file a CVE report: Deadwood releases before Deadwood 3.2.02 allow entries to remain in the cache for a long time. In light of the Ghost domain exploit (PDF file), this is a security problem.
Deadwood 3.2.02 is updated to only allow entries to remain in the cache for one day. If max_ttl is set, one can choose to store entries in the cache for up to 90 days.
It can be downloaded here:
http://www.maradns.org/download/2.0/2.0.06/I plan to work on MaraDNS/Deadwood again one day this month, after the 20th, unless a critical security bug is found.
To post a comment about an entry, send me an email and I may or may not post your comment (with or without editing)