I would be interested in the reply to this as well as we just ran the same test on https://www.dnsinspect.com/ and this tool is also suggesting that we should hide the version of the DNS Server. As nqnoc has already stated the current version of powerdns is 5 years old.

WARNING: Name servers software versions are exposed:
104.xxx.xxx.xxx: "PowerDNS Authoritative Server 4.2.1"
51.xxx.xxx.xxx: "PowerDNS Authoritative Server 4.2.1"
52.xxx.xxx.xxx: "PowerDNS Authoritative Server 4.2.1"
88.xxx.xxx.xxx: "PowerDNS Authoritative Server 4.2.1"
Exposing name server's versions may be risky, when a new vulnerability is found your name servers may be automatically exploited by script kiddies until you patch the system. Learn how to hide version.

Interesting find! Following...

+1 Let's get this fixed, I NEVER checked this until now.

One thing to ask, prior to assuming the worst, is does this version of PowerDNS that is installed on the Enhance servers have back-ported fixes. If so, the version referenced may have all modern security updates. With that in mind, I am adding that to this inquiry, because it would be good to know the full picture.

Also, best practice would be to keep the DNS role isolated on VM's that do not carry web traffic.

Whilst this needs to be addressed, i'm personally one for hiding version numbers.

XN-Matt me too, I know if there is an exploit, people will find a way, but I feel better by not having version numbers on the show.

When you update to version 12.0.0, the migration process will also update PowerDNS.

Having the latest version compared to an older stable version is not always best choice, in any software cutting edge software brings cutting edge issues and problems.

Ubuntu 24.04 "Noble Numbat"
The following repositories are available:
PowerDNS Authoritative Server - master branch (development)

PowerDNS Authoritative Server - version 4.9.X (stable)

Create the file '/etc/apt/sources.list.d/pdns.list' with this content:

deb [signed-by=/etc/apt/keyrings/auth-49-pub.asc] http://repo.powerdns.com/ubuntu noble-auth-49 main
Put this in '/etc/apt/preferences.d/auth-49':

Package: auth*
Pin: origin repo.powerdns.com
Pin-Priority: 600
and execute the following commands:

sudo install -d /etc/apt/keyrings; curl https://repo.powerdns.com/FD380FBB-pub.asc | sudo tee /etc/apt/keyrings/auth-49-pub.asc &&
sudo apt-get update &&
sudo apt-get install pdns-server

I just tried the update to 4.9 pdns into my cluster ns1 and ns2 servers after I take backup in case something goes wrong but so far no log errors and seems okay to enhance system the newer version of power DNS.
Creating websites works and ssl gets provisioned successfully after testing so feels free to update if you are on Ubuntu 24

As mentioned by rdbf this is how most Linux distros work. Although it's an older version, security fixes are back ported to this version also. You can check by 'apt changelog <packagename>', in the case of pdns-server there was a security vulnerability fixed last year.

SharedGrid true but power dns:
PowerDNS Authoritative Server is available through the apt system. Your distribution likely ships a package, but we recommend getting more recent packages from the PowerDNS repositories…
And 4.8 have end of life this September I guess by then enhance and Ubuntu will go for 4.9.. who knows

I see no reason to update, if the functionality is working. As stated by others, Distros will back port security fixes into the maintained version. This has been happening for 20+ years and is standard practice. Before you run off and start saying it is "old" check for back ports, and/or security issues in the current version.

Running an older version of something like PowerDNS is simply a non-issue, unless it outright breaks something or has a true security flaw.

Do you upgrade every piece of software you utilize on your PC/Mac to the absolute latest version every day? I seriously doubt that.