PowerDNS Version is old?

nqnoc

Hi,

I just made a new Enhance installation using Ubuntu 24.04 and run a test on domain hosted there with https://zonemaster.se/en/run-test.

It shows on the section: “Nameserver” > “Checking for revealed software version” > that the PowerDNS version is the 4.2.1.

The following name server(s) respond to software version query "version.bind" with string "PowerDNS Authoritative Server 4.2.1".

I checked PowerDNS changelogs at https://doc.powerdns.com/authoritative/changelog/ and 4.2.1 is an old version from Dec 2019.

Is this the normal? In production server I not always run the latest versions, but this seems a rather old version. Shouldn’t Enhance take care of this?

Thanks

MarkD

I would be interested in the reply to this as well as we just ran the same test on https://www.dnsinspect.com/ and this tool is also suggesting that we should hide the version of the DNS Server. As nqnoc has already stated the current version of powerdns is 5 years old.

WARNING: Name servers software versions are exposed:
104.xxx.xxx.xxx: "PowerDNS Authoritative Server 4.2.1"
51.xxx.xxx.xxx: "PowerDNS Authoritative Server 4.2.1"
52.xxx.xxx.xxx: "PowerDNS Authoritative Server 4.2.1"
88.xxx.xxx.xxx: "PowerDNS Authoritative Server 4.2.1"
Exposing name server's versions may be risky, when a new vulnerability is found your name servers may be automatically exploited by script kiddies until you patch the system. Learn how to hide version.

btraill

Interesting find! Following...

slimx

+1 Let's get this fixed, I NEVER checked this until now.

8Dweb

One thing to ask, prior to assuming the worst, is does this version of PowerDNS that is installed on the Enhance servers have back-ported fixes. If so, the version referenced may have all modern security updates. With that in mind, I am adding that to this inquiry, because it would be good to know the full picture.

Also, best practice would be to keep the DNS role isolated on VM's that do not carry web traffic.

XN-Matt

Whilst this needs to be addressed, i'm personally one for hiding version numbers.

tecreasey

XN-Matt me too, I know if there is an exploit, people will find a way, but I feel better by not having version numbers on the show.

Adam

When you update to version 12.0.0, the migration process will also update PowerDNS.

hwcltjn

Will the version number be hidden in v12?