Two vulnerabilities have been discovered in PDNS Recursor, a resolving name server; a traffic amplification attack against third party authoritative name servers (NXNSAttack) and insufficient validation of NXDOMAIN responses lacking an SOA.

The version of pdns-recursor in the oldstable distribution (stretch) is no longer supported. If these security issues affect your setup, you should upgrade to the stable distribution (buster).

For the stable distribution (buster), these problems have been fixed in version 4.1.11-1+deb10u1.

We recommend that you upgrade your pdns-recursor packages.

For the detailed security status of pdns-recursor please refer to its security tracker page at: \ https://security-tracker.debian.org/tracker/pdns-recursor