Skip to content

Security: PowerDNS/pdns

Security

SECURITY.md

PowerDNS and DNSdist Security Policy

If you have a security problem to report, please email us at both peter.van.dijk@powerdns.com and remi.gacogne@powerdns.com. In case you want to encrypt your report using PGP, please use: https://doc.powerdns.com/powerdns-keyblock.asc

Please do not mail security issues to public lists, nor file a ticket, unless we do not get back to you in a timely manner. We fully credit reporters of security issues, and respond quickly, but please allow us a reasonable timeframe to coordinate a response.

We remind PowerDNS and DNSdist users that under the terms of the GNU General Public License, PowerDNS and DNSdist come with ABSOLUTELY NO WARRANTY. This license is included in this documentation.

Yes We Hack

Security issues can also be reported on our YesWeHack page and might fetch a bounty. Do note that only the PowerDNS software (PowerDNS Authoritative Server, the PowerDNS Recursor and DNSdist) is in scope for the YesWeHack program, not our websites or other infrastructure.

Disclosure Policy

  • Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
  • Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
  • We will always credit researchers in our security advisories.

There aren’t any published security advisories