ldns 1.9.2 released

We are pleased to announce that version 1.9.2 of ldns is now available.

The release is signed with the OpenPGP software signing key that is in use since Jan 1st 2026:

User ID: NLnet Labs releases signing key G2 <releases@nlnetlabs.nl>
Key ID: A144 323D EAAC DF45
Fingerprint: 2310 1869 0C4D 903E F419  146A A144 323D EAAC DF45

The key is available from https://nlnetlabs.nl/signing-keys .

This release has a single security fix, CVE-2026-10846

NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as (stub) resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of the response. This makes applications, that use ldns for (stub) resolver functionality, vulnerable for off-path poisoning attacks.

The drill tool, which is shipped with ldns and uses ldns for stub resolving, inherently suffers from this vulnerability too.

Please do not install ldns version 1.9.1 as it has a wrong .so version. Install ldns version 1.9.2 instead.

For a full list of changes, binary and source packages, see the download page.