How to find PowerDNS Recursor installations on your network

PowerDNS has disclosed multiple vulnerabilities in PowerDNS Recursor that permit remote, unauthenticated DNS delegation cache poisoning (CVE-2025-59023 rated CVSS 8.2 and CVE-2025-59024 rated CVSS 6.5). Affected Recursor versions include 5.1.x prior to 5.1.8, 5.2.x prior to 5.2.6, and 5.3.x prior to 5.3.1; users are advised to update to the specified patched releases to mitigate risk. The advisory explains the attack vectors (spoofed packets and UDP fragmentation) and provides guidance on locating vulnerable assets via a runZero inventory query.