[Pdns-announce] PowerDNS Recursor 3.2 Available

bert hubert bert.hubert at netherlabs.nl
Sun Mar 7 12:29:51 CET 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi everybody,

Please find below the release notes of the PowerDNS Recursor version 3.2!

Compared to RC1 and RC2 this version mostly contains compilation and
platform fixes (for Solaris and CentOS4/RHEL4), as well as improved
statistics, diagnostics and '--help' output, and assorted small useability
fixes.

RC1 and RC2 are already deployed in a number of large places, and it appears
to be holding up well.  In addition, a number of future users have performed
stringent testing and performance measurements, and it appears this version
works satisfactorily. 

It is also observed that this release candidate provides for vastly improved
performance compared to 3.1.7.*, even bringing us close to the very
impressive numbers measured by users of the Nominum Vantio and Nominum CNS
software.  On modern hardware, the PowerDNS Recursor may in fact be faster,
and certainly better value for money. For more details, please see below.

The PowerDNS Recursor 3.2 releases is a highly recommended upgrade.

We are very interested in hearing your experiences, and if there are any
issues, please let us know.

Download from:

http://downloads.powerdns.com/releases/pdns-recursor-3.2.tar.bz2
http://downloads.powerdns.com/releases/deb/pdns-recursor_3.2-1_i386.deb
http://downloads.powerdns.com/releases/rpm/pdns-recursor-3.2-1.i386.rpm
http://downloads.powerdns.com/releases/deb/pdns-recursor_3.2-1_amd64.deb
http://downloads.powerdns.com/releases/rpm/pdns-recursor-3.2-1.x86_64.rpm
These directories also contain PGP signatures.

Please note that the 'universal' RPMs are, in fact, too new for RHEL4 and
derived distributions.  It is expected that in the coming week,
RHEL4-compatible RPMs will be announced.

(Nominum, Nominum CNS & Nominum Vantio are trademarks owned by
Nominum)

Release notes
- -------------
Version with clickable links:
http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-2

Warning!

        Lua scripts from version 3.1.7.* are fully compatible with
        version 3.2. However, scripts written for development snapshot
        releases, are NOT. Please see Section 12.7 for details!

 The 3.2 release is the first major release of the PowerDNS
 Recursor in a long time. Partly this is because 3.1.7.*
 functioned very well, and delivered satisfying performance,
 partly this is because in order to really move forward, some
 heavy lifting had to be done.

 As always, we are grateful for the large PowerDNS community
 that is actively involved in improving the quality of our
 software, be it by submitting patches, by testing development
 versions of our software or helping debug interesting issues.
 We specifically want to thank Stefan Schmidt and Florian
 Weimer, who both over the years have helped tremendously in
 keeping PowerDNS fast, stable and secure.

 This version of the PowerDNS Recursor contains a rather novel
 form of lock-free multithreading, a situation that comes close
 to the old '--fork' trick, but allows the Recursor to fully
 utilize multiple CPUs, while delivering unified statistics and
 operational control.

 In effect, this delivers the best of both worlds: near linear
 scaling, with almost no administrative overhead.

 Compared to 'regular multithreading', whereby threads cooperate
 more closely, more memory is used, since each thread maintains
 its own DNS cache. However, given the economics, and the
 relatively limited total amount of memory needed for high
 performance, this price is well worth it.

 In practical numbers, over 40,000 queries/second sustained
 performance has now been measured by a third party, with a
 100.0% packet response rate. This means that the needs of
 around 400,000 residential connections can now be met by a
 single commodity server.

 In addition to the above, the PowerDNS Recursor is now
 providing resolver service for many more Internet users than
 ever before. This has brought with it 24/7 Service Level
 Agreements, and 24/7 operational monitoring by networking
 personnel at some of the largest telecommunications companies
 in the world.

 In order to facilitate such operation, more statistics are now
 provided that allow the visual verification of proper PowerDNS
 Recursor operation. As an example of this there are now graphs
 that plot how many queries were dropped by the operating system
 because of a CPU overload, plus statistics that can be
 monitored to determine if the PowerDNS deployment is under a
 spoofing attack.

 All in all, this is a large and important PowerDNS Release,
 paving the way for further innovation.

 Note

      This release removes support for the 'fork' multi-processor
      option. In addition, the default is now to spawn two threads.
      This has been done in such a way that total memory usage will
      remain identical, so each thread will use half of the allocated
      maximum number of cache entries.

 Changes between RC2 and -release:

   * 'Make install' when an existing configuration file
     contained a 'fork' statement has been fixed. Spotted by
     Darren Gamble, code in commit 1534.
   * Reloading a non-existant allow-from-file caused the control
     thread to stop working. Spotted by Imre Gergely, code in
     commit 1532.
   * Parser got confused by reading en empty line in
     auth-forward-zones. Spotted by Imre Gergely, code in commit
     1533.
   * David Gavarret discovered undocumented and not-working
     settings to set the owner, group and access modes of the
     control socket. Code by Aki Tuomi and documentation in
     commit 1535. Fixup in commit 1536 for FreeBSD as found by
     Ralf van der Enden.
   * Tiny improvement possibly solving an issue on Solaris 10's
     completion port event multiplexer (commit 1537).

 Changes between RC1 and RC2:

   * Compilation on Solaris 10 has been fixed (various
     patchlevels had different issues), code in commit 1522.
   * Compatibility with CentOS4/RHEL4 has been restored, the gcc
     and glibc versions shipped with this distribution contain a
     Thread Local Storage bug which we now work around. Thanks
     to Darren Gamble and Imre Gergely for debugging this issue,
     code in commit 1527.
   * A failed setuid operation, because of misconfiguration,
     would result in a crash instead of an error message. Fixed
     in commit 1523.
   * Imre Gergely discovered that PowerDNS was doing spurious
     root repriming when invalidating nssets. Fixed in commit
     1531.
   * Imre Gergely discovered our rrd graphs had not been changed
     for the new multithreaded world, and did not allow scaling
     beyond 200% cpu use. In addition, CPU usage graphs did not
     add up correctly. Implemented in commit 1524.
   * Andreas Jakum discovered the description of
     'max-packetcache-entries' and 'forward-zones-recurse' was
     wrong in the output of '--help' and '--config'. In
     addition, some stray backup files made it into the RC1
     release. Addressed in commit 1529.

 Full release notes follow, including some overlap with the
 incremental release notes above. Improvements:

   * Multithreading, allowing near linear scaling to multiple
     CPUs or cores. Configured using 'threads=' (many commits).
     This also deprecates the '--fork' option.
   * Added ability to read a configuration item of a running
     PowerDNS Recursor using 'rec_control get-parameter' (commit
     1243), suggested by Wouter de Jong.
   * Added ability to read all statistics in one go of a running
     PowerDNS Recursor using 'rec_control get-all' (commit
     1496), suggested by Michael Renner.
   * Speedups in packet generation (Commits 1258, 1259, 1262)
   * TCP deferred accept() filter is turned on again for slight
     DoS protection. Code in commit 1414.
   * PowerDNS Recursor can now do TCP/IP queries to remote IPv6
     addresses (commit 1412).
   * Solaris 9 '/dev/poll' support added, Solaris 8 now
     deprecated. Changes in commit 1421, commit 1422, commit
     1424, commit 1413.
   * Lua functions can now also see the address _to_ which a
     question was sent, using getlocaladdress(). Implemented in
     commit 1309 and commit 1315.
   * Maximum cache sizes now default to a sensible value.
     Suggested by Roel van der Made, implemented in commit 1354.
   * Domains can now be forwarded to IPv6 addresses too, using
     either ::1 syntax or [::1]:25. Thanks to Wijnand Modderman
     for discovering this issue, fixed in commit 1349.
   * Lua scripts can now load libraries at runtime, for example
     to calculate md5 hashes. Code by Winfried Angele in commit
     1405.
   * Periodic statistics output now includes average queries per
     second, as well as packet cache numbers (commit 1493).
   * New metrics are available for graphing, plus added to the
     default graphs (commit 1495, commit 1498, commit 1503)
   * Fix errors/crashes on more recent versions of Solaris 10,
     where the ports functions could return ENOENT under some
     circumstances. Reported and debugged by Jan Gyselinck,
     fixed in commit 1372.

 New features:

   * Add pdnslog() function for Lua scripts, so errors or other
     messages can be logged properly.
   * New settings to set the owner, group and access modes of
     the control socket (socket-owner, socket-group,
     socket-mode). Code by Aki Tuomi and documentation in commit
     1535. Fixup in commit 1536 for FreeBSD as found by Ralf van
     der Enden.
   * rec_control now accepts a --timeout parameter, which can be
     useful when reloading huge Lua scripts. Implemented in
     commit 1366.
   * Domains can now be forwarded with the 'recursion-desired'
     bit on or off, using either forward-zones-recurse or by
     prefixing the name of a zone with a '+' in
     forward-zones-file. Feature suggested by Darren Gamble,
     implemented in commit 1451.
   * Access control lists can now be reloaded at runtime
     (implemented in commit 1457).
   * PowerDNS Recursor can now use a pool of
     query-local-addresses to further increase resilience
     against spoofing. Suggested by Ad Spelt, implemented in
     commit 1426.
   * PowerDNS Recursor now also has a packet cache, greatly
     speeding up operations. Implemented in commit 1426, commit
     1433 and further.
   * Cache can be limited in how long it maximally stores
     records, for BIND compatibility (TTL limiting), by setting
     max-cache-ttl.Idea by Winfried Angele, implemented in
     commit 1438.
   * Cache cleaning turned out to be scanning more of the cache
     than necessary for cache maintenance. In addition, far more
     frequent but smaller cache cleanups improve responsiveness.
     Thanks to Winfried Angele for discovering this issue.
     (commits 1501, 1507)
   * Performance graphs enhanced with separate CPU load and
     cache effectiveness plots, plus display of various overload
     situations (commits 1503)

 Compiler/Operating system/Library updates:

   * PowerDNS Recursor can now compile against newer versions of
     Boost (verified up to and including 1.42.0). Reported &
     fixed by Darix in commit 1274. Further fixes in commit
     1275, commit 1276, commit 1277, commit 1283.
   * Fix compatibility with newer versions of GCC (closes ticket
     ticket 227, spotted by Ruben Kerkhof, code in commit 1345,
     more fixes in commit 1394, 1416, 1440).
   * Rrdtool update graph is now compatible with FreeBSD out of
     the box. Thanks to Bryan Seitz (commit 1517).
   * Fix up Makefile for older versions of Make (commit 1229).
   * Solaris compilation improvements (out of the box, no
     handwork needed).
   * Solaris 9 MTasker compilation fixes, as suggested by John
     Levon. Changes in commit 1431.

 Bug fixes:

   * Under rare circumstances, the recursor could crash on 64
     bit Linux systems running glibc 2.7, as found in Debian
     Lenny. These circumstances became a lot less rare for the
     3.2 release. Discovered by Andreas Jakum and debugged by
     #powerdns, fix in commit 1519.
   * Imre Gergely discovered that PowerDNS was doing spurious
     root repriming when invalidating nssets. Fixed in commit
     1531.
   * Configuration parser is now resistant against trailing tabs
     and other whitespace (commit 1242)
   * Fix typo in a Lua error message. Close ticket 210, as
     reported by Stefan Schmidt (commit 1319).
   * Profiled-build instructions were broken, discovered & fixes
     suggested by Stefan Schmidt. ticket 239, fix in commit
     1462.
   * Fix up duplicate SOA from a remote authoritative server
     from showing up in our output (commit 1475).
   * All security fixes from 3.1.7.2 are included.
   * Under highly exceptional circumstances on FreeBSD the
     PowerDNS Recursor could crash because of a TCP/IP error.
     Reported and fixed by Andrei Poelov in ticket 192, fixed in
     commit 1280.
   * PowerDNS Recursor can be a root-server again. Error spotted
     by the ever vigilant Darren Gamble (t229), fix in commit
     1458.
   * Rare TCP/IP errors no longer lead to PowerDNS Recursor
     logging errors or becoming confused. Debugged by Josh Berry
     of Plusnet PLC. Code in commit 1457.
   * Do not hammer parent servers in case child zones are
     misconfigured, requery at most once every 10 seconds.
     Reported & investigated by Stefan Schmidt and Andreas
     Jakum, fixed in commit 1265.
   * Properly process answers from remote authoritative servers
     that send error answers without including the original
     question (commit 1329, commit 1327).
   * No longer spontaneously turn on 'export-etc-hosts' after
     reloading zones. Discovered by Paul Cairney, reported in
     ticket 225, addressed in commit 1348.
   * Very abrupt server failure of large numbers of high-volume
     authoritative servers could trigger an out of memory
     situation. Addressed in commit 1505.
   * Make timeouts for queries to remote authoritative servers
     configurable with millisecond granularity. In addition, the
     old code turned out to consider the timeout expired when
     the integral number of seconds since 1970 increased by 1 -
     which *on average* is after 500ms. This might have caused
     spurious timeouts! New default timeout is 1500ms. See
     network-timeout setting for more details. Code in commit
     1402.

- - ends -
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkuTji8ACgkQHF7pkNLnFXUwcACgtTbB7s2FagXV8bIX8SjGa4oQ
MAEAn2yDXK6OWIj5ZqTZJrrYuio8PLwd
=DMPu
-----END PGP SIGNATURE-----


More information about the Pdns-announce mailing list