From peter.van.dijk at netherlabs.nl Fri Aug 1 11:37:54 2014 From: peter.van.dijk at netherlabs.nl (Peter van Dijk) Date: Fri, 1 Aug 2014 13:37:54 +0200 Subject: [Pdns-announce] Authoritative Server 3.4.0 Release Candidate 1 Message-ID: <78DF248F-4FB9-4CAE-803B-345E5A68A621@netherlabs.nl> Hi everybody, Release Candidate 1 of the PowerDNS Authoritative Server 3.4.0 is available from: http://powerdnssec.org/downloads/pdns-3.4.0-rc1.tar.bz2 http://powerdnssec.org/downloads/packages/pdns-static-3.4.0rc1-1.i386.rpm http://powerdnssec.org/downloads/packages/pdns-static-3.4.0rc1-1.x86_64.rpm http://powerdnssec.org/downloads/packages/pdns-static_3.4.0-rc1-1_amd64.deb http://powerdnssec.org/downloads/packages/pdns-static_3.4.0-rc1-1_i386.deb You are cordially invited to (carefully) test this Release Candidate for correct behaviour. Full release notes, with clickable links, are available from: http://doc.powerdns.com/changelog.html#changelog-auth-3.4.0 Here is a text-only version: This is a performance, feature, bugfix and conformity update to 3.3.1 and any earlier version. It contains a huge amount of work by various contributors, to whom we are very grateful. A list of changes since 3.3.1 follows. DNSSEC changes: * commit bba8413: add option (max-signature-cache-entries) to limit the maximum number of cached signatures. * commit 28b66a9: limit the number of NSEC3 iterations (see RFC5155 10.3), with the max-nsec3-iterations option. * commit b50efd6: drop the 'superfluous NSEC3' option that old BIND validators need. * The bindbackend 'hybrid' mode was reintroduced by Kees Monshouwer. Enable it with bind-hybrid. * Aki Tuomi contributed experimental PKCS#11 support for DNSSEC key management with a (Soft)HSM. * Direct RRSIG queries now return NOTIMP. * commit fa37777: add secure-all-zones command to pdnssec * Unrectified zones can now get rectified 'on the fly' during outgoing AXFR. This makes it possible to run a hidden signing master without rectification. * commit 82fb538: AXFR in: don't accept zones with a mixture of Opt-Out NSEC3 RRs and non-Opt-Out NSEC3 RRs * Various minor bugfixes, mostly from the unstoppable Kees Monshouwer. * commit 0c4c552: set non-zero exit status in pdnssec if an exception was thrown, for easier automatic usage. * commit b8bd119: pdnssec -v show-zone: Print all keys instead of just entry point keys. * commit 52e0d78: answer direct NSEC queries without DO bit * commit ca2eb01: output ZSK DNSKEY records if experimental-direct-dnskey support is enabled * commit 83609e2: SOA-EDIT: fix INCEPTION-INCREMENT handling * commit ac4a2f1: AXFR-out can handle secure and insecure NSEC3 optout delegations * commit ff47302: AXFR-in can handle secure and insecure NSEC3 optout delegations New features: * DNAME support. Enable with experimental-dname-processing. * PowerDNS can now send stats directly to Carbon servers. Enable with carbon-server, tweak with carbon-ourname and carbon-interval. * commit 767da1a: Add list-zone capability to pdns_control * commit 51f6bca: Add delete-zone to pdnssec. * The gsql backends now support record comments, and disabling records. * The new reuseport config option allows setting SO_REUSEPORT, which allows for some performance improvements. * local-address-nonexist-fail and local-ipv6-nonexist-fail allow pdns to start up even if some addresses fail to bind. * commit b8bd119: pdnssec -v show-zone: Print all keys instead of just entry point keys. * commit 52e0d78: answer direct NSEC queries without DO bit * commit ca2eb01: output ZSK DNSKEY records if experimental-direct-dnskey support is enabled * commit 83609e2: SOA-EDIT: fix INCEPTION-INCREMENT handling * commit ac4a2f1: AXFR-out can handle secure and insecure NSEC3 optout delegations * commit ff47302: AXFR-in can handle secure and insecure NSEC3 optout delegations New features: * DNAME support. Enable with experimental-dname-processing. * PowerDNS can now send stats directly to Carbon servers. Enable with carbon-server, tweak with carbon-ourname and carbon-interval. * commit 767da1a: Add list-zone capability to pdns_control * commit 51f6bca: Add delete-zone to pdnssec. * The gsql backends now support record comments, and disabling records. * The new reuseport config option allows setting SO_REUSEPORT, which allows for some performance improvements. * local-address-nonexist-fail and local-ipv6-nonexist-fail allow pdns to start up even if some addresses fail to bind. * commit 719f902: fix dual-stack superslave when multiple namservers share a ip * commit 33966bf: avoid address truncation in doNotifications * commit eac85b1: prevent duplicate slave notications caused by different ipv6 address formatting * commit 3c8a711: make notification queue ipv6 compatible * commit 0c13e45: make isMaster ip check more tolerant for different ipv6 notations * Various fixes for possible issues reported by Coverity Scan (commit f17c93b , ) * commit 9083987: don't rely on included polarssl header files when using system polarssl. Spotted by Oden Eriksson of Mandriva, thanks! * Various users reported pdns_control hangs, especially when using the guardian. We are confident that all causes of these hangs are now gone. * Decreasing the webserver ringbuffer size could cause crashes. * commit 4c89cce: nproxy: Add missing chdir("/") after chroot() * commit 016a0ab: actually notice timeout during AXFR retrieve, thanks hkraal REST API changes: * The REST API was much improved and is nearing stability, thanks to Christian Hofstaedtler and others. * Mark Schouten at Tuxis contributed a zone importer. Other changes: * Our tarballs and packages now include *.sql schema files for the SQL backends. * The webserver (including API) now has an ACL (webserver-allow-from). * Webserver (including API) is now powered by YaHTTP. * Various autotools usage improvements from Ruben Kerkhof. * The dist tarball is now bzip2-compressed instead of gzip. * Various remotebackend updates, including replacing curl with (included) yahttp. * Dynamic module loading is now allowed on Mac OS X. * The AXFR ACL (allow-axfr-ips) now defaults to 127.0.0.0/8,::1 instead of the whole world. * commit ba91c2f: remove unused gpgsql-socket option and document postgres socket usage * Improved support for Lua 5.2. * The edns-subnet option code is now fixed at 8, and the edns-subnet-option-numbers option has been removed. * geobackend now has very limited edns-subnet support - it will use the 'real' remote if available. * pipebackend ABI v4 adds the zone name to the AXFR command. * We now avoid getaddrinfo() as much as possible. * The packet cache now handles (forwarded) recursive answers better, including TTL aging and respecting allow-recursion. * commit ff5ba4f: pdns_server --help no longer exits with 1. * Mark Zealey contributed an experimental LMDB backend. Kees Monshouwer added experimental DNSSEC support to it. Thanks, both! * commit 81859ba: No longer attempt to answer questions coming in from port 0, reply would not reach them anyhow. Thanks to Niels Bakker and sid3windr for insight & debugging. Closes ticket 844. * RCodes are now reported in text in various places, thanks Aki. * Kees Monshouwer set up automatic testing for the oracle and goracle backends, and fixed various issues in them. * Leftovers of previous support for Windows have been removed, thanks to Kees Monshouwer, Aki Tuomi. * Bundled PolarSSL has been upgraded to 1.3.2 * PolarSSL replaced previously bundled implementations of AES (commit e22d9b4 ) and SHA (commit 9101035) * bindbackend is now a module * commit 14a2e52: Use the inet data type for supermasters.ip on postgrsql. * We now send an empty SERVFAIL when a CNAME chain is too long, instead of including the partial chain. * commit 3613a51: Show built-in features in --version output * commit 4bd7d35: make domainmetadata queries case insensitive * commit 088c334: output warning message when no to be notified NS's are found * commit 5631b44: gpsqlbackend: use empty defaults for dbname and user; libpq will use the current user name for both by default * commit d87ded3: implement udp-truncation-threshold to override the previous 1680 byte maximum response datagram size - no matter what EDNS0 said. Plus document it. * Implement udp-truncation-threshold to override the previous 1680 byte maximum response datagram size - no matter what EDNS0 said. * On shutdown, PowerDNS now attempts to stop all processes in its process group, especially useful for pipe/remotebackend users. Feature donated by Spotify. * Removed settings related to fancy records, as we haven't supported those since version 3.0 * Based on earlier work by Mark Zealey, Kees Monshouwer increased our packet cache performance between 200% and 500% depending on the situation, by simplifying some code in commit 801812e and commit 8403ade. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail URL: From peter.van.dijk at netherlabs.nl Fri Aug 1 11:54:02 2014 From: peter.van.dijk at netherlabs.nl (Peter van Dijk) Date: Fri, 1 Aug 2014 13:54:02 +0200 Subject: [Pdns-announce] [Pdns-dev] Authoritative Server 3.4.0 Release Candidate 1 In-Reply-To: <78DF248F-4FB9-4CAE-803B-345E5A68A621@netherlabs.nl> References: <78DF248F-4FB9-4CAE-803B-345E5A68A621@netherlabs.nl> Message-ID: Hello, it appeared I made a copy/paste error in the text-only changelog. Please refer to http://doc.powerdns.com/changelog.html#changelog-auth-3.4.0 for the full and correct list. Kind regards, -- Peter van Dijk Netherlabs Computer Consulting BV - http://www.netherlabs.nl/ On 01 Aug 2014, at 13:37 , Peter van Dijk wrote: > Hi everybody, > > Release Candidate 1 of the PowerDNS Authoritative Server 3.4.0 is available from: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail URL: From peter.van.dijk at netherlabs.nl Fri Aug 1 11:37:54 2014 From: peter.van.dijk at netherlabs.nl (Peter van Dijk) Date: Fri, 1 Aug 2014 13:37:54 +0200 Subject: [Pdns-announce] Authoritative Server 3.4.0 Release Candidate 1 Message-ID: <78DF248F-4FB9-4CAE-803B-345E5A68A621@netherlabs.nl> Hi everybody, Release Candidate 1 of the PowerDNS Authoritative Server 3.4.0 is available from: http://powerdnssec.org/downloads/pdns-3.4.0-rc1.tar.bz2 http://powerdnssec.org/downloads/packages/pdns-static-3.4.0rc1-1.i386.rpm http://powerdnssec.org/downloads/packages/pdns-static-3.4.0rc1-1.x86_64.rpm http://powerdnssec.org/downloads/packages/pdns-static_3.4.0-rc1-1_amd64.deb http://powerdnssec.org/downloads/packages/pdns-static_3.4.0-rc1-1_i386.deb You are cordially invited to (carefully) test this Release Candidate for correct behaviour. Full release notes, with clickable links, are available from: http://doc.powerdns.com/changelog.html#changelog-auth-3.4.0 Here is a text-only version: This is a performance, feature, bugfix and conformity update to 3.3.1 and any earlier version. It contains a huge amount of work by various contributors, to whom we are very grateful. A list of changes since 3.3.1 follows. DNSSEC changes: * commit bba8413: add option (max-signature-cache-entries) to limit the maximum number of cached signatures. * commit 28b66a9: limit the number of NSEC3 iterations (see RFC5155 10.3), with the max-nsec3-iterations option. * commit b50efd6: drop the 'superfluous NSEC3' option that old BIND validators need. * The bindbackend 'hybrid' mode was reintroduced by Kees Monshouwer. Enable it with bind-hybrid. * Aki Tuomi contributed experimental PKCS#11 support for DNSSEC key management with a (Soft)HSM. * Direct RRSIG queries now return NOTIMP. * commit fa37777: add secure-all-zones command to pdnssec * Unrectified zones can now get rectified 'on the fly' during outgoing AXFR. This makes it possible to run a hidden signing master without rectification. * commit 82fb538: AXFR in: don't accept zones with a mixture of Opt-Out NSEC3 RRs and non-Opt-Out NSEC3 RRs * Various minor bugfixes, mostly from the unstoppable Kees Monshouwer. * commit 0c4c552: set non-zero exit status in pdnssec if an exception was thrown, for easier automatic usage. * commit b8bd119: pdnssec -v show-zone: Print all keys instead of just entry point keys. * commit 52e0d78: answer direct NSEC queries without DO bit * commit ca2eb01: output ZSK DNSKEY records if experimental-direct-dnskey support is enabled * commit 83609e2: SOA-EDIT: fix INCEPTION-INCREMENT handling * commit ac4a2f1: AXFR-out can handle secure and insecure NSEC3 optout delegations * commit ff47302: AXFR-in can handle secure and insecure NSEC3 optout delegations New features: * DNAME support. Enable with experimental-dname-processing. * PowerDNS can now send stats directly to Carbon servers. Enable with carbon-server, tweak with carbon-ourname and carbon-interval. * commit 767da1a: Add list-zone capability to pdns_control * commit 51f6bca: Add delete-zone to pdnssec. * The gsql backends now support record comments, and disabling records. * The new reuseport config option allows setting SO_REUSEPORT, which allows for some performance improvements. * local-address-nonexist-fail and local-ipv6-nonexist-fail allow pdns to start up even if some addresses fail to bind. * commit b8bd119: pdnssec -v show-zone: Print all keys instead of just entry point keys. * commit 52e0d78: answer direct NSEC queries without DO bit * commit ca2eb01: output ZSK DNSKEY records if experimental-direct-dnskey support is enabled * commit 83609e2: SOA-EDIT: fix INCEPTION-INCREMENT handling * commit ac4a2f1: AXFR-out can handle secure and insecure NSEC3 optout delegations * commit ff47302: AXFR-in can handle secure and insecure NSEC3 optout delegations New features: * DNAME support. Enable with experimental-dname-processing. * PowerDNS can now send stats directly to Carbon servers. Enable with carbon-server, tweak with carbon-ourname and carbon-interval. * commit 767da1a: Add list-zone capability to pdns_control * commit 51f6bca: Add delete-zone to pdnssec. * The gsql backends now support record comments, and disabling records. * The new reuseport config option allows setting SO_REUSEPORT, which allows for some performance improvements. * local-address-nonexist-fail and local-ipv6-nonexist-fail allow pdns to start up even if some addresses fail to bind. * commit 719f902: fix dual-stack superslave when multiple namservers share a ip * commit 33966bf: avoid address truncation in doNotifications * commit eac85b1: prevent duplicate slave notications caused by different ipv6 address formatting * commit 3c8a711: make notification queue ipv6 compatible * commit 0c13e45: make isMaster ip check more tolerant for different ipv6 notations * Various fixes for possible issues reported by Coverity Scan (commit f17c93b , ) * commit 9083987: don't rely on included polarssl header files when using system polarssl. Spotted by Oden Eriksson of Mandriva, thanks! * Various users reported pdns_control hangs, especially when using the guardian. We are confident that all causes of these hangs are now gone. * Decreasing the webserver ringbuffer size could cause crashes. * commit 4c89cce: nproxy: Add missing chdir("/") after chroot() * commit 016a0ab: actually notice timeout during AXFR retrieve, thanks hkraal REST API changes: * The REST API was much improved and is nearing stability, thanks to Christian Hofstaedtler and others. * Mark Schouten at Tuxis contributed a zone importer. Other changes: * Our tarballs and packages now include *.sql schema files for the SQL backends. * The webserver (including API) now has an ACL (webserver-allow-from). * Webserver (including API) is now powered by YaHTTP. * Various autotools usage improvements from Ruben Kerkhof. * The dist tarball is now bzip2-compressed instead of gzip. * Various remotebackend updates, including replacing curl with (included) yahttp. * Dynamic module loading is now allowed on Mac OS X. * The AXFR ACL (allow-axfr-ips) now defaults to 127.0.0.0/8,::1 instead of the whole world. * commit ba91c2f: remove unused gpgsql-socket option and document postgres socket usage * Improved support for Lua 5.2. * The edns-subnet option code is now fixed at 8, and the edns-subnet-option-numbers option has been removed. * geobackend now has very limited edns-subnet support - it will use the 'real' remote if available. * pipebackend ABI v4 adds the zone name to the AXFR command. * We now avoid getaddrinfo() as much as possible. * The packet cache now handles (forwarded) recursive answers better, including TTL aging and respecting allow-recursion. * commit ff5ba4f: pdns_server --help no longer exits with 1. * Mark Zealey contributed an experimental LMDB backend. Kees Monshouwer added experimental DNSSEC support to it. Thanks, both! * commit 81859ba: No longer attempt to answer questions coming in from port 0, reply would not reach them anyhow. Thanks to Niels Bakker and sid3windr for insight & debugging. Closes ticket 844. * RCodes are now reported in text in various places, thanks Aki. * Kees Monshouwer set up automatic testing for the oracle and goracle backends, and fixed various issues in them. * Leftovers of previous support for Windows have been removed, thanks to Kees Monshouwer, Aki Tuomi. * Bundled PolarSSL has been upgraded to 1.3.2 * PolarSSL replaced previously bundled implementations of AES (commit e22d9b4 ) and SHA (commit 9101035) * bindbackend is now a module * commit 14a2e52: Use the inet data type for supermasters.ip on postgrsql. * We now send an empty SERVFAIL when a CNAME chain is too long, instead of including the partial chain. * commit 3613a51: Show built-in features in --version output * commit 4bd7d35: make domainmetadata queries case insensitive * commit 088c334: output warning message when no to be notified NS's are found * commit 5631b44: gpsqlbackend: use empty defaults for dbname and user; libpq will use the current user name for both by default * commit d87ded3: implement udp-truncation-threshold to override the previous 1680 byte maximum response datagram size - no matter what EDNS0 said. Plus document it. * Implement udp-truncation-threshold to override the previous 1680 byte maximum response datagram size - no matter what EDNS0 said. * On shutdown, PowerDNS now attempts to stop all processes in its process group, especially useful for pipe/remotebackend users. Feature donated by Spotify. * Removed settings related to fancy records, as we haven't supported those since version 3.0 * Based on earlier work by Mark Zealey, Kees Monshouwer increased our packet cache performance between 200% and 500% depending on the situation, by simplifying some code in commit 801812e and commit 8403ade. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail URL: From peter.van.dijk at netherlabs.nl Fri Aug 1 11:54:02 2014 From: peter.van.dijk at netherlabs.nl (Peter van Dijk) Date: Fri, 1 Aug 2014 13:54:02 +0200 Subject: [Pdns-announce] [Pdns-dev] Authoritative Server 3.4.0 Release Candidate 1 In-Reply-To: <78DF248F-4FB9-4CAE-803B-345E5A68A621@netherlabs.nl> References: <78DF248F-4FB9-4CAE-803B-345E5A68A621@netherlabs.nl> Message-ID: Hello, it appeared I made a copy/paste error in the text-only changelog. Please refer to http://doc.powerdns.com/changelog.html#changelog-auth-3.4.0 for the full and correct list. Kind regards, -- Peter van Dijk Netherlabs Computer Consulting BV - http://www.netherlabs.nl/ On 01 Aug 2014, at 13:37 , Peter van Dijk wrote: > Hi everybody, > > Release Candidate 1 of the PowerDNS Authoritative Server 3.4.0 is available from: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail URL: From peter.van.dijk at netherlabs.nl Fri Aug 1 11:37:54 2014 From: peter.van.dijk at netherlabs.nl (Peter van Dijk) Date: Fri, 1 Aug 2014 13:37:54 +0200 Subject: [Pdns-announce] Authoritative Server 3.4.0 Release Candidate 1 Message-ID: <78DF248F-4FB9-4CAE-803B-345E5A68A621@netherlabs.nl> Hi everybody, Release Candidate 1 of the PowerDNS Authoritative Server 3.4.0 is available from: http://powerdnssec.org/downloads/pdns-3.4.0-rc1.tar.bz2 http://powerdnssec.org/downloads/packages/pdns-static-3.4.0rc1-1.i386.rpm http://powerdnssec.org/downloads/packages/pdns-static-3.4.0rc1-1.x86_64.rpm http://powerdnssec.org/downloads/packages/pdns-static_3.4.0-rc1-1_amd64.deb http://powerdnssec.org/downloads/packages/pdns-static_3.4.0-rc1-1_i386.deb You are cordially invited to (carefully) test this Release Candidate for correct behaviour. Full release notes, with clickable links, are available from: http://doc.powerdns.com/changelog.html#changelog-auth-3.4.0 Here is a text-only version: This is a performance, feature, bugfix and conformity update to 3.3.1 and any earlier version. It contains a huge amount of work by various contributors, to whom we are very grateful. A list of changes since 3.3.1 follows. DNSSEC changes: * commit bba8413: add option (max-signature-cache-entries) to limit the maximum number of cached signatures. * commit 28b66a9: limit the number of NSEC3 iterations (see RFC5155 10.3), with the max-nsec3-iterations option. * commit b50efd6: drop the 'superfluous NSEC3' option that old BIND validators need. * The bindbackend 'hybrid' mode was reintroduced by Kees Monshouwer. Enable it with bind-hybrid. * Aki Tuomi contributed experimental PKCS#11 support for DNSSEC key management with a (Soft)HSM. * Direct RRSIG queries now return NOTIMP. * commit fa37777: add secure-all-zones command to pdnssec * Unrectified zones can now get rectified 'on the fly' during outgoing AXFR. This makes it possible to run a hidden signing master without rectification. * commit 82fb538: AXFR in: don't accept zones with a mixture of Opt-Out NSEC3 RRs and non-Opt-Out NSEC3 RRs * Various minor bugfixes, mostly from the unstoppable Kees Monshouwer. * commit 0c4c552: set non-zero exit status in pdnssec if an exception was thrown, for easier automatic usage. * commit b8bd119: pdnssec -v show-zone: Print all keys instead of just entry point keys. * commit 52e0d78: answer direct NSEC queries without DO bit * commit ca2eb01: output ZSK DNSKEY records if experimental-direct-dnskey support is enabled * commit 83609e2: SOA-EDIT: fix INCEPTION-INCREMENT handling * commit ac4a2f1: AXFR-out can handle secure and insecure NSEC3 optout delegations * commit ff47302: AXFR-in can handle secure and insecure NSEC3 optout delegations New features: * DNAME support. Enable with experimental-dname-processing. * PowerDNS can now send stats directly to Carbon servers. Enable with carbon-server, tweak with carbon-ourname and carbon-interval. * commit 767da1a: Add list-zone capability to pdns_control * commit 51f6bca: Add delete-zone to pdnssec. * The gsql backends now support record comments, and disabling records. * The new reuseport config option allows setting SO_REUSEPORT, which allows for some performance improvements. * local-address-nonexist-fail and local-ipv6-nonexist-fail allow pdns to start up even if some addresses fail to bind. * commit b8bd119: pdnssec -v show-zone: Print all keys instead of just entry point keys. * commit 52e0d78: answer direct NSEC queries without DO bit * commit ca2eb01: output ZSK DNSKEY records if experimental-direct-dnskey support is enabled * commit 83609e2: SOA-EDIT: fix INCEPTION-INCREMENT handling * commit ac4a2f1: AXFR-out can handle secure and insecure NSEC3 optout delegations * commit ff47302: AXFR-in can handle secure and insecure NSEC3 optout delegations New features: * DNAME support. Enable with experimental-dname-processing. * PowerDNS can now send stats directly to Carbon servers. Enable with carbon-server, tweak with carbon-ourname and carbon-interval. * commit 767da1a: Add list-zone capability to pdns_control * commit 51f6bca: Add delete-zone to pdnssec. * The gsql backends now support record comments, and disabling records. * The new reuseport config option allows setting SO_REUSEPORT, which allows for some performance improvements. * local-address-nonexist-fail and local-ipv6-nonexist-fail allow pdns to start up even if some addresses fail to bind. * commit 719f902: fix dual-stack superslave when multiple namservers share a ip * commit 33966bf: avoid address truncation in doNotifications * commit eac85b1: prevent duplicate slave notications caused by different ipv6 address formatting * commit 3c8a711: make notification queue ipv6 compatible * commit 0c13e45: make isMaster ip check more tolerant for different ipv6 notations * Various fixes for possible issues reported by Coverity Scan (commit f17c93b , ) * commit 9083987: don't rely on included polarssl header files when using system polarssl. Spotted by Oden Eriksson of Mandriva, thanks! * Various users reported pdns_control hangs, especially when using the guardian. We are confident that all causes of these hangs are now gone. * Decreasing the webserver ringbuffer size could cause crashes. * commit 4c89cce: nproxy: Add missing chdir("/") after chroot() * commit 016a0ab: actually notice timeout during AXFR retrieve, thanks hkraal REST API changes: * The REST API was much improved and is nearing stability, thanks to Christian Hofstaedtler and others. * Mark Schouten at Tuxis contributed a zone importer. Other changes: * Our tarballs and packages now include *.sql schema files for the SQL backends. * The webserver (including API) now has an ACL (webserver-allow-from). * Webserver (including API) is now powered by YaHTTP. * Various autotools usage improvements from Ruben Kerkhof. * The dist tarball is now bzip2-compressed instead of gzip. * Various remotebackend updates, including replacing curl with (included) yahttp. * Dynamic module loading is now allowed on Mac OS X. * The AXFR ACL (allow-axfr-ips) now defaults to 127.0.0.0/8,::1 instead of the whole world. * commit ba91c2f: remove unused gpgsql-socket option and document postgres socket usage * Improved support for Lua 5.2. * The edns-subnet option code is now fixed at 8, and the edns-subnet-option-numbers option has been removed. * geobackend now has very limited edns-subnet support - it will use the 'real' remote if available. * pipebackend ABI v4 adds the zone name to the AXFR command. * We now avoid getaddrinfo() as much as possible. * The packet cache now handles (forwarded) recursive answers better, including TTL aging and respecting allow-recursion. * commit ff5ba4f: pdns_server --help no longer exits with 1. * Mark Zealey contributed an experimental LMDB backend. Kees Monshouwer added experimental DNSSEC support to it. Thanks, both! * commit 81859ba: No longer attempt to answer questions coming in from port 0, reply would not reach them anyhow. Thanks to Niels Bakker and sid3windr for insight & debugging. Closes ticket 844. * RCodes are now reported in text in various places, thanks Aki. * Kees Monshouwer set up automatic testing for the oracle and goracle backends, and fixed various issues in them. * Leftovers of previous support for Windows have been removed, thanks to Kees Monshouwer, Aki Tuomi. * Bundled PolarSSL has been upgraded to 1.3.2 * PolarSSL replaced previously bundled implementations of AES (commit e22d9b4 ) and SHA (commit 9101035) * bindbackend is now a module * commit 14a2e52: Use the inet data type for supermasters.ip on postgrsql. * We now send an empty SERVFAIL when a CNAME chain is too long, instead of including the partial chain. * commit 3613a51: Show built-in features in --version output * commit 4bd7d35: make domainmetadata queries case insensitive * commit 088c334: output warning message when no to be notified NS's are found * commit 5631b44: gpsqlbackend: use empty defaults for dbname and user; libpq will use the current user name for both by default * commit d87ded3: implement udp-truncation-threshold to override the previous 1680 byte maximum response datagram size - no matter what EDNS0 said. Plus document it. * Implement udp-truncation-threshold to override the previous 1680 byte maximum response datagram size - no matter what EDNS0 said. * On shutdown, PowerDNS now attempts to stop all processes in its process group, especially useful for pipe/remotebackend users. Feature donated by Spotify. * Removed settings related to fancy records, as we haven't supported those since version 3.0 * Based on earlier work by Mark Zealey, Kees Monshouwer increased our packet cache performance between 200% and 500% depending on the situation, by simplifying some code in commit 801812e and commit 8403ade. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail URL: From peter.van.dijk at netherlabs.nl Fri Aug 1 11:54:02 2014 From: peter.van.dijk at netherlabs.nl (Peter van Dijk) Date: Fri, 1 Aug 2014 13:54:02 +0200 Subject: [Pdns-announce] [Pdns-dev] Authoritative Server 3.4.0 Release Candidate 1 In-Reply-To: <78DF248F-4FB9-4CAE-803B-345E5A68A621@netherlabs.nl> References: <78DF248F-4FB9-4CAE-803B-345E5A68A621@netherlabs.nl> Message-ID: Hello, it appeared I made a copy/paste error in the text-only changelog. Please refer to http://doc.powerdns.com/changelog.html#changelog-auth-3.4.0 for the full and correct list. Kind regards, -- Peter van Dijk Netherlabs Computer Consulting BV - http://www.netherlabs.nl/ On 01 Aug 2014, at 13:37 , Peter van Dijk wrote: > Hi everybody, > > Release Candidate 1 of the PowerDNS Authoritative Server 3.4.0 is available from: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail URL: From peter.van.dijk at netherlabs.nl Fri Aug 1 11:37:54 2014 From: peter.van.dijk at netherlabs.nl (Peter van Dijk) Date: Fri, 1 Aug 2014 13:37:54 +0200 Subject: [Pdns-announce] Authoritative Server 3.4.0 Release Candidate 1 Message-ID: <78DF248F-4FB9-4CAE-803B-345E5A68A621@netherlabs.nl> Hi everybody, Release Candidate 1 of the PowerDNS Authoritative Server 3.4.0 is available from: http://powerdnssec.org/downloads/pdns-3.4.0-rc1.tar.bz2 http://powerdnssec.org/downloads/packages/pdns-static-3.4.0rc1-1.i386.rpm http://powerdnssec.org/downloads/packages/pdns-static-3.4.0rc1-1.x86_64.rpm http://powerdnssec.org/downloads/packages/pdns-static_3.4.0-rc1-1_amd64.deb http://powerdnssec.org/downloads/packages/pdns-static_3.4.0-rc1-1_i386.deb You are cordially invited to (carefully) test this Release Candidate for correct behaviour. Full release notes, with clickable links, are available from: http://doc.powerdns.com/changelog.html#changelog-auth-3.4.0 Here is a text-only version: This is a performance, feature, bugfix and conformity update to 3.3.1 and any earlier version. It contains a huge amount of work by various contributors, to whom we are very grateful. A list of changes since 3.3.1 follows. DNSSEC changes: * commit bba8413: add option (max-signature-cache-entries) to limit the maximum number of cached signatures. * commit 28b66a9: limit the number of NSEC3 iterations (see RFC5155 10.3), with the max-nsec3-iterations option. * commit b50efd6: drop the 'superfluous NSEC3' option that old BIND validators need. * The bindbackend 'hybrid' mode was reintroduced by Kees Monshouwer. Enable it with bind-hybrid. * Aki Tuomi contributed experimental PKCS#11 support for DNSSEC key management with a (Soft)HSM. * Direct RRSIG queries now return NOTIMP. * commit fa37777: add secure-all-zones command to pdnssec * Unrectified zones can now get rectified 'on the fly' during outgoing AXFR. This makes it possible to run a hidden signing master without rectification. * commit 82fb538: AXFR in: don't accept zones with a mixture of Opt-Out NSEC3 RRs and non-Opt-Out NSEC3 RRs * Various minor bugfixes, mostly from the unstoppable Kees Monshouwer. * commit 0c4c552: set non-zero exit status in pdnssec if an exception was thrown, for easier automatic usage. * commit b8bd119: pdnssec -v show-zone: Print all keys instead of just entry point keys. * commit 52e0d78: answer direct NSEC queries without DO bit * commit ca2eb01: output ZSK DNSKEY records if experimental-direct-dnskey support is enabled * commit 83609e2: SOA-EDIT: fix INCEPTION-INCREMENT handling * commit ac4a2f1: AXFR-out can handle secure and insecure NSEC3 optout delegations * commit ff47302: AXFR-in can handle secure and insecure NSEC3 optout delegations New features: * DNAME support. Enable with experimental-dname-processing. * PowerDNS can now send stats directly to Carbon servers. Enable with carbon-server, tweak with carbon-ourname and carbon-interval. * commit 767da1a: Add list-zone capability to pdns_control * commit 51f6bca: Add delete-zone to pdnssec. * The gsql backends now support record comments, and disabling records. * The new reuseport config option allows setting SO_REUSEPORT, which allows for some performance improvements. * local-address-nonexist-fail and local-ipv6-nonexist-fail allow pdns to start up even if some addresses fail to bind. * commit b8bd119: pdnssec -v show-zone: Print all keys instead of just entry point keys. * commit 52e0d78: answer direct NSEC queries without DO bit * commit ca2eb01: output ZSK DNSKEY records if experimental-direct-dnskey support is enabled * commit 83609e2: SOA-EDIT: fix INCEPTION-INCREMENT handling * commit ac4a2f1: AXFR-out can handle secure and insecure NSEC3 optout delegations * commit ff47302: AXFR-in can handle secure and insecure NSEC3 optout delegations New features: * DNAME support. Enable with experimental-dname-processing. * PowerDNS can now send stats directly to Carbon servers. Enable with carbon-server, tweak with carbon-ourname and carbon-interval. * commit 767da1a: Add list-zone capability to pdns_control * commit 51f6bca: Add delete-zone to pdnssec. * The gsql backends now support record comments, and disabling records. * The new reuseport config option allows setting SO_REUSEPORT, which allows for some performance improvements. * local-address-nonexist-fail and local-ipv6-nonexist-fail allow pdns to start up even if some addresses fail to bind. * commit 719f902: fix dual-stack superslave when multiple namservers share a ip * commit 33966bf: avoid address truncation in doNotifications * commit eac85b1: prevent duplicate slave notications caused by different ipv6 address formatting * commit 3c8a711: make notification queue ipv6 compatible * commit 0c13e45: make isMaster ip check more tolerant for different ipv6 notations * Various fixes for possible issues reported by Coverity Scan (commit f17c93b , ) * commit 9083987: don't rely on included polarssl header files when using system polarssl. Spotted by Oden Eriksson of Mandriva, thanks! * Various users reported pdns_control hangs, especially when using the guardian. We are confident that all causes of these hangs are now gone. * Decreasing the webserver ringbuffer size could cause crashes. * commit 4c89cce: nproxy: Add missing chdir("/") after chroot() * commit 016a0ab: actually notice timeout during AXFR retrieve, thanks hkraal REST API changes: * The REST API was much improved and is nearing stability, thanks to Christian Hofstaedtler and others. * Mark Schouten at Tuxis contributed a zone importer. Other changes: * Our tarballs and packages now include *.sql schema files for the SQL backends. * The webserver (including API) now has an ACL (webserver-allow-from). * Webserver (including API) is now powered by YaHTTP. * Various autotools usage improvements from Ruben Kerkhof. * The dist tarball is now bzip2-compressed instead of gzip. * Various remotebackend updates, including replacing curl with (included) yahttp. * Dynamic module loading is now allowed on Mac OS X. * The AXFR ACL (allow-axfr-ips) now defaults to 127.0.0.0/8,::1 instead of the whole world. * commit ba91c2f: remove unused gpgsql-socket option and document postgres socket usage * Improved support for Lua 5.2. * The edns-subnet option code is now fixed at 8, and the edns-subnet-option-numbers option has been removed. * geobackend now has very limited edns-subnet support - it will use the 'real' remote if available. * pipebackend ABI v4 adds the zone name to the AXFR command. * We now avoid getaddrinfo() as much as possible. * The packet cache now handles (forwarded) recursive answers better, including TTL aging and respecting allow-recursion. * commit ff5ba4f: pdns_server --help no longer exits with 1. * Mark Zealey contributed an experimental LMDB backend. Kees Monshouwer added experimental DNSSEC support to it. Thanks, both! * commit 81859ba: No longer attempt to answer questions coming in from port 0, reply would not reach them anyhow. Thanks to Niels Bakker and sid3windr for insight & debugging. Closes ticket 844. * RCodes are now reported in text in various places, thanks Aki. * Kees Monshouwer set up automatic testing for the oracle and goracle backends, and fixed various issues in them. * Leftovers of previous support for Windows have been removed, thanks to Kees Monshouwer, Aki Tuomi. * Bundled PolarSSL has been upgraded to 1.3.2 * PolarSSL replaced previously bundled implementations of AES (commit e22d9b4 ) and SHA (commit 9101035) * bindbackend is now a module * commit 14a2e52: Use the inet data type for supermasters.ip on postgrsql. * We now send an empty SERVFAIL when a CNAME chain is too long, instead of including the partial chain. * commit 3613a51: Show built-in features in --version output * commit 4bd7d35: make domainmetadata queries case insensitive * commit 088c334: output warning message when no to be notified NS's are found * commit 5631b44: gpsqlbackend: use empty defaults for dbname and user; libpq will use the current user name for both by default * commit d87ded3: implement udp-truncation-threshold to override the previous 1680 byte maximum response datagram size - no matter what EDNS0 said. Plus document it. * Implement udp-truncation-threshold to override the previous 1680 byte maximum response datagram size - no matter what EDNS0 said. * On shutdown, PowerDNS now attempts to stop all processes in its process group, especially useful for pipe/remotebackend users. Feature donated by Spotify. * Removed settings related to fancy records, as we haven't supported those since version 3.0 * Based on earlier work by Mark Zealey, Kees Monshouwer increased our packet cache performance between 200% and 500% depending on the situation, by simplifying some code in commit 801812e and commit 8403ade. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail URL: From peter.van.dijk at netherlabs.nl Fri Aug 1 11:54:02 2014 From: peter.van.dijk at netherlabs.nl (Peter van Dijk) Date: Fri, 1 Aug 2014 13:54:02 +0200 Subject: [Pdns-announce] [Pdns-dev] Authoritative Server 3.4.0 Release Candidate 1 In-Reply-To: <78DF248F-4FB9-4CAE-803B-345E5A68A621@netherlabs.nl> References: <78DF248F-4FB9-4CAE-803B-345E5A68A621@netherlabs.nl> Message-ID: Hello, it appeared I made a copy/paste error in the text-only changelog. Please refer to http://doc.powerdns.com/changelog.html#changelog-auth-3.4.0 for the full and correct list. Kind regards, -- Peter van Dijk Netherlabs Computer Consulting BV - http://www.netherlabs.nl/ On 01 Aug 2014, at 13:37 , Peter van Dijk wrote: > Hi everybody, > > Release Candidate 1 of the PowerDNS Authoritative Server 3.4.0 is available from: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail URL: