[Pdns-dev] Recursor 3.6.0 released

Peter van Dijk peter.van.dijk at netherlabs.nl
Fri Jun 20 12:17:40 CEST 2014


Hi everybody,

version 3.6.0 of the PowerDNS Recursor is now available from
https://www.powerdns.com/downloads.html

Kees Monshouwer provides native RHEL5/6 packages at
http://www.monshouwer.eu/download/3rd_party/pdns-recursor/

Full release notes, with clickable links, are available from:
http://doc.powerdns.com/html/changelog.html#changelog-recursor-3.6.0

3.6.0 is the best version of the PowerDNS Recursor currently available, and we
recommend upgrading to it.

Here is a text-only version:

   This is a performance, feature and bugfix update to 3.5/3.5.3.
   It contains important fixes for slightly broken domain names,
   which your users expect to work anyhow. It also brings robust
   resilience against certain classes of attacks.

   Changes between RC1 and release:
     * g30b13ef: do not apply some of our filters to root and
       gtlds, plus remove some useless {}
     * gcc81d90: fix yahttp copy in dist-recursor for BSD cp
     * gb798618: define __APPLE_USE_RFC_3542 during recursor build
       on Darwin, fixes t1449
     * g1d7f863: Merge pull request t1443 from
       zeha/recursor-nostrip
     * g5cdeede: remove (non-working) [aaaa-]additional-processing
       flags from the recursor. Closes t1448
     * g984d747: Support building recursor on kFreeBSD and Hurd
     * g79240f1: Allow not stripping of binaries in recursor's
       make install
     * ge9c2ad3: document pdns.DROP for recursor, add policy-drops
       metric for it

   New features:
     * gaadceba: Implement minimum-ttl-override config setting,
       plus runtime configurability via 'rec_control
       set-minimum-ttl'.
     * Lots of work on the JSON API, which is exposed via Aki
       Tuomi's 'yahttp'. Massive thanks to Christian Hofstaedtler
       for delivering this exciting new functionality.
       Documentation & demo forthcoming, but code to use it is
       available on GitHub.
     * Lua modules can now use 'pdnslog(INFO..'), as described in
       t1074, implemented in g674a305
     * Adopt any-to-tcp feature to the recursor. Based on a patch
       by Winfried Angele. Closes t836, g56b4d21 and ge661a20.
     * g2c78bd5: implement built-in statistics dumper using the
       'carbon' protocol, which is also understood by metronome
       (our mini-graphite). Use 'carbon-server', 'carbon-ourname'
       and 'carbon-interval' settings.
     * New setting 'udp-truncation-threshold' to configure from
       how many bytes we should truncate. ga09a8ce.
     * Proper support for CHaos class for CHAOS TXT queries.
       gc86e1f2, addition for lua in gf94c53d, some warnings in
       g438db54 however.
     * Added support for Lua scripts to drop queries w/o further
       processing. g0478c54.
     * Kevin Holly added qtype statistics to recursor and
       rec_control (get-qtypelist) (g79332bf)
     * Add support for include-files in configuration, also reload
       ACLs and zones defined in them (g829849d, g242b90e,
       g302df81).
     * Paulo Anes contributed server-down-max-fails which helps
       combat Recursive DNS based amplification attacks. Described
       in this post. Also comes with new metric
       'failed-host-entries' in g406f46f.
     * g21e7976: Implement "followCNAMERecords" feature in the Lua
       hooks.

   Improvements:
     * g06ea901: make pdns-distributes-queries use a hash so
       related queries get sent to the same thread. Original idea
       by Winfried Angele. Astoundingly effective, approximately
       halves CPU usage!
     * gb13e737: --help now writes to stdout instead of stderr.
       Thanks Winfried Angele.
     * To aid in limiting DoS attacks, when truncating a response,
       we actually truncate all the way so only the question
       remains. Suggested in t1092, code in gadd935a.
     * No longer experimental, the switch
       'pdns-distributes-queries' can improve multi-threaded
       performance on Linux (various cleanup commits).
     * Update to embedded PolarSSL, plus remove previous AES
       implementation and shift to PolarSSL (ge22d9b4, g990ad9a)
     * g92c0733 moves various Lua magic constants into an enum
       namespace.
     * set group and supplementary groups before chroot (g6ee50ce,
       t1198).
     * g4e9a20e: raise our socket buffer setting so it no longer
       generates a warning about lowering it.
     * g4e9a20e: warn about Linux suboptimal IPv6 settings if we
       detect them.
     * SIGUSR2 turns on a 'trace' of all DNS traffic, a second
       SIGUSR2 now turns it off again. g4f217ce.
     * Various fixes for Lua 5.2.
     * g81859ba: No longer attempt to answer questions coming in
       from port 0, reply would not reach them anyhow. Thanks to
       Niels Bakker and 'sid3windr' for insight & debugging.
       Closes t844.
     * gb1a2d6c: now, I'm not one to get OCD over things, but that
       log message about stats based on 1801 seconds got to me.
       1800 now.

   Fixes:
     * 0c9de4fc: stay away from getaddrinfo unless we really can't
       help it for ascii ipv6 conversions to binary
     * g08f3f63: fix average latency calculation, closing t424.
     * g75ba907: Some of our counters were still 32 bits, now 64.
     * g2f22827: Fix statistics and stability when running with
       pdns-distributes-queries.
     * g6196f90: avoid merging old and new additional data, fixes
       an issue caused by weird (but probably legal) Akamai
       behaviour
     * g3a8a4d6: make sure we don't exceed the number of available
       filedescriptors for mthreads. Raises performance in case of
       DoS. See this post for further details.
     * g7313fe6: implement indexed packet cache wiping for
       recursor, orders of magnitude faster. Important when
       reloading all zones, which causes massive cache cleaning.
     * rec_control get-all would include 'cache-bytes' and
       'packetcache-bytes', which were expensive operations, too
       expensive for frequent polling. Removed in g8e42d27.
     * All old workarounds for supporting Windows of the XP era
       have been removed.
     * Fix issues on S390X based systems which have unsigned
       characters (g916a0fd)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.powerdns.com/pipermail/pdns-dev/attachments/20140620/2a536419/attachment.pgp>


More information about the Pdns-dev mailing list