[Pdns-dev] Recursor 3.6.0 released
Peter van Dijk
peter.van.dijk at netherlabs.nl
Fri Jun 20 12:17:40 CEST 2014
Hi everybody,
version 3.6.0 of the PowerDNS Recursor is now available from
https://www.powerdns.com/downloads.html
Kees Monshouwer provides native RHEL5/6 packages at
http://www.monshouwer.eu/download/3rd_party/pdns-recursor/
Full release notes, with clickable links, are available from:
http://doc.powerdns.com/html/changelog.html#changelog-recursor-3.6.0
3.6.0 is the best version of the PowerDNS Recursor currently available, and we
recommend upgrading to it.
Here is a text-only version:
This is a performance, feature and bugfix update to 3.5/3.5.3.
It contains important fixes for slightly broken domain names,
which your users expect to work anyhow. It also brings robust
resilience against certain classes of attacks.
Changes between RC1 and release:
* g30b13ef: do not apply some of our filters to root and
gtlds, plus remove some useless {}
* gcc81d90: fix yahttp copy in dist-recursor for BSD cp
* gb798618: define __APPLE_USE_RFC_3542 during recursor build
on Darwin, fixes t1449
* g1d7f863: Merge pull request t1443 from
zeha/recursor-nostrip
* g5cdeede: remove (non-working) [aaaa-]additional-processing
flags from the recursor. Closes t1448
* g984d747: Support building recursor on kFreeBSD and Hurd
* g79240f1: Allow not stripping of binaries in recursor's
make install
* ge9c2ad3: document pdns.DROP for recursor, add policy-drops
metric for it
New features:
* gaadceba: Implement minimum-ttl-override config setting,
plus runtime configurability via 'rec_control
set-minimum-ttl'.
* Lots of work on the JSON API, which is exposed via Aki
Tuomi's 'yahttp'. Massive thanks to Christian Hofstaedtler
for delivering this exciting new functionality.
Documentation & demo forthcoming, but code to use it is
available on GitHub.
* Lua modules can now use 'pdnslog(INFO..'), as described in
t1074, implemented in g674a305
* Adopt any-to-tcp feature to the recursor. Based on a patch
by Winfried Angele. Closes t836, g56b4d21 and ge661a20.
* g2c78bd5: implement built-in statistics dumper using the
'carbon' protocol, which is also understood by metronome
(our mini-graphite). Use 'carbon-server', 'carbon-ourname'
and 'carbon-interval' settings.
* New setting 'udp-truncation-threshold' to configure from
how many bytes we should truncate. ga09a8ce.
* Proper support for CHaos class for CHAOS TXT queries.
gc86e1f2, addition for lua in gf94c53d, some warnings in
g438db54 however.
* Added support for Lua scripts to drop queries w/o further
processing. g0478c54.
* Kevin Holly added qtype statistics to recursor and
rec_control (get-qtypelist) (g79332bf)
* Add support for include-files in configuration, also reload
ACLs and zones defined in them (g829849d, g242b90e,
g302df81).
* Paulo Anes contributed server-down-max-fails which helps
combat Recursive DNS based amplification attacks. Described
in this post. Also comes with new metric
'failed-host-entries' in g406f46f.
* g21e7976: Implement "followCNAMERecords" feature in the Lua
hooks.
Improvements:
* g06ea901: make pdns-distributes-queries use a hash so
related queries get sent to the same thread. Original idea
by Winfried Angele. Astoundingly effective, approximately
halves CPU usage!
* gb13e737: --help now writes to stdout instead of stderr.
Thanks Winfried Angele.
* To aid in limiting DoS attacks, when truncating a response,
we actually truncate all the way so only the question
remains. Suggested in t1092, code in gadd935a.
* No longer experimental, the switch
'pdns-distributes-queries' can improve multi-threaded
performance on Linux (various cleanup commits).
* Update to embedded PolarSSL, plus remove previous AES
implementation and shift to PolarSSL (ge22d9b4, g990ad9a)
* g92c0733 moves various Lua magic constants into an enum
namespace.
* set group and supplementary groups before chroot (g6ee50ce,
t1198).
* g4e9a20e: raise our socket buffer setting so it no longer
generates a warning about lowering it.
* g4e9a20e: warn about Linux suboptimal IPv6 settings if we
detect them.
* SIGUSR2 turns on a 'trace' of all DNS traffic, a second
SIGUSR2 now turns it off again. g4f217ce.
* Various fixes for Lua 5.2.
* g81859ba: No longer attempt to answer questions coming in
from port 0, reply would not reach them anyhow. Thanks to
Niels Bakker and 'sid3windr' for insight & debugging.
Closes t844.
* gb1a2d6c: now, I'm not one to get OCD over things, but that
log message about stats based on 1801 seconds got to me.
1800 now.
Fixes:
* 0c9de4fc: stay away from getaddrinfo unless we really can't
help it for ascii ipv6 conversions to binary
* g08f3f63: fix average latency calculation, closing t424.
* g75ba907: Some of our counters were still 32 bits, now 64.
* g2f22827: Fix statistics and stability when running with
pdns-distributes-queries.
* g6196f90: avoid merging old and new additional data, fixes
an issue caused by weird (but probably legal) Akamai
behaviour
* g3a8a4d6: make sure we don't exceed the number of available
filedescriptors for mthreads. Raises performance in case of
DoS. See this post for further details.
* g7313fe6: implement indexed packet cache wiping for
recursor, orders of magnitude faster. Important when
reloading all zones, which causes massive cache cleaning.
* rec_control get-all would include 'cache-bytes' and
'packetcache-bytes', which were expensive operations, too
expensive for frequent polling. Removed in g8e42d27.
* All old workarounds for supporting Windows of the XP era
have been removed.
* Fix issues on S390X based systems which have unsigned
characters (g916a0fd)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.powerdns.com/pipermail/pdns-dev/attachments/20140620/2a536419/attachment.pgp>
More information about the Pdns-dev
mailing list