<div dir="ltr">Could pdns-recursor be made to compile with a specific path where the binary should be installed? I'd like mine installing to /usr/local/sbin/ as opposed to /usr/sbin</div><div class="gmail_extra"><br><br>
<div class="gmail_quote">On 5 April 2013 10:55, Peter van Dijk <span dir="ltr"><<a href="mailto:peter.van.dijk@netherlabs.nl" target="_blank">peter.van.dijk@netherlabs.nl</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
Hi everybody,<br>
<br>
Release Candidate 4 of the PowerDNS Recursor 3.5 is available from:<br>
<br>
source: <a href="http://powerdnssec.org/downloads/pdns-recursor-3.5-rc4.tar.bz2" target="_blank">http://powerdnssec.org/downloads/pdns-recursor-3.5-rc4.tar.bz2</a><br>
semistatic packages: <a href="http://powerdnssec.org/downloads/packages/
RHEL5/6" target="_blank">http://powerdnssec.org/downloads/packages/<br>
RHEL5/6</a> native: <a href="http://www.monshouwer.eu/download/3rd_party/pdns-recursor/rc4/" target="_blank">http://www.monshouwer.eu/download/3rd_party/pdns-recursor/rc4/</a><br>
<br>
You are cordially invited to (carefully) test this Release Candidate for<br>
correct behaviour.<br>
<br>
RC3 was skipped because the ever vigilant Winfried Angele spotted an<br>
issue with it even before we had fully released it!<br>
<br>
Full release notes, with clickable links, are available from:<br>
<a href="http://doc.powerdns.com/changelog.html#changelog-recursor-3-5" target="_blank">http://doc.powerdns.com/changelog.html#changelog-recursor-3-5</a><br>
<br>
Here is a text-only version:<br>
<br>
This is a stability, security and bugfix update to 3.3/<a href="http://3.3.1." target="_blank">3.3.1.</a> It contains<br>
important fixes for slightly broken domain names, which your users expect to<br>
work anyhow.<br>
<br>
[Note] Note<br>
Because a semi-sanctioned 3.4-pre was distributed for a long time, and<br>
people have come to call that 3.4, we are skipping an actual 3.4 release<br>
to avoid confusion.<br>
<br>
Changes between RC3 (unreleased) and RC4:<br>
<br>
* Winfried Angele spotted, even before release, that r3132 in RC3 broke<br>
outgoing IPv6 queries. We are grateful for his attention to detail! Fixed<br>
in r3141.<br>
<br>
Changes between RC2 and RC3 (unreleased):<br>
<br>
* Use private temp dir when running under systemd, thanks Morten Stevens and<br>
Ruben Kerkhof. Change in r3105.<br>
<br>
* NSD mistakenly compresses labels for RP and other types, violating a MUST<br>
in RFC 3597. Recursor does not decompress these labels, violating a SHOULD<br>
in RF3597. We now decompress these labels, and reportedly NSD will stop<br>
compressing them. Reported by Jan-Piet Mens, fixed in r3109.<br>
<br>
* When forwarding to another recursor, we would handle responses to ANY<br>
queries incorrectly. Spotted by Jan-Piet Mens, fixed in r3116, closes<br>
ticket 704.<br>
<br>
* Our local-nets definition (used as a default for some settings) now<br>
includes the networks from RFC 3927 and RFC 6598. Reported by Maik<br>
Zumstrull, fixed in r3122.<br>
<br>
* The RC1 change to stop using ANY queries to get A+AAAA for name servers in<br>
one go had a 5% performance impact. This impact is corrected in r3132.<br>
Thanks to Winfried Angele for measuring and reporting this. Closees ticket<br>
710.<br>
<br>
* New command 'rec_control dump-nsspeeds' will dump our NS speeds (latency)<br>
cache. Code in r3131.<br>
<br>
Changes between RC1 and RC2:<br>
<br>
* While Recursor 3.3 was not vulnerable to the specific attack noted in<br>
'Ghost Domain Names: Revoked Yet Still Resolvable', further investigation<br>
showed that a variant of the attack could work. This was fixed in r3085.<br>
This should also close the slightly bogus CVE-2012-1193. Closes ticket 668.<br>
<br>
* The auth-can-lower-ttl flag was removed, as it did not have any effect in<br>
most situations, and thus did not operate as advertised. We now always<br>
comply with the related parts of RFC 2181. Change in r3092, closing ticket<br>
88.<br>
<br>
Changes below are in RC1 (and up).<br>
<br>
New features:<br>
<br>
* The local zone server now understands wilcards, code in commit 2062.<br>
<br>
* The Lua postresolve and nodata hooks, that had been distributed as a<br>
'3.3-hooks' snapshot earlier, have been merged. Code in commit 2309.<br>
<br>
* A new feature, rec_control trace-regex allows the tracing of lookups for<br>
specific names. Code in commit 3044, commit 3073.<br>
<br>
* A new setting, export-etc-hosts-suffix, adds a configurable suffix to names<br>
imported from /etc/hosts. Code in commit 2544, commit 2545.<br>
<br>
Improvements:<br>
<br>
* We now throttle queries that don't work less agressively, code in commit<br>
1766.<br>
<br>
* Various improvements in tolerance against broken auths, code in commit 1996<br>
, commit 2188, commit 3074 (thanks Winfried).<br>
<br>
* Additional processing is now optional, and disabled by default. Presumably<br>
this yields a performance improvement. Change in commit 2542.<br>
<br>
* rec_control reload-lua-script now reports errors. Code in commit 2627,<br>
closing ticket 278.<br>
<br>
* rec_control help now lists commands. Code in commit 2628.<br>
<br>
* rec_control wipe-cache now also wipes the recursor's packet cache. Code in<br>
commit 2880 from ticket 333.<br>
<br>
* Morten Stevens contributed a systemd file. Import in commit 2966, now part<br>
of the recursor tarball.<br>
<br>
* commit 2990 updates the address of <a href="http://D.root-servers.net" target="_blank">D.root-servers.net</a>.<br>
<br>
* Winfried Angele implemented and documented the ipv6-questions metric. Merge<br>
in commit 3034, closing ticket 619.<br>
<br>
* We no longer use ANY to get A+AAAA for nameservers, because some auth<br>
operators have decided to break ANY lookups. As a bonus, we now track v4<br>
and v6 latency separately. Change in commit 3064.<br>
<br>
Bugs fixed:<br>
<br>
* Some unaligned memory access was corrected, code in commit 2060, commit<br>
2122, commit 2123, which would cause problems on UltraSPARC.<br>
<br>
* Garbage encountered during reload-acls could cause crashes. Fixed in commit<br>
2323, closing ticket 330.<br>
<br>
* The recursor would lose its root hints in a very rare situation. Corrected<br>
in commit 2380.<br>
<br>
* We did not always drop supplemental groups while dropping privileges.<br>
Reported by David Black of Atlassian, fixed in commit 2524.<br>
<br>
* Cache aging would sometimes get confused when we had a mix of expired and<br>
non-expired records in cache. Spotted and fixed by Winfried Angele in<br>
commit 3068, closing ticket 438.<br>
<br>
* rec_control reload-acl no longer ignores arguments. Fix in commit 3037,<br>
closing ticket 490.<br>
<br>
* Since we re-parse our commandline in rec_control we've been doubling the<br>
commands on the commandline, causing weird output. Reported by Winfried<br>
Angele. Fixed in commit 2992, closing ticket 618. This issue was not<br>
present in any officially released versions.<br>
<br>
* commit 2879 drops some spurious stderr logging from Lua scripts, and makes<br>
sure 'place' is always valid.<br>
<br>
* We would sometimes refuse to resolve domains with just one nameserver<br>
living at the apex. Fixed in commit 2817.<br>
<br>
* We would sometimes stick RRs in the wrong parts of response packets. Fixed<br>
in commit 2625.<br>
<br>
* The ACL parser was too liberal, sometimes causing recursors to be very<br>
open. Fixed in commit 2629, closing ticket 331.<br>
<br>
* rec_control now honours socket-dir from recursor.conf. Fixed in commit 2630<br>
.<br>
<br>
* When traversing CNAME chains, sometimes we would end up with multiple SOAs<br>
in the result. Fixed in commit 2633.<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)<br>
Comment: GPGTools - <a href="http://gpgtools.org" target="_blank">http://gpgtools.org</a><br>
<br>
iQIcBAEBAgAGBQJRXoMoAAoJENz1E/p+7RnzyJEP/AmXqDNnypJg87lTvdRzM857<br>
vN78yBCGSZ/pPFaJOXwxvYXRPLw41VIJHnf7x2XKm+S0l0wtIm2ptGwXM1gNdTM1<br>
GtWIGfFDS2H+UchG3DkMCqo/DhFD9jblKaRI7VlcYTLKyvSm5KDSsB+uwC5p1+CE<br>
xbpQmbM6hwMmhn7Hw307uYvWWOHAcJim2KnWzBPDvdRDCqaZaTKO/E1nDPdCl9Bm<br>
dUDX3fkPWOg8o2vX+RkU3fh11O7TL2Q8sP48SB0VCD9NKBY3ZDstGPy+cJreYZmc<br>
yPj6nynWh6DVjq88wDucAZ1RZlPkUj1zj4EsYkBdNyN/7SF0vKQlnApNjWlZXna9<br>
EVYHiuPmsra7aEuvFCd3QNvtsOQ68ZkiRRe/M11Lv0NcJkzDwNPcrA8HsK8eY47Q<br>
t1N0IoP1N4L9i6VDSk2dpNfRMVCElGKmV+83M/grMvH49RMOcWxLLB0ywUQQ+4JM<br>
Atzu4UUHrWPaVbbQbMm82LYk3HULcQtOZKxXpi9GA7gLSdFcogcnDP+vBj5irTDN<br>
r2pWpooL9aFemXHfZc4Z8DDfCZQVeuZqaUmtVYihp4/tVepww+74ADa8gXlJw8Ii<br>
rLJHsTMlZM4OKK0kpepuUuvN6u4iUDIqD9gw+kXoJPBO/4Oa3AiPAP1DEmqPxfDd<br>
ZH1h+srjJWod5vhMh9Bo<br>
=LZ8N<br>
-----END PGP SIGNATURE-----<br>
<br>
_______________________________________________<br>
Pdns-users mailing list<br>
<a href="mailto:Pdns-users@mailman.powerdns.com">Pdns-users@mailman.powerdns.com</a><br>
<a href="http://mailman.powerdns.com/mailman/listinfo/pdns-users" target="_blank">http://mailman.powerdns.com/mailman/listinfo/pdns-users</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br>Best regards,<br>Odhiambo WASHINGTON,<br>Nairobi,KE<br>+254733744121/+254722743223<br>"I can't hear you -- I'm using the scrambler."<br>
</div>