<div dir="ltr">Thanks, but the bug that makes it ignore CONFIGDIR was not addressed.<div style>It's not a show-stopper though.</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On 15 April 2013 12:33, Peter van Dijk <span dir="ltr"><<a href="mailto:peter.van.dijk@netherlabs.nl" target="_blank">peter.van.dijk@netherlabs.nl</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
Hi everybody,<br>
<br>
version 3.5 of the PowerDNS Recursor is now available from<br>
<a href="https://www.powerdns.com/downloads.html" target="_blank">https://www.powerdns.com/downloads.html</a><br>
<br>
Kees Monshouwer provides native RHEL5/6 packages at<br>
<a href="http://www.monshouwer.eu/download/3rd_party/pdns-recursor/" target="_blank">http://www.monshouwer.eu/download/3rd_party/pdns-recursor/</a><br>
<br>
Full release notes, with clickable links, are available from:<br>
<a href="http://doc.powerdns.com/changelog.html#changelog-recursor-3-5" target="_blank">http://doc.powerdns.com/changelog.html#changelog-recursor-3-5</a><br>
<br>
3.5 is the best version of the PowerDNS Recursor currently available, and we<br>
recommend upgrading to it.<br>
<br>
Here is a text-only version:<br>
<br>
This is a stability, security and bugfix update to 3.3/<a href="http://3.3.1." target="_blank">3.3.1.</a> It contains<br>
important fixes for slightly broken domain names, which your users expect to<br>
work anyhow.<br>
<br>
[Note] Note<br>
Because a semi-sanctioned 3.4-pre was distributed for a long time, and<br>
people have come to call that 3.4, we are skipping an actual 3.4 release<br>
to avoid confusion.<br>
<br>
Changes between RC5 and the final 3.5 release:<br>
<br>
* Winfried Angele reported that restarting a very busy recursor could lead to<br>
crashes. Fixed in r3153, closing ticket 735.<br>
<br>
Changes between RC4 and RC5:<br>
<br>
* Bernd-René Predota of Liberty Global reported that Recursor 3.3 would treat<br>
empty non-AA NOERROR responses as authoritative NXDATA responses. This bug<br>
turned out to be in 3.5-RC4 too. Fixed in r3146, related to ticket 731.<br>
<br>
Changes between RC3 (unreleased) and RC4:<br>
<br>
* Winfried Angele spotted, even before release, that r3132 in RC3 broke<br>
outgoing IPv6 queries. We are grateful for his attention to detail! Fixed<br>
in r3141.<br>
<br>
Changes between RC2 and RC3 (unreleased):<br>
<br>
* Use private temp dir when running under systemd, thanks Morten Stevens and<br>
Ruben Kerkhof. Change in r3105.<br>
<br>
* NSD mistakenly compresses labels for RP and other types, violating a MUST<br>
in RFC 3597. Recursor does not decompress these labels, violating a SHOULD<br>
in RF3597. We now decompress these labels, and reportedly NSD will stop<br>
compressing them. Reported by Jan-Piet Mens, fixed in r3109.<br>
<br>
* When forwarding to another recursor, we would handle responses to ANY<br>
queries incorrectly. Spotted by Jan-Piet Mens, fixed in r3116, closes<br>
ticket 704.<br>
<br>
* Our local-nets definition (used as a default for some settings) now<br>
includes the networks from RFC 3927 and RFC 6598. Reported by Maik<br>
Zumstrull, fixed in r3122.<br>
<br>
* The RC1 change to stop using ANY queries to get A+AAAA for name servers in<br>
one go had a 5% performance impact. This impact is corrected in r3132.<br>
Thanks to Winfried Angele for measuring and reporting this. Closees ticket<br>
710.<br>
<br>
* New command 'rec_control dump-nsspeeds' will dump our NS speeds (latency)<br>
cache. Code in r3131.<br>
<br>
Changes between RC1 and RC2:<br>
<br>
* While Recursor 3.3 was not vulnerable to the specific attack noted in<br>
'Ghost Domain Names: Revoked Yet Still Resolvable', further investigation<br>
showed that a variant of the attack could work. This was fixed in r3085.<br>
This should also close the slightly bogus CVE-2012-1193. Closes ticket 668.<br>
<br>
* The auth-can-lower-ttl flag was removed, as it did not have any effect in<br>
most situations, and thus did not operate as advertised. We now always<br>
comply with the related parts of RFC 2181. Change in r3092, closing ticket<br>
88.<br>
<br>
Changes below are in RC1 (and up).<br>
<br>
New features:<br>
<br>
* The local zone server now understands wilcards, code in commit 2062.<br>
<br>
* The Lua postresolve and nodata hooks, that had been distributed as a<br>
'3.3-hooks' snapshot earlier, have been merged. Code in commit 2309.<br>
<br>
* A new feature, rec_control trace-regex allows the tracing of lookups for<br>
specific names. Code in commit 3044, commit 3073.<br>
<br>
* A new setting, export-etc-hosts-suffix, adds a configurable suffix to names<br>
imported from /etc/hosts. Code in commit 2544, commit 2545.<br>
<br>
Improvements:<br>
<br>
* We now throttle queries that don't work less agressively, code in commit<br>
1766.<br>
<br>
* Various improvements in tolerance against broken auths, code in commit 1996<br>
, commit 2188, commit 3074 (thanks Winfried).<br>
<br>
* Additional processing is now optional, and disabled by default. Presumably<br>
this yields a performance improvement. Change in commit 2542.<br>
<br>
* rec_control reload-lua-script now reports errors. Code in commit 2627,<br>
closing ticket 278.<br>
<br>
* rec_control help now lists commands. Code in commit 2628.<br>
<br>
* rec_control wipe-cache now also wipes the recursor's packet cache. Code in<br>
commit 2880 from ticket 333.<br>
<br>
* Morten Stevens contributed a systemd file. Import in commit 2966, now part<br>
of the recursor tarball.<br>
<br>
* commit 2990 updates the address of <a href="http://D.root-servers.net" target="_blank">D.root-servers.net</a>.<br>
<br>
* Winfried Angele implemented and documented the ipv6-questions metric. Merge<br>
in commit 3034, closing ticket 619.<br>
<br>
* We no longer use ANY to get A+AAAA for nameservers, because some auth<br>
operators have decided to break ANY lookups. As a bonus, we now track v4<br>
and v6 latency separately. Change in commit 3064.<br>
<br>
Bugs fixed:<br>
<br>
* Some unaligned memory access was corrected, code in commit 2060, commit<br>
2122, commit 2123, which would cause problems on UltraSPARC.<br>
<br>
* Garbage encountered during reload-acls could cause crashes. Fixed in commit<br>
2323, closing ticket 330.<br>
<br>
* The recursor would lose its root hints in a very rare situation. Corrected<br>
in commit 2380.<br>
<br>
* We did not always drop supplemental groups while dropping privileges.<br>
Reported by David Black of Atlassian, fixed in commit 2524.<br>
<br>
* Cache aging would sometimes get confused when we had a mix of expired and<br>
non-expired records in cache. Spotted and fixed by Winfried Angele in<br>
commit 3068, closing ticket 438.<br>
<br>
* rec_control reload-acl no longer ignores arguments. Fix in commit 3037,<br>
closing ticket 490.<br>
<br>
* Since we re-parse our commandline in rec_control we've been doubling the<br>
commands on the commandline, causing weird output. Reported by Winfried<br>
Angele. Fixed in commit 2992, closing ticket 618. This issue was not<br>
present in any officially released versions.<br>
<br>
* commit 2879 drops some spurious stderr logging from Lua scripts, and makes<br>
sure 'place' is always valid.<br>
<br>
* We would sometimes refuse to resolve domains with just one nameserver<br>
living at the apex. Fixed in commit 2817.<br>
<br>
* We would sometimes stick RRs in the wrong parts of response packets. Fixed<br>
in commit 2625.<br>
<br>
* The ACL parser was too liberal, sometimes causing recursors to be very<br>
open. Fixed in commit 2629, closing ticket 331.<br>
<br>
* rec_control now honours socket-dir from recursor.conf. Fixed in commit 2630<br>
.<br>
<br>
* When traversing CNAME chains, sometimes we would end up with multiple SOAs<br>
in the result. Fixed in commit 2633.<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)<br>
Comment: GPGTools - <a href="http://gpgtools.org" target="_blank">http://gpgtools.org</a><br>
<br>
iQIcBAEBAgAGBQJRa8ibAAoJENz1E/p+7Rnz1GgQAK/47oeP3XtMyb0zJN4eqk/5<br>
XcWjM0129kltmDqtJy3GTXAAGZCwmHMNaT4E7TFuaFqr+b7Iqj/QJzY17augOvIH<br>
/I6AsXOSrnYofKdwnwM9SDlorJ4xnfc6AMF6KMLUlxndDWoupcHNDKIMH4SV7AdW<br>
DHxc888bBqyC326VR+7Jh3d083W5+TUvctPKeZrSayuXVhdu6ZTNJSlBJ/H5hasV<br>
H73AzRdogQvSALjCY/SKuvBcX6WPZhoJcSSf/gkLaxF6BxTibtQVyYzFfP3E7RZ4<br>
XnWVKZeFs3+yyvLbCJnxe9sIhVSNEA2JNxKZK4crBfVM8eArlSHxMqG6JzBpVu+B<br>
AIDgrJy+qRLCeD+ekTUrcA/ePNuotKkWD77NZE1fPZt1uYEiwzpxdgBYcHBXEno9<br>
9VBrSoU7AePD7zgcHLCvpwEjL9xvLZFciPqHzi4yxKPp746rj12OhPS5wvHlNzTR<br>
WGg+oGuxfB79SeuY1BJ46DQTPlXJSEGTctN2SNVvwpjmLukwcPHQbTUqisBANnMW<br>
QpiLYzEvLbnsQQNp3spkw+cQ/hhdh9C20uaOna8qIlXE0AVy5TD9wY/xBzgWvHKa<br>
3dK/YJ02M2xKgXzA5eP4eW0cR2/UhJ2hruIhooghQslycKhMu+OxMEb4k5uiKiZS<br>
4Gj7OH5hABOEaa8gjSs/<br>
=S/r3<br>
-----END PGP SIGNATURE-----<br>
<br>
_______________________________________________<br>
Pdns-users mailing list<br>
<a href="mailto:Pdns-users@mailman.powerdns.com">Pdns-users@mailman.powerdns.com</a><br>
<a href="http://mailman.powerdns.com/mailman/listinfo/pdns-users" target="_blank">http://mailman.powerdns.com/mailman/listinfo/pdns-users</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br>Best regards,<br>Odhiambo WASHINGTON,<br>Nairobi,KE<br>+254733744121/+254722743223<br>"I can't hear you -- I'm using the scrambler."<br>
</div>