[dnsdist] PowerDNS Year 2016 in review

bert hubert bert.hubert at powerdns.com
Tue Dec 27 13:01:44 UTC 2016


Hi everyone,

We just posted "PowerDNS: 2016 in review" in our blog, https://blog.powerdns.com/2016/12/27/powerdns-2016-in-review/

Text version, which lacks clickable links, is below. But for best results, try the blog!

As 2016 draws to a close, we’d like to share a few words on what has been
achieved over the past year, our second year within Open-Xchange.  This post
will cover both our technical and commercial efforts, including the PowerDNS
Platform which provides per-subscriber malware filtering & parental control. 
And, we are hiring!

At the end of 2015, we released ‘Technology Preview Releases’ of PowerDNS
Authoritative Server 4, PowerDNS Recursor 4 and dnsdist 1.0.  This was done
to somewhat keep our promise of releasing those versions in 2015, but fell
short of what we had hoped to achieve.

Now at the end of 2016 the news is a lot better. The actual 4.0 and 1.0
(dnsdist) releases have happened and are being deployed far faster than we’d
been hoping for.  This is probably due to some of the exciting new features:

* RPZ for security & DNS filtering purposes (including IXFR)
* dnsdist for reliability, flexibility and DoS protection
* pdnsutil edit-zone for a pretty awesome way to edit DNS zones
* DNSSEC validation in Recursor
* Vastly more powerful Lua engines
* ALIAS record type that now powers many of the .GOV search engines DNSSEC (including the White House!)

A notable DNSSEC deployment is over at our friends of xs4all who not only
sign all their customer domains with the PowerDNS Authoritative Server, but
recently have also turned on validation on their PowerDNS Recursors for
their large userbase.

4.0 and dnsdist were both part of a ‘spring cleaning’ exercise. It is good
to realize how rare it is for a software project to go through such an
exercise.  4.0 and dnsdist are based on a much cleaned up and improved
codebase.

We are also very grateful for our community that stepped up to contribute to
4.x in the form of code, great bug reports, design ideas, documentation and
actual bug fixes.  Our meagre offering of ‘PowerDNS Crew’ mugs is the least
we could do!

Some stats that bear out the community involvement: In 2016, our Github
repository was forked over a 100 times, yielding almost a 1000 Pull Requests
most of which were merged, for a total of over 2500 new commits.  These
commits closed 1300 issue tickets.

As you may recall, since 2015 PowerDNS is part of OX, together with our
cousins from Dovecot.  When we announced the merger, some voiced fear about
what this would mean for PowerDNS.  We can now safely say that the state of
the PowerDNS source in 2016 is way stronger than it was in 2015.

Besides finishing the spring cleaning of our open source products, 2016 also
saw the release of the PowerDNS Platform which, unusually for us, is not
fully open source.  We explained this in our blog post as follows:

"Putting it more strongly: we have learned that many organizations simply no
 longer have the time or desire to assemble all the technologies themselves
 around our Open Source products.

 We will therefore be marketing the additional functionalities we have been
 delivering to our customers as a product tentatively called the “PowerDNS
 Platform”

 The “PowerDNS Platform” as we ship it consists of our core unmodified Open
 Source products, plus loads of other open source technologies, combined with
 a management shell that is not an Open Source product that we’ll in fact
 sell."

The PowerDNS Platform is described here. Feedback on the move to supply the
Platform has been good, both from our commercial users and from the PowerDNS
development and wider DNS community, for which we are grateful.

Now at the end of 2016 we can report that the PowerDNS Platform has been
selected to provide a malware & parental control enabled DNS solution for
over 10 million Internet subscribers in Europe.  We will be displacing a
fully closed solution, which is a win for an open internet.

In addition, this commercial progress provides a healthy & sustainable basis
on which to continue to develop the PowerDNS nameservers and dnsdist.

POWERDNS.ORG

We have regained control over powerdns.org. As outlined in our blogpost:

"Recently we decided it was time to get the .org back anyhow and after
negotiating for a few days we finally paid up, and shortly after that we
were back in control of powerdns.org, at a cost of $1000."

This personally left me with a bad aftertaste since effectively we have paid a chain of people that specialise in taking over domains for ransom purposes.

To compensate for all this, we’ve decided to donate €1000 to the Doctors without Borders charity."

MUGS

We have shipped close to 500 PowerDNS Release mugs to contributors, friends
and conference visitors.  If you missed out on our giveaway, you can order
PowerDNS mugs online from our friends over at Mugbug, who have been an
absolute joy to work with.

ROOT-SERVER SPEEDUP

We also had a good time working with the fine people of the RIPE NCC. Anand
Buddhdev there decided to do some benchmarking to determine the root-server
suitability of a bunch of nameservers.  And lo, during his testing, he found
that PowerDNS 4.0 was not very suitable.  After a good month of
investigations & improvements, we managed to achieve a 400% speedup in the
PowerDNS Authoritative Server which actually also helped the PowerDNS
Recursor.

We shared our learnings on modern optimization in this Medium post which at
>10k visits is the second best read post we have ever done.  These speedups
will be available in the 4.1 releases of our software.

PEOPLE

PowerDNS grew this year! Open-Xchange gained a product manager (Alexander
ter Haar) and we are also benefiting greatly from Nico Cartron (previously
of EfficientIP) and Andrea Tosatto who are helping with automation,
deployability and pre-sales work.  In addition, we continue to work happily
with members of the extended PowerDNS family who we contract with for
development, training, documentation and professional services.

But.. it is not enough. We are still looking for two permanent positions,
one in professional services, one in front-end development with a smattering
of backend.  For more details, please head to our careers page.

FINALLY

Thank you for being involved with PowerDNS, the software and the community.
Reading this post to the end means you really care. :-)

We wish you a great 2017!



More information about the dnsdist mailing list