[dnsdist] PowerDNS End-of-Year post
bert.hubert at powerdns.com
Fri Dec 29 13:07:26 UTC 2017
HTML version with clickable links:
2017 has been a great year for PowerDNS and Open-Xchange. In this post, we
want to thank everyone that contributed, and highlight some specific things
we are happy about.
* HackerOne bug bounty program
After some initial problems with over-reporting of non-issues, our
experience with HackerOne is awesome right now. We are very happy we have a
clean process for receiving and rewarding security bugs. Various PowerDNS
security releases this year have originated as HackerOne reports.
* Our community
PowerDNS continues to be a vibrant community. Our IRC channel has around
240 members, our mailing lists have 1225 subscribers. Even though we are
now tougher in enforcing our ‘support, out in the open‘ policies, we
continue to see many user queries being resolved every day, often leading to
improvements in PowerDNS.
As in earlier years, 2017 has seen huge contributions from the community,
not only in terms of small patches or constructive bug reports, but also in
the revamping of whole subsystems. Specifically Kees Monshouwer was so
important for Authoritative Server 4.1 that we would not have been able to
do it without him. We hope to continue as a healthy community in 2018!
* Facebook bug bounty program
PowerDNS is an active participant in keeping the internet secure. As part
of our work we found a potential security problem in an important Facebook
product which we reported to the their bug bounty program. The bug was
fixed quickly, and led to an award of $1500, with the option to turn that
into a $3000 charitable donation. We have done so and supported Doctors
without Borders in their work.
* Our Open Source DNS friends
The DNS community is tight, and it has to be: all our software has to
interoperate. New standards are developed cooperatively and problems are
discussed together. We love the friendly competition that we have with our
friends of CZNIC (Knot, Knot Resolver), ISC (BIND), NLNetLabs (NSD, Unbound,
libraries) and others.
To a huge extent, DNS is exclusively Open Source software, sometimes
repackaged and rebadged by commercial companies that close down that Open
Source software again.
PowerDNS is proud to be part of the open DNS community, and we are grateful
for the smooth & fun cooperation we experienced in 2017!
Since 2015, PowerDNS has been part of Open-Xchange, previously mostly known
for the OX AppSuite email platform. The famous Dovecot IMAP project also
joined Open-Xchange in 2015. The goal of these mergers was to allow us to
focus on technology, while getting the legal, sales and marketing support to
get our software out there.
In 2017 we have truly started to harvest the fruits of the merger, by
simultaneously delivering important software releases as well as satisfying
the needs of some very large new deployments.
We are very happy that PowerDNS not only survived the merger, but is now an
important part of Open-Xchange, where we contribute to the mission of
keeping the internet open.
* Our users
Even without or before contributing codes, operators can improve PowerDNS
through great bug reports. We specifically want to thank Quad9 (a
collaboration of Packet Clearing House, IBM and the Global Cyber Alliance)
for taking a year long journey with us with dnsdist and Recursor “straight
from GitHub”. Deployments sharing their experiences and problems with the
PowerDNS community are vital to creating quality reliable software. Thanks!
* Mattermost, the Open Source private Slack Alternative
As PowerDNS grows, we could no longer rely solely on IRC as our
communication channel with developers, users and customers. Instead of
moving to a third party cloud service that admits to datamining
communications, we are very happy to host our own Mattermost instance. And
because of PowerDNS user & contributor @42Wim, we can continue our IRC habit
* 4.1 evolution, dnsdist
In 2016 we released the 4.0 versions of the PowerDNS Authoritative Server
and Recursor. As you may recall, the 4.0 releases represented a giant
cleanup from the decade old frameworks found in 3.x. The 4.0 versions were
a step ahead in functionality and sometimes performance, but the true gains
of the new fresher codebase have now been realized in the 4.1 releases.
4.1 represents a big overhaul in caching (both Recursor and Authoritative)
and DNSSEC processing (mostly Recursor). Both of these overhauls have been
tested over the year by large PowerDNS deployments, and the huge amount of
feedback has delivered a near flawless “battle tested” 4.1 release.
Specifically xs4all and two huge European incumbent operators have been
instrumental in maturing dnsdist and our 4.1-era DNSSEC and EDNS Client
* On to 2018!
In 2018 we hope to continue to improve our software and the state of the
internet. See you there!
More information about the dnsdist