[Pdns-announce] One more PowerDNS Recursor 3.1.4 prerelease - contains important fixes

bert hubert bert.hubert at netherlabs.nl
Tue Nov 7 12:57:21 UTC 2006 

Hi everybody,

I've just made PowerDNS Recursor 3.1.4 pre 3 available on 
http://svn.powerdns.com/snapshots/3.1.4/

There are RPMs, DEBs for both i386 and AMD64/x86_64 available, as well as
source.

Compared to pre 2, this release contains an important fix that should solve
some of the crashes people have seen lately, you are highly advised to
upgrade to 3.1.4-pre3. It is likely that this version will be identical to
the final 3.1.4 release.

Thanks!

Bugs fixed:

  * On certain error conditions, PowerDNS would neglect to close a socket,
    which might therefore eventually run out. Spotted by Stefan Schmidt,
    fixed in commits 892, 897, 899.

  * Some nameservers (including PowerDNS in rare circumstances) emit a SOA
    record in the authority section. The recursor mistakenly interpreted
    this as an authoritative "NXRRSET". Spotted by Bryan Seitz, fixed in
    commit 893.

  * In some circumstances, PowerDNS could end up with a useless (not
    working, or no longer working) set of nameserver records for a domain.
    This release contains logic to invalidate such broken NSSETs, without
    overloading authoritative servers. This problem had previously been
    spotted by Bryan Seitz, 'Cerb' and Darren Gamble. Invalidations of
    NSSETs can be plotted using the "nsset-invalidations" metric,
    available through rec_control get. Implemented in commit 896 and
    commit 901.

  * PowerDNS could crash while dumping the cache using rec_control
    dump-cache. Reported by Wouter of WideXS and Stefan Schmidt and many
    others, fixed in commit 900.

  * Under rare circumstances (depleted TCP buffers), PowerDNS might send
    out incomplete questions to remote servers. Additionally, on
    big-endian systems (non-Intel and non-AMD generally), sending out
    large TCP answers questions would not work at all, and possibly crash.
    Brought to our attention by David Gavarret, fixed in commit 903.

  * The recursor contained the potential for a dead-lock processing an
    invalid domain name. It is not known how this might be triggered, but
    it has been observed by 'Cerb' on #powerdns. Several dead-locks where
    PowerDNS consumed all CPU, but did not answer questions, have been
    reported in the past few months. These might be fixed by commit 904.

  * IPv6 'allow-from' matching had problems with the least significant
    bits, sometimes allowing disallowed addresses, but mostly disallowing
    allowed addresses. Spotted by Wouter from WideXS, fixed in commit 916.

  * Large TCP questions followed by garbage could cause the recursor to
    crash.

Improvements:

  * PowerDNS has support to drop answers from so called 'delegation only'
    zones. A statistic ("dlg-only-drops") is now available to plot how
    often this happens. Implemented in commit 890.

  * Hint-file parameter was mistakenly named "hints-file" in the
    documentation. Spotted by my Marco Davids, fixed in commit 898.

  * rec_control quit should be near instantaneous now, as it no longer
    meticulously cleans up memory before exiting. Problem spotted by
    Darren Gamble, fixed in commit 914, closing ticket 84.

  * init.d script no longer refers to the Recursor as the Authoritative
    Server. Spotted by Wouter of WideXS, fixed in commit 913.

-- 
http://www.PowerDNS.com      Open source, database driven DNS Software 
http://netherlabs.nl              Open and Closed source services

More information about the Pdns-announce mailing list