[Pdns-announce] Now is the time to test the 2.9.21 snapshots + release notes.

bert hubert bert.hubert at netherlabs.nl
Mon Apr 9 12:39:22 UTC 2007

Hi everybody,

Somewhere in the coming 2 weeks, we will release the PowerDNS Authoritative
Server version 2.9.21.

While slight issues remain to be worked out, the bulk of the bugs reported
for 2.9.20 have been fixed.

Most importantly, the current snapshot (1023) now has binary packages (db
and rpm) that are compatible with all current Linux distributions again,
which our previous binary packages were not.

Please find tar.gz, deb and rpm on: http://svn.powerdns.com/snapshots/1023/

It is very important that people test the 2.9.21 snapshots so we can
guarantee a very high level of quality once the actual release comes round.
Also, if you spot problems now, we are ready to fix them instantly. Once the
release happens, we might be too busy to cater to everybody immediately.

Here are the release notes as text. Far prettier release notes, with
clickable links to all changes, are available on

 This is the first release the PowerDNS Authoritative Server since the
 Recursor was split off to a separate product, and also marks the transfer
 of the new technology developed specifically for the recursor, back to the
 authoritative server.
 This move has reduced the amount of code of the Authoritative server by
 over 2000 lines, while improving the quality of the program enormously.
 However, since so much has been changed, care should be taken when
 deploying 2.9.21.
 To signify the magnitude of the underlying improvements, the next release
 of the PowerDNS Authoritative Server will be called 3.0.
 This release would not have been possible without large amounts of help
 and support from the PowerDNS Community. We specifically want to thank
 Massimo Bandinelli of Italy's Register.it, Dave Aaldering of Aaldering
 ICT, True BV, XS4ALL, Daniel Bilik of Neosystem, EasyDNS, Augie Schwer,
 Mark Bergsma, Marcus Rueckert of OpenSUSE, Andre Muraro of Locaweb, Antony
 Lesuisse, Norbert Sendetzky, Marco Chiavacci, and Ruben Kerkhof.

 Security issues:

  * The previous packet parsing and generating code contained no known
    bugs, but was however very lengthy and overly complex, and might have
    had security problems. The new code is 'inherently safe' because it
    relies on bounds-checking C++ constructs. Therefore, a move to 2.9.21
    is highly recommened.

  * Pre-2.9.21, communication between master and server nameservers was
    not checked as rigidly as possible, possibly allowing third parties to
    disrupt but not modify such communications.

 Warning The 'bind1' legacy version of our BIND backend has been dropped!   
        There should be no need to rely on this old version anymore, as    
        the main BIND backend has been very well tested recently.          


  * Multi-part TXT records weren't supported. This has been fixed, and
    regression tests have been added. Code in commits 1016, 996, 994.

  * Our snapshots were built against a static version of PosgreSQL that
    was incompatible with many Linux distributions, leading to instant
    crashes on startup. Fixed in 1022 and 1023.

  * CNAME referrals to child zones gave improper responses. Noted by Augie
    Schwer in ticket 123, fixed in commit 992.

  * NS to a nameserver with the name of the zone itself generated
    problems. Spotted by Augie Schwer, fixed in commit 947.

  * Multi-line records in the BIND backend were not always parsed
    correctly. Fixed in commit 1014.

  * The LOC-record had problems operating outside of the eastern
    hemisphere of the northern part of the world! Fixed in commit 1011.

  * Backends were compiled without multithreading preprocessor flags. As
    far as we can determine, this would only cause problems for the BIND
    backend, but we cannot rule out this caused instability in other
    backends. Fixed in commit 1001.

  * The BIND backend was highly unstable under reloads, and leaked memory
    and file descriptors. Thanks to Mark Bergsma and Massimo Bandinelli
    for respectively pointing this out to us and testing large amounts of
    patches to fix the problem. The fixes have resulted in better
    performance, less code, and a remarkable simplification of this
    backend. commit 1006, commit 999, commit 905 and previous.

  * BIND backend gave convincing NXDOMAINS on unloaded zones in some
    cases. Spotted and fixed by Daniel Bilik in commit 984.

  * SOA records in zone transfers sometimes contained the wrong SOA TTL.
    Spotted by Christian Kuehn, fixed in commit 902.

  * PowerDNS could get confused by very high SOA serial numbers. Spotted
    and fixed by Dan Billik, fixed in commit 626.

  * Some versions of FreeBSD perform very strict checks on socket address
    sizes passed to 'connect', which could lead to problems retrieving
    zones over AXFR. Fixed in commit 891.

  * Some versions of FreeBSD perform very strict checks on IPv6 socket
    addresses, leading to problems. Discovered by Sten Spans, fixed in
    commit 885 and commit 886.

  * IXFR requests were not logged properly. Noted by Ralf van der Enden,
    fixed in commit 990.

  * Many bugs in the TCP nameserver, leading to a PowerDNS process that
    did not respond to TCP queries over time. Many fixes provided by Dan
    Bilik, other problems were fixed by rewriting our TCP handling code.
    Commits 982 and 980, 950, 924, 889, 874, 869, 685, 684.

  * Fix crashes on the ARM processor due to alignment errors. Thanks to
    Sjoerd Simons. Closes Debian bug 397031.

  * Missing data in generic SQL backends would sometimes lead to faked SOA
    serial data. Spotted by Leander Lakkas from True. Fix in commit 866.

  * When receiving two quick notifications in succession, the packet cache
    would sometimes "process" the second one, leading PowerDNS to ignore
    it. Spotted by Dan Bilik, fixed in commit 686.

  * Geobackend (by Mark Bergsma) did not properly override the getSOA
    method, breaking non-overlay operation of this fine backend. The
    geobackend now also skips '.hidden' configuration files, and now
    properly disregards empty configuration files. Additionally, the
    overlapping abilities were improved. Details available in commit 876,
    by Mark.


  * Thanks to EasyDNS, PowerDNS now supports multiple masters per domain.
    Implemented in commit 1018, commit 1017.

  * Thanks to EasyDNS, PowerDNS now supports the KEY record type, as well
    the SPF record. In commit 976.

  * Added support for CERT, SSHFP, DNSKEY, DS, NSEC, RRSIG record types,
    as part of the move to the new DNS parsing/generating code.

  * Support for the AFSDB record type, as requested by 'Bastian'.
    Implemented in commit 978, closing ticket 129.

  * Support for the MR record type. Implemented in commit 941 and commit

  * Gsqlite3 backend was added by Antony Lesuisse in commit 942;

  * Added the ability to send out light-weight root-referrals that save
    bandwidth yet still placate mediocre resolver implementations.
    Implemented in commit 912, enable with 'root-referral=lean'.


  * Miscellaneous OpenDBX and LDAP backend improvements by Norbert
    Sendetzky. Applied in commit 977.

  * SGML source of the documentation was cleaned up by Ruben Kerkhof in
    commit 936.

  * Speedups in core DNS label processing code. Implemented in commit 928,
    commit 654, commit 1020.

  * When communicating with master servers and encountering errors, more
    useful details are logged. Reported by Stefan Arentz in ticket 137,
    closed by commit 1015.

  * Database errors are now logged with more details. Addressed in commit

  * pdns_control problems are now logged more verbosely. Change in commit

  * Erroneous address configuration was logged unclearly. Spotted by River
    Tarnell, fixed in commit 888.

  * Example configuration shipped with PowerDNS was very old. Noted by
    Leen Besselink, fixed in commit 946.

  * PowerDNS neglected to chdir to the root when chrooted. This closes
    ticket 110, fixed in commit 944.

  * Microsoft resolver had problems with responses we generated for CNAMEs
    pointing out of our bailiwick. Fixed in commit 983 and expedited by

  * Built-in webserver logs errors more verbosely. Closes ticket 82, gixed
    in commit 991.

  * Queries containing '@' no longer flood the logs. Addressed in commit

  * The build process now looks for PostgreSQL in more places. Implemented
    in commit 998, closes ticket 90.

  * Speedups in the BIND backend now mean large installations enjoy
    startup times up to 30 times faster than with the original BIND
    nameserver. Many thanks to Massimo Bandinelli.

  * IPv6 and IPv4 address parsing routines have been replaced,t 962, commit
    1012 and others.

  * 5 new regression tests have been added to insure old bugs do not

  * Fix small issues with very modern compilers and BOOST snapshots. Noted
    by Marcus Rueckert, addressed in commit 954, commit 964 commit 965,
    commit 1003.

http://www.PowerDNS.com      Open source, database driven DNS Software 
http://netherlabs.nl              Open and Closed source services

More information about the Pdns-announce mailing list