[Pdns-announce] PowerDNS Recursor 3.1.5 snapshot 3 available

bert hubert bert.hubert at netherlabs.nl
Wed Feb 6 21:11:26 UTC 2008

Hi everybody,

We are heading up to a release of version 3.1.5 of the PowerDNS Recursor.
Since it has been a long time since 3.1.4, which appears to have been a very
good release, we are doing some snapshots.

This snapshot 3 is in production, and appears to work, but take care when

Available on

Non-release notes, available as html with clickable links on http://ds9a.nl/tmp/pdns-docs/html/changelog.html#CHANGELOG-RECURSOR-3-1-5

Much like 3.1.4, this release does not add major features. Instead,
performance has been improved significantly (estimated at around 20%), and
many rare and not so rare issues were addressed. Most importantly,
multi-part TXT records now work as expected - the only significant bug found
in 15 months.

Perhaps important, this version can properly benefit from all IPv4 and IPv6
addresses in use at the root-servers as of early February 2008.

Additionally, newer releases of the G++ compiler required some fixes (see ticket 173).

Security related issues:

  *   The Recursor will by default no longer query private-space nameservers. This
closes a slight security risk and simultaneously improves performance and
stability. For more information, see dont-query in Section 12.1. Implemented
in commit 923.


  *    The DNS packet writing and parsing infrastructure performance was improved
 in several ways, see commits 925, 926, 928, 931, 1021, 1050,

  *    Remove multithreading overhead from the Recursor (commit 999). 

Bug fixes:

  *    Applied fix for ticket 110 ('PowerDNS should change directory to '/' in chroot), implemented in commit 944.
  *    Some routing conditions could cause UDP connected sockets to generate an error which PowerDNS did not deal with properly, leading to a leaked file descriptor. As these run out over time, the recursor could crash. This would also happen for IPv6 queries on a host with no IPv6 connectivity. Thanks to Kai of xs4all and Wichert Akkerman for reporting this issue. Fix in commit 1133.
  *    Empty unknown record types can now be stored without generating an error (commit 1129), silencing a scary error message.
  *    Applied fix for ticket 111, ticket 112 and ticket 153 - large (multipart) TXT records are now retrieved and served properly. Fix in commit 996.
  *    Solaris compilation instructions in Recursor documentation were wrong, leading to an instant crash on startup. Luckily nobody reads the documentation, except for Marcus Goller who found the error. Fixed in commit 1124.
  *    On Solaris, finally fix the issue where queries get distributed strangely over CPUs, or not get distributed at all. Much debugging and analysing performed by Alex Kiernan, who also supplied fixes. Implemented in commit 1091, commit 1093.
  *    Various fixes for modern G++ versions, most spotted by Marcus Rueckert (commits 964, 965, 1028, 1052)
  *    Recursor would not properly clean up pidfile and control socket, closing ticket 120, code in commit 988, commit 1098 (spotted by Leo Baltus)
  *    Recursor can now serve multi-line records from its limited authoritative server (commit 1014).
  *    When parsing zones, the 'm' time specification stands for minutes, not months! Closing Debian bug 406462 (commit 1026)
  *    Authoritative zone parser did not support '@' in the content of records. Spotted by Marco Davids, fixed in commit 1030.
  *    Authoritative zone parser could be confused by trailing TABs on record lines (commit 1062).
  *    EINTR error code could block entire server if received at the wrong time. Spotted by Arnoud Bakker, fix in commit 1059.
  *    Fix crash on NetBSD on Alpha CPUs, might improve startup behaviour on empty caches on other architectures as well (commit 1061).
  *    Outbound TCP queries were being performed sub-optimally because of an interaction with the 'Mplexer'. Fixes in commit 1115, commit 1116. 

New features:

  *    Implemented rec_control command get uptime, as suggested by Niels Bakker (commit 935). Added to default rrdtool scripts in commit 940.
  *    The Recursor Authorative component, meant for having the Recursor serve some zones authoritatively, now supports $INCLUDE and $GENERATE. Implemented in commit 951 and commit 952, commit 967 (discovered by Thomas Rietz),
  *    Implemented forward-zones-file option in order to support larger amounts of zones which should be forwarded to another nameserver (commit 963). 

General improvements:

  *    Ruben Kerkhof fixed up weird permission bits as well as our SGML documentation code in commit 936 and commit 937.
  *    Now perform EDNS0 root refreshing queries, so as to benefit from all returned addresses. Relevant since early February 2008 when the root-servers started to respond with IPv6 addresses, which made the default non-EDNS0 maximum packet length reply no longer contain all records. Implemented in commit 1130. Thanks to dns-operations AT mail.oarc.isc.org for quick suggestions on how to deal with this change.
  *    rec_control now has a timeout in case the Recursor does not respond. Implemented in commit 945.
  *    (Error) messages are now logged with saner priorities (commit 955).
  *    Outbound query IP interface stemmed from 1997 (!) and was in dire need of a cleanup (commit 1117).
  *    L.ROOT-SERVERS.NET moved (commit 1118). 

http://www.PowerDNS.com      Open source, database driven DNS Software 
http://netherlabs.nl              Open and Closed source services

More information about the Pdns-announce mailing list