[Pdns-announce] PowerDNS Authoritative Server 3.2 Release Candidate 2 available

Peter van Dijk peter.van.dijk at netherlabs.nl
Wed Dec 19 12:33:52 UTC 2012

Hash: SHA1

Hi everybody,

Release Candidate 2 of the PowerDNS Authoritative Server 3.2 is available from:


You are cordially invited to (carefully) test this Release Candidate for
correct behaviour.

Full release notes, with clickable links, are available from:

Changes between RC1 and RC2:

  * Aki Tuomi contributed zone2json, a great way for programmers to benefit
    from our zone file parser. Code in commit 2997, closes ticket 509.

  * Our DNS TXT parser is not 8-bit safe, but our DNS TXT writer assumes the
    reader is! Reported by Jan-Piet Mens in ticket 541, commit 2993 fixes our
    writer but not yet our parser.

  * Ruben d'Arco did some improvements to the MyDNS backend, and provided a
    full test suite for it, that we now run after every commit. Code in commit

  * Some exceptions from backends would lose their meaning while bubbling up.
    Fixed by Aki Tuomi in commit 2985, closing ticket 639.

  * The packet-cache honours max reply length while matching cached packets
    against queries, but not EDNS status. This would mean that EDNS-enabled
    replies with a 512 reply len could be returned on non-EDNS queries. Spotted
    while investigating a report from Winfried Angele, patched by Ruben d'Arco
    in commit 2982, closing ticket 630.

  * Errors involving creating, deletion or changing permissions on the control
    socket were unclear. Ruben d'Arco improved this in commit 2981.

  * pipe-timeout was always documented to be in milliseconds, but it turns out
    it was in seconds! commit 2971 changes them to actually be in ms, and
    'increases' the default from 1000 seconds to 2000 milliseconds.

  * Some exceptions would get dropped during inbound AXFR, yielding a log file
    that says 'transaction started' and nothing after that, making AXFR fail
    silently. commit 2976 and commit 2977 improve this somewhat.

  * We now error out on empty labels inside of names (www..example.com) instead
    of generating bogus reply packets. Code in commit 2972, reported by several

  * Doing chmod before chown, instead of the other way around, apparently
    avoids requiring a whole SELinux capability. Reported by Sander Hoentjen,
    fixed in r2965.

  * Christian Hofstaedtler fixed a bug in our Debian init.d script. Code in
    commit 2963.

  * Superslave errors ('Unable to find backend willing to host ..') now include
    the NSset found at the master, to aid debugging. Code in commit 2887.

  * commit 2874 in RC1 broke compilation without SQLite3 and made query logging
    unreliable. Fixed in commit 2888, commit 2889.

  * The dnsreplay tool now processes single packet pcaps. Fix in commit 2895.

  * PowerDNS always derives NSEC/NSEC3 from the actual zone content. To
    accomodate this, zone2sql now drops NSEC/NSEC3 records, as those should
    never be in a PowerDNS backend directly (commit 2915), bindbackend ignores
    NSEC/NSEC3 while reading zonefiles (commit 2917) and pdnssec reports NSEC/
    NSEC3 in the database as an error condition (commit 2918).

  * The bindbackend now ignores NSEC/NSEC3 records while reading zonefiles.
    Change in commit 2917.

  * An EXPERIMENTAL feature ('direct-dnskey') for reading ZSKs from the records
    table/your BIND zonefile was added in commit 2920, commit 2921, commit 2922

  * While fully optional, PowerDNS supports direct RRSIG queries. Kees
    Monshouwer improved on our behaviour for those queries in commit 2927.

  * IPv6 glue situations require AAAA records for the receiving end of a
    delegation in the ADDITIONAL section of a referral. This was supported
    ('do-ipv6-additional-processing') but not enabled by default. commit 2929
    enables it by default.

  * pdnssec check-zone now warns for CNAME-and-other data at names in your
    zones. Code by Ruben d'Arco in commit 2930.

  * Positive ANY-responses would include a spurious NSEC3. Corrected in commit
    2932 and commit 2933, cleaned up by Kees Monshouwer in commit 2935.

  * The ldapbackend now allows overriding the base dn for AXFR subtree search.
    Fixed in commit 2934, closing ticket 536.
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org


More information about the Pdns-announce mailing list