From miod.vallat at powerdns.com  Wed May  7 12:23:31 2025
From: miod.vallat at powerdns.com (Miod Vallat)
Date: Wed, 7 May 2025 14:23:31 +0200
Subject: [Pdns-announce] PowerDNS Authoritative Server 4.9.5
Message-ID: <747f44c8-47e0-4a0e-9e1e-5941a74f498e@powerdns.com>

Today, we are releasing a new version of the PowerDNS Authoritative
Server. This 4.9.5 version carries a few bug fixes, as well as a
performance optimization in the LMDB backend which will greatly improve
database performance when performing a lot of record updates (we?re
talking thousands per second here).

A detailed list of changes can be found in the [1]changelog.

Please make sure to read the [2]Upgrade Notes before upgrading.

The [3]tarball and its [4]signature are available at
[5]downloads.powerdns.com. Packages for various distributions are
available from [6]repo.powerdns.com.

Please send us all feedback and issues you might have via the
[7]mailing list, or in case of a bug, via [8]GitHub.

Note that per our [9]End of life policy, the release of version 4.9
marked the end of support for version 4.6.

References

    1. 
https://doc.powerdns.com/authoritative/changelog/4.9.html#change-4.9.5
    2. https://doc.powerdns.com/authoritative/upgrading.html
    3. https://downloads.powerdns.com/releases/pdns-4.9.5.tar.bz2
    4. https://downloads.powerdns.com/releases/pdns-4.9.5.tar.bz2.sig
    5. https://downloads.powerdns.com/releases/
    6. https://repo.powerdns.com/
    7. https://mailman.powerdns.com/mailman/listinfo/pdns-users
    8. https://github.com/PowerDNS/pdns/issues/new/choose
    9. https://doc.powerdns.com/authoritative/appendices/EOL.html


From remi.gacogne at powerdns.com  Tue May 20 11:16:50 2025
From: remi.gacogne at powerdns.com (Remi Gacogne)
Date: Tue, 20 May 2025 13:16:50 +0200
Subject: [Pdns-announce] PowerDNS DNSdist 1.9.10 released,
 fixing CVE-2025-30193
Message-ID: <5ad761ae-c2e9-46cf-b2bd-c3b5c6e4df58@powerdns.com>

Hello!

We released PowerDNS DNSdist 1.9.10 today, fixing several bugs including 
a security issue tracked as CVE-2025-30193 where a remote, 
unauthenticated attacker can cause a denial of service via a crafted TCP 
connection. The issue was reported to us via our public IRC channel so 
once it was clear that the issue had a security impact we prepared to 
release a new version as soon as possible.

While we advise upgrading to a fixed version, a work-around is to 
temporarily restrict the number of queries that DNSdist is willing to 
accept over a single incoming TCP connection, via the 
setMaxTCPQueriesPerConnection directive. Setting it to 50 is a safe 
choice that does not impact performance in our tests.

Other fixes include:
- On FreeBSD, only pass source addresses on sockets bound to ANY
- Limit number of proxy protocol-enabled outgoing TCP connections
- Fix cache lookup for unavailable TCP-only backends
- Fix memory corruption when using getAddressInfo
- Only set the proxy protocol payload size when actually added

Please see the DNSdist website [1] for the more complete changelog [2] 
and the current documentation. The upgrade guide is also available there 
[3].

Please send us all feedback and issues you might have via the mailing 
list, or in case of a bug, via GitHub [4].

The release tarball [5] and its signature [6] are available on the 
downloads website, and packages for several distributions are available 
from our repository [7].

[1]: https://dnsdist.org
[2]: https://dnsdist.org/changelog.html#change-1.9.10
[3]: https://dnsdist.org/upgrade_guide.html
[4]: https://github.com/PowerDNS/pdns/issues/new/choose
[5]:
https://downloads.powerdns.com/releases/dnsdist-1.9.10.tar.bz2
[6]:
https://downloads.powerdns.com/releases/dnsdist-1.9.10.tar.bz2.sig
[7]: https://repo.powerdns.com

Best regards,
-- 
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-announce/attachments/20250520/9185fea7/attachment.sig>

From remi.gacogne at powerdns.com  Fri May 23 11:45:22 2025
From: remi.gacogne at powerdns.com (Remi Gacogne)
Date: Fri, 23 May 2025 13:45:22 +0200
Subject: [Pdns-announce] Second alpha release of PowerDNS DNSdist 2.0.0
 released
Message-ID: <caeb89b3-3c3d-4d63-a8fc-b8fc03a76e7a@powerdns.com>

Hello!

Today we released the second alpha version of what will become PowerDNS 
DNSdist 2.0.0.

This release fixes a lot of issues, most of them related to either the 
new YAML configuration format or the new meson build mechanism. It also 
fixes CVE-2025-30193 and CVE-2025-30194, which have already been fixed 
in the 1.9.x stable branch.

This new release also comes with several new features:

- a new chain to apply rules on query timeouts has been implemented 
(@pacnal)
- more mitigations against misbehaving TCP and TLS clients have been added
- TLS session ticket keys are not automatically shared between identical 
frontends created using the YAML format, offering better performance
- switching TLS certificates based on the incoming Server Name 
Indication value sent by the client is now supported by the OpenSSL 
provider as well
- DSCP marking towards downstream servers has been implemented (@pacnal)
- it is now possible to call Lua methods just before stopping DNSdist

As this release introduces major changes compared to the 1.9 versions, 
we invite everyone to test it as soon as possible to make sure that all 
existing use cases are still working properly, and that there is no 
performance degradation.

Please see the DNSdist website [1] for the more complete changelog [2] 
and the current documentation. The upgrade guide is also available there 
[3].

Please send us all feedback and issues you might have via the mailing 
list, or in case of a bug, via GitHub [4].

The release tarball [5] and its signature [6] are available on the 
downloads website, and packages for several distributions are available 
from our repository [7].

[1]: https://dnsdist.org
[2]: https://dnsdist.org/changelog.html#change-2.0.0-alpha2
[3]: https://dnsdist.org/upgrade_guide.html
[4]: https://github.com/PowerDNS/pdns/issues/new/choose
[5]:
https://downloads.powerdns.com/releases/dnsdist-2.0.0-alpha2.tar.xz
[6]:
https://downloads.powerdns.com/releases/dnsdist-2.0.0-alpha2.tar.xz.sig
[7]: https://repo.powerdns.com

Best regards,
-- 
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/


-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-announce/attachments/20250523/2588d1ec/attachment.sig>

From peter.van.dijk at powerdns.com  Tue May 27 09:16:18 2025
From: peter.van.dijk at powerdns.com (Peter van Dijk)
Date: Tue, 27 May 2025 11:16:18 +0200
Subject: [Pdns-announce] First Alpha Release for PowerDNS Authoritative
 Server 5.0.0
Message-ID: <029b3e2a8b8d45966f59625cf388f751fc27ee19.camel@powerdns.com>

Here at the secret PowerDNS Labs, we have been working very hard at
growing new crops of DNS software (while pretending to grow tulips in
order to remain unnoticed).

Our latest crop has been hybridized with some bind crops, in order to
build a PowerDNS Authoritative Server with a new, exciting, bind-like
"views" feature, allowing one single Authoritative Server to behave as
if there were multiple servers, answering different data depending upon
where the request is originating from.

In addition to this new feature, we have also been working on bug fixes
and documentation improvements, as well as some performance
improvements with the LMDB backend (which are already available in the
4.9.5 release, for people not daring to give this 5.0.0 alpha a try).

A detailed list of changes can be found in the [1]changelog.

Please make sure to read the [2]Upgrade Notes before upgrading.

The [3]tarball and its [4]signature are available
at [5]downloads.powerdns.com. Packages for various distributions are
available from [6]repo.powerdns.com.

We are looking forward to your feedback on this pre-release. Please
send us all feedback and issues you might have via the [7]mailing list,
or in case of a bug, via [8]GitHub.

Note that per our [9]End of life policy, the release of the final 5.0.0
version will mark the end of support for version 4.7.

References

   1. https://doc.powerdns.com/authoritative/changelog/5.0.html#change-5.0.0-alpha1
   2. https://doc.powerdns.com/authoritative/upgrading.html
   3. https://downloads.powerdns.com/releases/pdns-5.0.0-alpha1.tar.bz2
   4. https://downloads.powerdns.com/releases/pdns-5.0.0-alpha1.tar.bz2.sig
   5. https://downloads.powerdns.com/releases/
   6. https://repo.powerdns.com/
   7. https://mailman.powerdns.com/mailman/listinfo/pdns-users
   8. https://github.com/PowerDNS/pdns/issues/new/choose
   9. https://doc.powerdns.com/authoritative/appendices/EOL.html

Kind regards,
-- 
Peter van Dijk
PowerDNS.com B.V. - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 914 bytes
Desc: This is a digitally signed message part
URL: <http://mailman.powerdns.com/pipermail/pdns-announce/attachments/20250527/e537fa19/attachment.sig>