[Pdns-dev] PowerDNS Recursor 3.1.2 released!

Darren Gamble darren.gamble at sjrb.ca
Tue Jun 27 11:41:08 CEST 2006


Hi Bert, team,

It looks like the issue attributed to myself in the 3.1.2 changelog
didn't quite get fixed in this version after all.

We still see the same problems with the same type of domains, where the
cache somehow gets different TTLs in the same RRset.


;; QUESTION SECTION:
;beanstream.com.                        IN      NS

;; ANSWER SECTION:
beanstream.com.         80223   IN      NS      udns2.ultradns.net.
beanstream.com.         80223   IN      NS      udns1.ultradns.net.
beanstream.com.         166623  IN      NS      ns.baremetal.com.

;; ADDITIONAL SECTION:
udns1.ultradns.net.     172713  IN      A       204.69.234.1
udns2.ultradns.net.     172713  IN      A       204.74.101.1
ns.baremetal.com.       171507  IN      A       209.133.48.1


I have not yet determined the situation that causes the cache to get
this information- I can't reproduce it in the way I found prior to 3.1.2
.  Here, "NS ns.baremetal.com" is provided by the "parent" servers and
the two ultradns NS records are provided by themselves (and are the only
two).  No server provides all 3 records at once.

Probably, the bigger question is how the cache (still) gets a RRset with
different TTLs.  This should never, ever, happen.  Anytime a RRset get
added to the cache, any existing RRset should get removed.  Adding an
additional sanity check for this situation could also be useful.

I tried to dump the cache contents for troubleshooting, but this caused
the pdns process to crash.  The process only logged "STL Exception:
basic_string::at" at the time of the crash...

Thanks!

============================
Darren Gamble
Planner, Regional Services
Shaw Cablesystems GP
630 - 3rd Avenue SW
Calgary, Alberta, Canada
T2P 4L4
(403) 781-4948
 

> -----Original Message-----
> From: pdns-dev-bounces at mailman.powerdns.com [mailto:pdns-dev-
> bounces at mailman.powerdns.com] On Behalf Of bert hubert
> Sent: Sunday, June 25, 2006 11:28 PM
> To: pdns-announce at mailman.powerdns.com;
pdns-users at mailman.powerdns.com;
> pdns-dev at mailman.powerdns.com
> Subject: [Pdns-dev] PowerDNS Recursor 3.1.2 released!
> 
> After extensive testing, we are proud to announce PowerDNS Recursor
> version
> 3.1.2.
> 
> Compared to 3.1.1, this release consists almost exclusively of
bug-fixes
> and speedups. A quick update is recommended, as some of the bugs
impact
> operators of authoritative zones on the internet. This version has
been
> tested by some of the largest internet providers on the planet, and is
> expected to perform well for everybody.
> 
> Available at:
> 
> . http://downloads.powerdns.com/releases/pdns-recursor-3.1.2.tar.bz2
> . http://downloads.powerdns.com/releases/rpm/pdns-recursor-3.1.2-
> 1.i386.rpm
> . http://downloads.powerdns.com/releases/rpm/pdns-recursor-3.1.2-
> 1.x86_64.rpm
> . http://downloads.powerdns.com/releases/deb/pdns-recursor_3.1.2-
> 1_amd64.deb
> . http://downloads.powerdns.com/releases/deb/pdns-recursor_3.1.2-
> 1_i386.deb
> 
> Changelog with clickable links describing each change on
> http://doc.powerdns.com/changelog.html , text version:
> 
>  Many thanks are due to Darren Gamble, Stefan Schmidt and Bryan Seitz
who
>  all provided excellent feedback based on their large-scale tests of
the
>  recursor.
> 
>  Bug-fixes:
> 
>    * Internal authoritative server did not differentiate between
> 'NXDOMAIN'
>      and 'NXRRSET', in other words, it would answer 'no such host'
when an
>      AAAA query came in for a domain that did exist, but did not have
an
>      AAAA record. This only affects users with auth-zones configured.
>      Discovered by Bryan Seitz, fixed in commit 848.
> 
>    * ANY queries for hosts where nothing was present in the cache
would
> not
>      work. This did not cause real problems as ANY queries are not
> reliable
>      (by design) for anything other than debugging, but did slow down
the
>      nameserver and cause unnecessary load on remote nameservers.
Fixed in
>      commit 854.
> 
>    * When exceeding the configured maximum amount of TCP sessions, TCP
>      support would break and the nameserver would waste CPU trying to
>      accept TCP connections on UDP ports. Noted by Bryan Seitz, fixed
in
>      commit 849.
> 
>    * DNS queries come in two flavours: recursion desired and
non-recursion
>      desired. The latter is not very useful for a recursor, but is
>      sometimes (erroneously) used by monitoring software or
loadbalancers
>      to detect nameserver availability. A non-rd query would not only
not
>      recurse, but also not query authoritative zones, which is
confusing.
>      Fixed in commit 847.
> 
>    * Non-standard DNS TCP queries, that did occur however, could drive
the
>      recursor to 100% CPU usage for extended periods of time. This did
not
>      disrupt service immediately, but does waste a lot of CPU,
possibly
>      exhausting resources. Discovered by Bryan Seitz, fixed in commit
858,
>      which is post-3.1.2-rc1.
> 
>    * The PowerDNS recursor did not honour the rare but standardised
'ANY'
>      query class (normally 'ANY' refers to the query type, not class),
>      upsetting the Wildfire Jabber server. Discovered and debugged by
>      Daniel Nauck, fixed in commit 859, which is post-3.1.2-rc1.
> 
>    * Everybody's favorite, when starting up under high load, a bogus
line
>      of statistics was sometimes logged. Fixed in commit 851.
> 
>    * Remove some spurious debugging output on dropping a packet by an
>      unauthorized host. Discovered by Kai. Fixed in commit 854.
> 
>  Improvements:
> 
>    * Misconfigured domains, with a broken nameserver in the parent
zone,
>      should now work better. Changes motivated and suggested by Darren
>      Gamble. This makes PowerDNS more compliant with RFC 2181 by
making it
>      prefer authoritative data over non-authoritative data.
Implemented in
>      commit 856.
> 
>    * PowerDNS can now listen on multiple ports, using the
local-address
>      setting. Added in commit 845.
> 
>    * A number of speedups which should have a noticeable impact,
>      implemented in commits 850, 852, 853, 855
> 
>    * The recursor now works around an issue with the Linux kernel
2.6.8,
> as
>      shipped by Debian. Fixed by Christof Meerwald in commit 860,
which is
>      post 3.1.2-rc1.
> 
> --
> http://www.PowerDNS.com      Open source, database driven DNS Software
> http://netherlabs.nl              Open and Closed source services
> _______________________________________________
> Pdns-dev mailing list
> Pdns-dev at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-dev


More information about the Pdns-dev mailing list