[Pdns-dev] PowerDNS Recursor 3.1.7 released - with DNS scripting!
bert.hubert at netherlabs.nl
Wed Jun 25 11:12:35 CEST 2008
Release notes (clickable version on http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-1-7 )
This version contains powerful scripting abilities, allowing operators to
modify DNS responses in many interesting ways. Among other things, these
abilities can be used to filter out malware domains, to perform load
balancing, to comply with legal and other requirements and finally, to
implement 'NXDOMAIN' redirection.
It is hoped that the addition of Lua scripting will enable responsible DNS
modification for those that need it.
For more details about the Lua scripting, which can be modified, loaded
and unloaded at runtime, see Section 12.6. Many thanks are due to the #lua
irc channel, for excellent near-realtime Lua support. In addition, a
number of PowerDNS users have been enthousiastically testing prereleases
of the scripting support, and have found and solved many issues.
In addition, 3.1.7 fixes a number of bugs:
* In 3.1.5 and 3.1.6, an authoritative server could continue to renew
its authority, even though a domain had been delegated to other
servers in the meantime.
In the rare cases where this happened, and the old servers were not
shut down, the observed effect is that users were fed outdated data.
Bug spotted and analysed by Darren Gamble, fix in commit 1182 and
* Thanks to long time PowerDNS contributor Stefan Arentz, for the first
time, Mac OS X 10.5 users can compile and run the PowerDNS Recursor!
Patch in commit 1185.
* Sten Spans spotted that for outgoing TCP/IP queries, the
query-local-address setting was not honored. Fixed in commit 1190.
* rec_control wipe-cache now also wipes domains from the negative cache,
hurrying up the expiry of negatively cached records. Suggested by
Simon Kirby, implemented in commit 1204.
* When a forwarder server is configured for a domain, using the
forward-zones setting, this server IP address was filtered using the
dont-query setting, which is generally not what is desired: the server
to which queries are forwarded will often live in private IP space,
and the operator should be trusted to know what he is doing. Reported
and argued by Simon Kirby, fix in commit 1211.
* Marcus Rueckert of OpenSUSE reported that very recent gcc versions
emitted a (correct) warning on an overly complicated line in
syncres.cc, fixed in commit 1189.
* Stefan Schmidt discovered that the netmask matching code, used by the
new Lua scripts, but also by all other parts of PowerDNS, had problems
with explicit '/32' matches. Fixed in commit 1205.
http://www.PowerDNS.com Open source, database driven DNS Software
http://netherlabs.nl Open and Closed source services
More information about the Pdns-dev