[Pdns-dev] PowerDNS Authoritative Server version 2.9.22 released!
bert.hubert at netherlabs.nl
Tue Jan 27 22:37:33 CET 2009
PowerDNS Authoritative Server version 2.9.22 released!
Release notes with clickable links available on
This is a huge release, spanning almost 20 months of
development. Besides fixing a lot of bugs, of note is the
addition of the so called 'Notification Proxy', which allows
PowerDNS to function as a master server behind a firewall, plus
the huge performance improvement of the internal caches.
This work has been made possible by UPC Broadband and Directi,
Finally, the release candidates of this version have been
tested & improved by Jorn Ekkelenkamp, Ton van Rosmalen, Jeff
Sipek, Tyler Hall, Christof Meerwald and Stefan Schmidt.
Fixed between rc1 and rc2, but not an issue in 2.9.21.
* pdns_control ccounts again outputs proper cache statistics.
Implemented in commit 1304.
* Negative query caching was reinstated, leading to 6 times
fewer backend queries than rc1 on the Express.powerdns.com
* Packetcache no longer needlessly parses outgoing packets
before sending them.
* Fancy records work again. This work has been sponsored by
ISP Services. Implemented in commit 1302 and commit 1299.
* pdns_control can now also work over TCP/IP. Sponsored by
Directi. Commits 1246, 1251, 1254, 1255.
* Implemented a notification proxy, see Section 19.1. This
work was sponsored by UPC Broadband. Implemented in commits
1075, 1077, 1082, 1083, 1085 and 1086.
* IXFR queries are now supported in the sense that we treat
them as AXFR queries, silencing warnings in other
nameservers. Suggested in ticket 131.
* The PIPE backend has been extended by David Apgar to allow
the reporting of errors using the 'FAIL' command, plus
support for responses with whitespace. Implemented in
* PowerDNS Authoritative server now parses incoming EDNS
options, like maximum allowed packet size. Implemented in
commit 1123 and commit 1281.
* Added support for DHCID, IPSECKEY and KX records, thanks
Norbert Sendetzky for the hint. Implemented in commit 1144.
* Norbert Sendetzky has has added support for all record
types supported by PowerDNS to the LDAPBackend.
Furthermore, the detection of OpenLDAP in autoconf has been
improved. Finally, debian has supplied some fixes to
PowerLDAP. Implemented in commit 1152 and commit 1153.
* Implemented EDNS NSID option for retrieving the nameserver
ID out of band. Defaults to hostname, can be specified
using the server-id setting. Code in commit 1232.
* Implemented experimental EDNS PING for enhanced forgery
resilience. Code in commit 1232.
* Improve packet generation performance, in some cases by
25%. Code in 1258, 1259.
* Improved access list checking performance. commit 1261.
* PowerDNS Authoritative caches were completely redone, and
are now based on the same cache that is in the resolver.
This work has been sponsored by Directi. In large
benchmarks, PowerDNS performance has improved by an order
of magnitude or more. This new version allows for
near-instantaneous cache purging, plus very rapid purging
based on suffix. Purge commands can also be batched. This
work is partially based on an innovative reverse-string
comparison function authored by Aki Tuomi.
* Installations which run with very high cache hitrates can
now benefit from multiple CPUs by setting receiver-threads
to the number of desired CPUs to utilize in cache
operations. Implemented in commit 1316.
* BIND backend speedups in commit 1108, measured at around a
20% improvement, possibly more on very large setups.
* Tyler Hall discovered the PowerDNS configuration file
parser had problems with trailing tabs. This turned out to
be a wider problem in PowerDNS. Buggy code replaced by a
library call in commit 1237 and commit 1240.
* David Apgar of Yahoo discovered that our 'guardian' method
of restarting PowerDNS in case of problems was not fool
proof, and submitted a fix. A variation of this fix can be
found in commit 1323. Also reported by Directi.
* Connection reset by peer events in the TCP nameserver no
longer lead to the cycling of database connections. Code in
* FreeBSD compilation with Generic PostgreSQL backend was
fixed. Reported by Wouter de Jong of WideXS, fixed in
commit 1305, closes ticket 95.
* Webserver no longer prints '1e2%'. Finally closes ticket
26. Much friendly nagging for over 3 years by Jeff Sipek,
code in commit 1303.
* PowerDNS used to ignore certain queries it could not
answer. These queries are no longer ignored, but get a
SERVFAIL response. Implemented in commit 1239.
* Fix subtle CNAME and wildcard interactions reported by
'zzyzz', implemented in commit 1147.
* The generic backends did not honour the default-ttl
setting. Spotted and implemented by Matti Hiljanen.
* Matti Hiljanen discovered that the OpenDBX backend did not
fill out the SOA ttl value properly. Matti also improved
the SQL statements for better compatibility. Implemented in
* Treat invalid WWW requests better. Spotted by Maikel
Verheijen, implemented in commit 1092.
* Documentation errors and typos, spotted by Marco Davids
(commit 1097) and Rejo Zengers (commit 1119)
* Properly fill out the 'recursion available'-flag. Spotted
by Augie Schwer in ticket 167.
* Several memory leaks on bad data in the database or other
errors have been fixed. Addressed in 1078 and 1079.
* In contravention to the documentation, the domain type as
specified in the database ('MASTER', 'SLAVE' or 'NATIVE')
was interpreted case sensitively. 1084.
* BIND backend could crash on processing information about
slave zones to be checked. Spotted by Stefan Schmidt, fixed
* Jelte Jansen of Stichting NLNetLabs discovered PowerDNS in
BIND mode couldn't operate as a root-server! Fixed in 1057.
* 'DPS' discovered there was a rare opportunity for PowerDNS
to lock up waiting for new data. Addressed in 1076.
* Make singlethreaded mode more resilient against errors.
* DNSSEC records were part of 2.9.21, but were not actually
hooked up. Please note that while PowerDNS can serve most
DNSSEC records, it does not do DNSSEC processing.
Implemented in 1046.
* Shawn Starr migrated all his domains to PowerDNS in one
evening, from an installation that had been used since
BIND4. In doing so, he found 3 bugs in as many hours. An IN
statement in the BIND named.conf with a zone with a
trailing dot was misparsed, fixed in commit 1233. Secondly,
the zonefile parser tripped over a line consisting of
nothing but comments in the wrong place. Finally '$ORIGIN
.' was misparsed. Last two issues fixed in commit 1234.
* Our statistics counters did not wrap correctly after the
2.15 billion mark. Spotted by Stefan Schmidt, reported in
ticket 179, fixed in commit 1284.
* Bindbackend could sometimes generate very strange error
messages while processing a malformed zone file. Sometimes
such error messages could cause a crash (reported on
HP-UX). Addressed by commit 1279. This could not be
triggered remotely. Closes ticket ticket 203.
* Pipe backend did not clean up killed coprocesses. Found and
fixed by Daniel Drown
* Installations with tens of thousands of slave domains would
never complete the cycle to check the freshness of all
zones as each incoming notification disrupted this cycle.
Addressed in cooperation with Tyler Hall of EditDNS.
* Zoneparser improvements mean $TTL and $INCLUDES now work a
lot better. Implemented in 1056, 1062.
* No longer report temporary recvfropenDBX so that SQLite reads and writes
no longer deadlock, plus compliation fixes on Solaris, plus
the addition of autoserials to backends that support
triggers. Implemented in commit 1154.
* Random generator is now based on AES, improving the
security of certain proxy operations. This is the same
random generator that is in the recursor. Implemented in
* Documentation for 'supermaster' mode was improved due to
* When binding to a UDP port failed, supply a more precise
error message (commit 1245)
* The zoneparser error messages were vastly improved,
partially inspired by Shawn's cowboy migration. Code in
* Labels are compressed more efficiently
(case-insensitively), leading to smaller packets.
Implemented in commit 1156.
* Fix handling of TCP timeouts to not cause a reload of the
backends. Implemented in commit 1092.
* TCP Receiver no longer spams the log with common network
errors. Implemented in commit 1306.
* Move from select() to poll()-based multiplexing, allowing
PowerDNS to listen on more than 1024 sockets
simultaneously. One big PowerDNS user needs this.
Implemented in 1072.
* Zone2sql now reads source files in performance enhancing
inode order. Additionally, zone2sql no longer dies on a
missing zone file if --on-error-resume-next was specified.
Finally, statistics of zone2sql conversion have been
improved. Implemented in 1055.
* Address issues found by more recent g++ versions. Spotted
and/or fixed by Jorn Ekkelenkamp (commit 1051), Marcus
Rueckert (commit 1094), Norbert Sendetzky (commit 1107),
Serge Belyshev (commit 1171).
* The Intel C Compiler implements certain things differently,
causing the master/slave communicator to malfunction.
Spotted by Marcus Rueckert, implemented in 1052, plus
fallout in 1105.
* PowerDNS can now be compiled with Boost 1.3
http://www.PowerDNS.com Open source, database driven DNS Software
http://netherlabs.nl Open and Closed source services
More information about the Pdns-dev