[Pdns-dev] PowerDNS Recursor 3.2 Release Candidate 1 available

bert hubert bert.hubert at netherlabs.nl
Wed Feb 10 21:12:29 CET 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi everybody,

Please find below the release notes of the PowerDNS Recursor version 3.2,
release candidate 1.

RC1 is already deployed in a number of large places, and it appears to be
holding up well. In addition, a number of future users have performed
stringent testing and performance measurements, and it appears this version
works satisfactorily.

It is also observed that this release candidate provides for vastly improved
performance compared to 3.1.7.*, even bringing us close to the very
impressive numbers measured by users of the Nominum Vantio and Nominum CNS
software.  On modern hardware, the PowerDNS Recursor may in fact be faster,
and certainly better value for money. For more details, please see below.

If you are looking forward to deploying PowerDNS Recursor version 3.2, now
is a good time to testdrive RC1.

We are very interested in hearing your experiences, and look forward to
fixing any issues found before the final release is made. If nothing
important pops up, this is expected to happen next week.

Download from:

 * http://svn.powerdns.com/snapshots/rc1/
   (tar.bz2, "universal" i386/x86 .rpm and .deb packages, .md5 and pgp
    signatures)

(Nominum, Nominum CNS & Nominum Vantio are trademarks owned by
Nominum)

Release notes
- -------------
Version with clickable links:
http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-2

The 3.2 release is the first major release of the PowerDNS
Recursor in a long time. Partly this is because 3.1.7.*
functioned very well, and delivered satisfying performance,
partly this is because in order to really move forward, some
heavy lifting had to be done.

As always, we are grateful for the large PowerDNS community
that is actively involved in improving the quality of our
software, be it by submitting patches, by testing development
versions of our software or helping debug interesting issues.
We specifically want to thank Stefan Schmidt and Florian
Weimer, who both over the years have helped tremendously in
keeping PowerDNS fast, stable and secure.

This version of the PowerDNS Recursor contains a rather novel
form of lock-free multithreading, a situation that comes close
to the old '--fork' trick, but allows the Recursor to fully
utilize multiple CPUs, while delivering unified statistics and
operational control.

In effect, this delivers the best of both worlds: near linear
scaling, with almost no administrative overhead.

Compared to 'regular multithreading', whereby threads cooperate
more closely, more memory is used, since each thread maintains
its own DNS cache. However, given the economics, and the
relatively limited total amount of memory needed for high
performance, this price is well worth it.

In practical numbers, over 40,000 queries/second sustained
performance has now been measured by a third party, with a
100.0% packet response rate. This means that the needs of
around 400,000 residential connections can now be met by a
single commodity server.

In addition to the above, the PowerDNS Recursor is now
providing resolver service for many more Internet users than
ever before. This has brought with it 24/7 Service Level
Agreements, and 24/7 operational monitoring by networking
personnel at some of the largest telecommunications companies
in the world.

In order to facilitate such operation, more statistics are now
provided that allow the visual verification of proper PowerDNS
Recursor operation. As an example of this there are now graphs
that plot how many queries were dropped by the operating system
because of a CPU overload, plus statistics that can be
monitored to determine if the PowerDNS deployment is under a
spoofing attack.

All in all, this is a large and important PowerDNS Release,
paving the way for further innovation.

Note

     This release removes support for the 'fork' multi-processor
     option. In addition, the default is now to spawn two threads.
     This has been done in such a way that total memory usage will
     remain identical, so each thread will use half of the allocated
     maximum number of cache entries.
Improvements:

  * Multithreading, allowing near linear scaling to multiple
    CPUs or cores. Configured using 'threads=' (many commits).
    This also deprecates the '--fork' option.
  * Added ability to read a configuration item of a running
    PowerDNS Recursor using 'rec_control get-all' (commit
    1243), suggested by Wouter de Jong.
  * Speedups in packet generation (Commits 1258, 1259, 1262)
  * TCP deferred accept() filter is turned on again for slight
    DoS protection. Code in commit 1414.
  * PowerDNS Recursor can now do TCP/IP queries to remote IPv6
    addresses (commit 1412).
  * Solaris 9 '/dev/poll' support added, Solaris 8 now
    deprecated. Changes in commit 1421, commit 1422, commit
    1424, commit 1413.
  * Lua functions can now also see the address _to_ which a
    question was sent, using getlocaladdress(). Implemented in
    commit 1309 and commit 1315.
  * Maximum cache sizes now default to a sensible value.
    Suggested by Roel van der Made, implemented in commit 1354.
  * Domains can now be forwarded to IPv6 addresses too, using
    either ::1 syntax or [::1]:25. Thanks to Wijnand Modderman
    for discovering this issue, fixed in commit 1349.
  * Lua scripts can now load libraries at runtime, for example
    to calculate md5 hashes. Code by Winfried Angele in commit
    1405.
  * Periodic statistics output now includes average queries per
    second, as well as packet cache numbers (commit 1493).
  * New metrics are available for graphing (DOCUMENTATION
    FORTHCOMING), plus added to the default graphs (commit
    1495, commit 1498, commit 1503)
  * Fix errors/crashes on more recent versions of Solaris 10,
    where the ports functions could return ENOENT under some
    circumstances. Reported and debugged by Jan Gyselinck,
    fixed in commit 1372.

New features:

  * Add pdnslog() function for Lua scripts, so errors or other
    messages can be logged properly.
  * rec_control now accepts a --timeout parameter, which can be
    useful when reloading huge Lua scripts. Implemented in
    commit 1366.
  * 'rec_control get-all' now retrieves all statistics in one
    call (commit 1496).
  * Domains can now be forwarded with the 'recursion-desired'
    bit on or off. Feature suggested by Darren Gamble,
    implemented in commit 1451. DOCUMENTATION FORTHCOMING!
  * Access control lists can now be reloaded at runtime
    (implemented in commit 1457).
  * PowerDNS Recursor can now use a pool of
    query-local-addresses to further increase resilience
    against spoofing. Suggested by Ad Spelt, implemented in
    commit 1426. DOCUMENTATION FORTHCOMING!
  * PowerDNS Recursor now also has a packet cache, greatly
    speeding up operations. Implemented in commit 1426, commit
    1433 and further. DOCUMENTATION FORTHCOMING!
  * Cache can be limited in how long it stores records, for
    BIND compatibility. Patch by Winfried Angele in commit
    1438. DOCUMENTATION FORTHCOMING!
  * Cache cleaning turned out to be scanning more of the cache
    than necessary for cache maintenance. In addition, far more
    frequent but smaller cache cleanups improve responsiveness.
    Thanks to Winfried Angele for discovering this issue.
    (commits 1501, 1507)
  * Performance graphs enhanced with separate CPU load and
    cache effectiveness plots, plus display of various overload
    situations (commits 1503)

Compiler/Operating system/Library updates:

  * PowerDNS Recursor can now compile against newer versions of
    Boost. Reported & fixed by Darix in commit 1274. Further
    fixes in commit 1275, commit 1276, commit 1277, commit
    1283.
  * Fix compatibility with newer versions of GCC (closes ticket
    ticket 227, spotted by Ruben Kerkhof, code in commit 1345,
    more fixes in commit 1394, 1416, 1440).
  * Rrdtool update graph is now compatible with FreeBSD out of
    the box. Thanks to Bryan Seitz (commit 1517).
  * Fix up Makefile for older versions of Make (commit 1229).
  * Solaris compilation improvements (out of the box, no
    handwork needed).
  * Solaris 9 MTasker compilation fixes, as suggested by John
    Levon. Changes in commit 1431.

Bug fixes:

  * Under rare circumstances, the recursor could crash on 64
    bit Linux systems running glibc 2.7, as found in Debian
    Lenny. These circumstances became a lot less rare for the
    3.2 release. Discovered by Andreas Jakum and debugged by
    #powerdns, fix in commit 1519.
  * Configuration parser is now resistant against trailing tabs
    and other whitespace (commit 1242)
  * Fix typo in a Lua error message. Close ticket 210, as
    reported by Stefan Schmidt (commit 1319).
  * Profiled-build instructions were broken, discovered & fixes
    suggested by Stefan Schmidt. ticket 239, fix in commit
    1462.
  * Fix up duplicate SOA from a remote authoritative server
    from showing up in our output (commit 1475).
  * All security fixes from 3.1.7.2 are included.
  * Under highly exceptional circumstances on FreeBSD the
    PowerDNS Recursor could crash because of a TCP/IP error.
    Reported and fixed by Andrei Poelov in ticket 192, fixed in
    commit 1280.
  * PowerDNS Recursor can be a root-server again. Error spotted
    by the ever vigilant Darren Gamble (t229), fix in commit
    1458.
  * Rare TCP/IP errors no longer lead to PowerDNS Recursor
    logging errors or becoming confused. Debugged by Josh Berry
    of Plusnet PLC. Code in commit 1457.
  * Do not hammer parent servers in case child zones are
    misconfigured, requery at most once every 10 seconds.
    Reported & investigated by Stefan Schmidt and Andreas
    Jakum, fixed in commit 1265.
  * Properly process answers from remote authoritative servers
    that send error answers without including the original
    question (commit 1329, commit 1327).
  * No longer spontaneously turn on 'export-etc-hosts' after
    reloading zones. Discovered by Paul Cairney, reported in
    ticket 225, addressed in commit 1348.
  * Very abrupt server failure of large numbers of high-volume
    authoritative servers could trigger an out of memory
    situation. Addressed in commit 1505.
  * Make timeouts for queries to remote authoritative servers
    configurable with millisecond granularity. In addition, the
    old code turned out to consider the timeout expired when
    the integral number of seconds since 1970 increased by 1 -
    which *on average* is after 500ms. This might have caused
    spurious timeouts! New default timeout is 1500ms. Code in
    commit 1402. DOCUMENTATION FORTHCOMING!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAktzEy0ACgkQHF7pkNLnFXX6NQCfWLjmCtB17I7/9a278LUvI9Ba
YAoAoMeOq8nVZ+Q2/0NKCkryjV8LxTlk
=v7eH
-----END PGP SIGNATURE-----


More information about the Pdns-dev mailing list