[Pdns-dev] PowerDNS Recursor 3.5-RC2 released!

Peter van Dijk peter.van.dijk at netherlabs.nl
Mon Feb 11 15:07:04 CET 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi everybody,

Release Candidate 2 of the PowerDNS Recursor 3.5 is available from:

source: http://powerdnssec.org/downloads/pdns-recursor-3.5-rc2.tar.bz2
semistatic packages: http://powerdnssec.org/downloads/packages/
RHEL5/6 native: http://www.monshouwer.eu/download/3rd_party/pdns-recursor/rc2/

You are cordially invited to (carefully) test this Release Candidate for
correct behaviour.

Full release notes, with clickable links, are available from:
http://doc.powerdns.com/changelog.html#changelog-recursor-3-5

Here is a text-only version:

This is a stability and bugfix update to 3.3/3.3.1. It contains important fixes
for slightly broken domain names, which your users expect to work anyhow.

Note:
Because a semi-sanctioned 3.4-pre was distributed for a long time, and
people have come to call that 3.4, we are skipping an actual 3.4 release
to avoid confusion.

Changes between RC1 and RC2:

  * While Recursor 3.3 was not vulnerable to the specific attack noted in
    'Ghost Domain Names: Revoked Yet Still Resolvable', further investigation
    showed that a variant of the attack could work. This was fixed in r3085.

  * The auth-can-lower-ttl flag was removed, as it did not have any effect in
    most situations, and thus did not operate as advertised. We now always
    comply with the related parts of RFC 2181. Change in r3092, closing ticket
    88.

Changes below are in RC1 (and up).

New features:

  * The local zone server now understands wilcards, code in commit 2062.

  * The Lua postresolve and nodata hooks, that had been distributed as a
    '3.3-hooks' snapshot earlier, have been merged. Code in commit 2309.

  * A new feature, rec_control trace-regex allows the tracing of lookups for
    specific names. Code in commit 3044, commit 3073.

  * A new setting, export-etc-hosts-suffix, adds a configurable suffix to names
    imported from /etc/hosts. Code in commit 2544, commit 2545.

Improvements:

  * We now throttle queries that don't work less agressively, code in commit
    1766.

  * Various improvements in tolerance against broken auths, code in commit 1996
    , commit 2188, commit 3074 (thanks Winfried).

  * Additional processing is now optional, and disabled by default. Presumably
    this yields a performance improvement. Change in commit 2542.

  * rec_control reload-lua-script now reports errors. Code in commit 2627,
    closing ticket 278.

  * rec_control help now lists commands. Code in commit 2628.

  * rec_control wipe-cache now also wipes the recursor's packet cache. Code in
    commit 2880 from ticket 333.

  * Morten Stevens contributed a systemd file. Import in commit 2966, now part
    of the recursor tarball.

  * commit 2990 updates the address of D.root-servers.net.

  * Winfried Angele implemented and documented the ipv6-questions metric. Merge
    in commit 3034, closing ticket 619.

  * We no longer use ANY to get A+AAAA for nameservers, because some auth
    operators have decided to break ANY lookups. As a bonus, we now track v4
    and v6 latency separately. Change in commit 3064.

Bugs fixed:

  * Some unaligned memory access was corrected, code in commit 2060, commit
    2122, commit 2123, which would cause problems on UltraSPARC.

  * Garbage encountered during reload-acls could cause crashes. Fixed in commit
    2323, closing ticket 330.

  * The recursor would lose its root hints in a very rare situation. Corrected
    in commit 2380.

  * We did not always drop supplemental groups while dropping privileges.
    Reported by David Black of Atlassian, fixed in commit 2524.

  * Cache aging would sometimes get confused when we had a mix of expired and
    non-expired records in cache. Spotted and fixed by Winfried Angele in
    commit 3068, closing ticket 438.

  * rec_control reload-acl no longer ignores arguments. Fix in commit 3037,
    closing ticket 490.

  * Since we re-parse our commandline in rec_control we've been doubling the
    commands on the commandline, causing weird output. Reported by Winfried
    Angele. Fixed in commit 2992, closing ticket 618. This issue was not
    present in any officially released versions.

  * commit 2879 drops some spurious stderr logging from Lua scripts, and makes
    sure 'place' is always valid.

  * We would sometimes refuse to resolve domains with just one nameserver
    living at the apex. Fixed in commit 2817.

  * We would sometimes stick RRs in the wrong parts of response packets. Fixed
    in commit 2625.

  * The ACL parser was too liberal, sometimes causing recursors to be very
    open. Fixed in commit 2629, closing ticket 331.

  * rec_control now honours config-dir from recursor.conf. Fixed in commit 2630
    .

  * When traversing CNAME chains, sometimes we would end up with multiple SOAs
    in the result. Fixed in commit 2633.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJRGLhYAAoJENz1E/p+7RnzPIQP/jlIs7bmqqlrSsRowu19jmTL
yOe9W+Mu9v386W3wK/q8zmTwyao3we6R6mP+7+ps1CEzzhJt0lU8B0GowzgZWAQf
i/oTuPNyW5Ml/C9mn1L4EVfH5g9eoJ4FI9oGoZjVaiJBo+px+mRgSc6QmYVEQ17M
oo0+TdVe29srxozuylKEzGLoP2lRmuT7i8Qnam5ilyy4b1nokw3mjn8OlyLAWiX6
g+FqUcV0wBrmKWQjpspsJXs1ILzjkEZzXYYRVGQgR7138k2NRVsCs6A5CnOM9i6N
YxPDy3z3j4XY783JfAUigMBSYUgtjWcps2XMu1/SPF2lreTqqRhKMoZV6ohbuj5i
wGvZ6q/jmb+3hz+uvfLlJdO7oqZ5rXrINuQEG2Xp+n9SIK2v6tQgT6oMLQ5iLggQ
cxeqv3o0SNJe9cbL9dvvylGUPHFnGUgm/FC3D4OUNtiQtMraecAmLmdB3KdzQ32C
56KYWALrq5QpWy6B2P9Jx5CSkLuNpq2rR/Ya+zkYn1aY2PLuIbg5yVkLY6GFjMvI
qH6s2QoIV1jk8caMj48O3aAUVQnzuOA9MTbws1s1NngjJleAhWnmQ7hoike5HRh4
+Ne9g/WoyovHOk/A7pVQvB2f+pB3q5QLqyZhgEqjQMQhbwZgwE+0OLysxYg2Uhij
cJ5/DcoSC2lFKEpySGUR
=VPya
-----END PGP SIGNATURE-----


More information about the Pdns-dev mailing list