[Pdns-dev] Authoritative Server 3.4.0 Release Candidate 1

Peter van Dijk peter.van.dijk at netherlabs.nl
Fri Aug 1 13:37:54 CEST 2014 

Hi everybody,

Release Candidate 1 of the PowerDNS Authoritative Server 3.4.0 is available from:

http://powerdnssec.org/downloads/pdns-3.4.0-rc1.tar.bz2
http://powerdnssec.org/downloads/packages/pdns-static-3.4.0rc1-1.i386.rpm
http://powerdnssec.org/downloads/packages/pdns-static-3.4.0rc1-1.x86_64.rpm
http://powerdnssec.org/downloads/packages/pdns-static_3.4.0-rc1-1_amd64.deb
http://powerdnssec.org/downloads/packages/pdns-static_3.4.0-rc1-1_i386.deb

You are cordially invited to (carefully) test this Release Candidate for
correct behaviour.

Full release notes, with clickable links, are available from:
http://doc.powerdns.com/changelog.html#changelog-auth-3.4.0

Here is a text-only version:

This is a performance, feature, bugfix and conformity update to 3.3.1 and any
earlier version. It contains a huge amount of work by various contributors, to
whom we are very grateful.

A list of changes since 3.3.1 follows.

DNSSEC changes:

  * commit bba8413: add option (max-signature-cache-entries) to limit the
    maximum number of cached signatures.

  * commit 28b66a9: limit the number of NSEC3 iterations (see RFC5155 10.3),
    with the max-nsec3-iterations option.

  * commit b50efd6: drop the 'superfluous NSEC3' option that old BIND
    validators need.

  * The bindbackend 'hybrid' mode was reintroduced by Kees Monshouwer. Enable
    it with bind-hybrid.

  * Aki Tuomi contributed experimental PKCS#11 support for DNSSEC key
    management with a (Soft)HSM.

  * Direct RRSIG queries now return NOTIMP.

  * commit fa37777: add secure-all-zones command to pdnssec

  * Unrectified zones can now get rectified 'on the fly' during outgoing AXFR.
    This makes it possible to run a hidden signing master without
    rectification.

  * commit 82fb538: AXFR in: don't accept zones with a mixture of Opt-Out NSEC3
    RRs and non-Opt-Out NSEC3 RRs

  * Various minor bugfixes, mostly from the unstoppable Kees Monshouwer.

  * commit 0c4c552: set non-zero exit status in pdnssec if an exception was
    thrown, for easier automatic usage.

  * commit b8bd119: pdnssec -v show-zone: Print all keys instead of just entry
    point keys.

  * commit 52e0d78: answer direct NSEC queries without DO bit

  * commit ca2eb01: output ZSK DNSKEY records if experimental-direct-dnskey
    support is enabled

  * commit 83609e2: SOA-EDIT: fix INCEPTION-INCREMENT handling

  * commit ac4a2f1: AXFR-out can handle secure and insecure NSEC3 optout
    delegations

  * commit ff47302: AXFR-in can handle secure and insecure NSEC3 optout
    delegations

New features:

  * DNAME support. Enable with experimental-dname-processing.

  * PowerDNS can now send stats directly to Carbon servers. Enable with
    carbon-server, tweak with carbon-ourname and carbon-interval.

  * commit 767da1a: Add list-zone capability to pdns_control

  * commit 51f6bca: Add delete-zone to pdnssec.

  * The gsql backends now support record comments, and disabling records.

  * The new reuseport config option allows setting SO_REUSEPORT, which allows
    for some performance improvements.

  * local-address-nonexist-fail and local-ipv6-nonexist-fail allow pdns to
    start up even if some addresses fail to bind.

  * commit b8bd119: pdnssec -v show-zone: Print all keys instead of just entry
    point keys.

  * commit 52e0d78: answer direct NSEC queries without DO bit

  * commit ca2eb01: output ZSK DNSKEY records if experimental-direct-dnskey
    support is enabled

  * commit 83609e2: SOA-EDIT: fix INCEPTION-INCREMENT handling

  * commit ac4a2f1: AXFR-out can handle secure and insecure NSEC3 optout
    delegations

  * commit ff47302: AXFR-in can handle secure and insecure NSEC3 optout
    delegations

New features:

  * DNAME support. Enable with experimental-dname-processing.

  * PowerDNS can now send stats directly to Carbon servers. Enable with
    carbon-server, tweak with carbon-ourname and carbon-interval.

  * commit 767da1a: Add list-zone capability to pdns_control

  * commit 51f6bca: Add delete-zone to pdnssec.

  * The gsql backends now support record comments, and disabling records.

  * The new reuseport config option allows setting SO_REUSEPORT, which allows
    for some performance improvements.

  * local-address-nonexist-fail and local-ipv6-nonexist-fail allow pdns to
    start up even if some addresses fail to bind.

  * commit 719f902: fix dual-stack superslave when multiple namservers share a
    ip

  * commit 33966bf: avoid address truncation in doNotifications

  * commit eac85b1: prevent duplicate slave notications caused by different
    ipv6 address formatting

  * commit 3c8a711: make notification queue ipv6 compatible

  * commit 0c13e45: make isMaster ip check more tolerant for different ipv6
    notations

  * Various fixes for possible issues reported by Coverity Scan (commit f17c93b
    , )

  * commit 9083987: don't rely on included polarssl header files when using
    system polarssl. Spotted by Oden Eriksson of Mandriva, thanks!

  * Various users reported pdns_control hangs, especially when using the
    guardian. We are confident that all causes of these hangs are now gone.

  * Decreasing the webserver ringbuffer size could cause crashes.

  * commit 4c89cce: nproxy: Add missing chdir("/") after chroot()

  * commit 016a0ab: actually notice timeout during AXFR retrieve, thanks hkraal

REST API changes:

  * The REST API was much improved and is nearing stability, thanks to
    Christian Hofstaedtler and others.

  * Mark Schouten at Tuxis contributed a zone importer.

Other changes:

  * Our tarballs and packages now include *.sql schema files for the SQL
    backends.

  * The webserver (including API) now has an ACL (webserver-allow-from).

  * Webserver (including API) is now powered by YaHTTP.

  * Various autotools usage improvements from Ruben Kerkhof.

  * The dist tarball is now bzip2-compressed instead of gzip.

  * Various remotebackend updates, including replacing curl with (included)
    yahttp.

  * Dynamic module loading is now allowed on Mac OS X.

  * The AXFR ACL (allow-axfr-ips) now defaults to 127.0.0.0/8,::1 instead of
    the whole world.

  * commit ba91c2f: remove unused gpgsql-socket option and document postgres
    socket usage

  * Improved support for Lua 5.2.

  * The edns-subnet option code is now fixed at 8, and the
    edns-subnet-option-numbers option has been removed.

  * geobackend now has very limited edns-subnet support - it will use the
    'real' remote if available.

  * pipebackend ABI v4 adds the zone name to the AXFR command.

  * We now avoid getaddrinfo() as much as possible.

  * The packet cache now handles (forwarded) recursive answers better,
    including TTL aging and respecting allow-recursion.

  * commit ff5ba4f: pdns_server --help no longer exits with 1.

  * Mark Zealey contributed an experimental LMDB backend. Kees Monshouwer added
    experimental DNSSEC support to it. Thanks, both!

  * commit 81859ba: No longer attempt to answer questions coming in from port
    0, reply would not reach them anyhow. Thanks to Niels Bakker and sid3windr
    for insight & debugging. Closes ticket 844.

  * RCodes are now reported in text in various places, thanks Aki.

  * Kees Monshouwer set up automatic testing for the oracle and goracle
    backends, and fixed various issues in them.

  * Leftovers of previous support for Windows have been removed, thanks to Kees
    Monshouwer, Aki Tuomi.

  * Bundled PolarSSL has been upgraded to 1.3.2

  * PolarSSL replaced previously bundled implementations of AES (commit e22d9b4
    ) and SHA (commit 9101035)

  * bindbackend is now a module

  * commit 14a2e52: Use the inet data type for supermasters.ip on postgrsql.

  * We now send an empty SERVFAIL when a CNAME chain is too long, instead of
    including the partial chain.

  * commit 3613a51: Show built-in features in --version output

  * commit 4bd7d35: make domainmetadata queries case insensitive

  * commit 088c334: output warning message when no to be notified NS's are
    found

  * commit 5631b44: gpsqlbackend: use empty defaults for dbname and user; libpq
    will use the current user name for both by default

  * commit d87ded3: implement udp-truncation-threshold to override the previous
    1680 byte maximum response datagram size - no matter what EDNS0 said. Plus
    document it.

  * Implement udp-truncation-threshold to override the previous 1680 byte
    maximum response datagram size - no matter what EDNS0 said.

  * On shutdown, PowerDNS now attempts to stop all processes in its process
    group, especially useful for pipe/remotebackend users. Feature donated by
    Spotify.

  * Removed settings related to fancy records, as we haven't supported those
    since version 3.0

  * Based on earlier work by Mark Zealey, Kees Monshouwer increased our packet
    cache performance between 200% and 500% depending on the situation, by
    simplifying some code in commit 801812e and commit 8403ade.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.powerdns.com/pipermail/pdns-dev/attachments/20140801/02e7e1d2/attachment.pgp>

More information about the Pdns-dev mailing list