[Pdns-dev] Recursor 3.6.0 Release Candidate 1

Peter van Dijk peter.van.dijk at netherlabs.nl
Fri May 30 11:39:47 CEST 2014


Hi everybody,

Release Candidate 1 of the PowerDNS Recursor 3.6.0 is available from:

source: http://powerdnssec.org/downloads/pdns-recursor-3.6.0-rc1.tar.bz2
semistatic packages: http://powerdnssec.org/downloads/packages/
RHEL5/6 native: https://www.monshouwer.eu/download/3rd_party/pdns-recursor/rc1/

You are cordially invited to (carefully) test this Release Candidate for
correct behaviour.

Full release notes, with clickable links, are available from:
http://doc.powerdns.com/html/changelog.html#changelog-recursor-3.6.0

Here is a text-only version:

This is a performance, feature and bugfix update to 3.5/3.5.3. It contains
important fixes for slightly broken domain names, which your users expect to
work anyhow. It also brings robust resilience against certain classes of
attacks.

New features:

  * commit aadceba: Implement minimum-ttl-override config setting, plus runtime
    configurability via 'rec_control set-minimum-ttl'.

  * Lots of work on the JSON API, which is exposed via Aki Tuomi's 'yahttp'.
    Massive thanks to Christian Hofstaedtler for delivering this exciting new
    functionality. Documentation & demo forthcoming, but code to use it is
    available on GitHub.

  * Lua modules can now use 'pdnslog(INFO..'), as described in ticket 1074,
    implemented in commit 674a305

  * Adopt any-to-tcp feature to the recursor. Based on a patch by Winfried
    Angele. Closes ticket 836, commit 56b4d21 and commit e661a20.

  * commit 2c78bd5: implement built-in statistics dumper using the 'carbon'
    protocol, which is also understood by metronome (our mini-graphite). Use
    'carbon-server', 'carbon-ourname' and 'carbon-interval' settings.

  * New setting 'udp-truncation-threshold' to configure from how many bytes we
    should truncate. commit a09a8ce.

  * Proper support for CHaos class for CHAOS TXT queries. commit c86e1f2,
    addition for lua in commit f94c53d, some warnings in commit 438db54
    however.

  * Added support for Lua scripts to drop queries w/o further processing.
    commit 0478c54.

  * Kevin Holly added qtype statistics to recursor and rec_control
    (get-qtypelist) (commit 79332bf)

  * Add support for include-files in configuration, also reload ACLs and zones
    defined in them (commit 829849d, commit 242b90e, commit 302df81).

  * Paulo Anes contributed server-down-max-fails which helps combat Recursive
    DNS based amplification attacks. Described in this post. Also comes with
    new metric 'failed-host-entries' in commit 406f46f.

  * commit 21e7976: Implement "followCNAMERecords" feature in the Lua hooks.

Improvements:

  * commit 06ea901: make pdns-distributes-queries use a hash so related queries
    get sent to the same thread. Original idea by Winfried Angele. Astoundingly
    effective, approximately halves CPU usage!

  * commit b13e737: --help now writes to stdout instead of stderr. Thanks
    Winfried Angele.

  * To aid in limiting DoS attacks, when truncating a response, we actually
    truncate all the way so only the question remains. Suggested in ticket 1092
    , code in commit add935a.

  * No longer experimental, the switch 'pdns-distributes-queries' can improve
    multi-threaded performance on Linux (various cleanup commits).

  * Update to embedded PolarSSL, plus remove previous AES implementation and
    shift to PolarSSL (commit e22d9b4, commit 990ad9a)

  * commit 92c0733 moves various Lua magic constants into an enum namespace.

  * set group and supplementary groups before chroot (commit 6ee50ce, ticket
    1198).

  * commit 4e9a20e: raise our socket buffer setting so it no longer generates a
    warning about lowering it.

  * commit 4e9a20e: warn about Linux suboptimal IPv6 settings if we detect
    them.

  * SIGUSR2 turns on a 'trace' of all DNS traffic, a second SIGUSR2 now turns
    it off again. commit 4f217ce.

  * Various fixes for Lua 5.2.

  * commit 81859ba: No longer attempt to answer questions coming in from port
    0, reply would not reach them anyhow. Thanks to Niels Bakker and
    'sid3windr' for insight & debugging. Closes ticket 844.

  * commit b1a2d6c: now, I'm not one to get OCD over things, but that log
    message about stats based on 1801 seconds got to me. 1800 now.

Fixes:

  * 0c9de4fc: stay away from getaddrinfo unless we really can't help it for
    ascii ipv6 conversions to binary

  * commit 08f3f63: fix average latency calculation, closing ticket 424.

  * commit 75ba907: Some of our counters were still 32 bits, now 64.

  * commit 2f22827: Fix statistics and stability when running with
    pdns-distributes-queries.

  * commit 6196f90: avoid merging old and new additional data, fixes an issue
    caused by weird (but probably legal) Akamai behaviour

  * commit 3a8a4d6: make sure we don't exceed the number of available
    filedescriptors for mthreads. Raises performance in case of DoS. See this
    post for further details.

  * commit 7313fe6: implement indexed packet cache wiping for recursor, orders
    of magnitude faster. Important when reloading all zones, which causes
    massive cache cleaning.

  * rec_control get-all would include 'cache-bytes' and 'packetcache-bytes',
    which were expensive operations, too expensive for frequent polling.
    Removed in commit 8e42d27.

  * All old workarounds for supporting Windows of the XP era have been removed.

  * Fix issues on S390X based systems which have unsigned characters (commit
    916a0fd)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.powerdns.com/pipermail/pdns-dev/attachments/20140530/7088bb1c/attachment.pgp>


More information about the Pdns-dev mailing list