[Pdns-dev] Recursor 3.6.0 Release Candidate 1
Peter van Dijk
peter.van.dijk at netherlabs.nl
Fri May 30 11:39:47 CEST 2014
Release Candidate 1 of the PowerDNS Recursor 3.6.0 is available from:
semistatic packages: http://powerdnssec.org/downloads/packages/
RHEL5/6 native: https://www.monshouwer.eu/download/3rd_party/pdns-recursor/rc1/
You are cordially invited to (carefully) test this Release Candidate for
Full release notes, with clickable links, are available from:
Here is a text-only version:
This is a performance, feature and bugfix update to 3.5/3.5.3. It contains
important fixes for slightly broken domain names, which your users expect to
work anyhow. It also brings robust resilience against certain classes of
* commit aadceba: Implement minimum-ttl-override config setting, plus runtime
configurability via 'rec_control set-minimum-ttl'.
* Lots of work on the JSON API, which is exposed via Aki Tuomi's 'yahttp'.
Massive thanks to Christian Hofstaedtler for delivering this exciting new
functionality. Documentation & demo forthcoming, but code to use it is
available on GitHub.
* Lua modules can now use 'pdnslog(INFO..'), as described in ticket 1074,
implemented in commit 674a305
* Adopt any-to-tcp feature to the recursor. Based on a patch by Winfried
Angele. Closes ticket 836, commit 56b4d21 and commit e661a20.
* commit 2c78bd5: implement built-in statistics dumper using the 'carbon'
protocol, which is also understood by metronome (our mini-graphite). Use
'carbon-server', 'carbon-ourname' and 'carbon-interval' settings.
* New setting 'udp-truncation-threshold' to configure from how many bytes we
should truncate. commit a09a8ce.
* Proper support for CHaos class for CHAOS TXT queries. commit c86e1f2,
addition for lua in commit f94c53d, some warnings in commit 438db54
* Added support for Lua scripts to drop queries w/o further processing.
* Kevin Holly added qtype statistics to recursor and rec_control
(get-qtypelist) (commit 79332bf)
* Add support for include-files in configuration, also reload ACLs and zones
defined in them (commit 829849d, commit 242b90e, commit 302df81).
* Paulo Anes contributed server-down-max-fails which helps combat Recursive
DNS based amplification attacks. Described in this post. Also comes with
new metric 'failed-host-entries' in commit 406f46f.
* commit 21e7976: Implement "followCNAMERecords" feature in the Lua hooks.
* commit 06ea901: make pdns-distributes-queries use a hash so related queries
get sent to the same thread. Original idea by Winfried Angele. Astoundingly
effective, approximately halves CPU usage!
* commit b13e737: --help now writes to stdout instead of stderr. Thanks
* To aid in limiting DoS attacks, when truncating a response, we actually
truncate all the way so only the question remains. Suggested in ticket 1092
, code in commit add935a.
* No longer experimental, the switch 'pdns-distributes-queries' can improve
multi-threaded performance on Linux (various cleanup commits).
* Update to embedded PolarSSL, plus remove previous AES implementation and
shift to PolarSSL (commit e22d9b4, commit 990ad9a)
* commit 92c0733 moves various Lua magic constants into an enum namespace.
* set group and supplementary groups before chroot (commit 6ee50ce, ticket
* commit 4e9a20e: raise our socket buffer setting so it no longer generates a
warning about lowering it.
* commit 4e9a20e: warn about Linux suboptimal IPv6 settings if we detect
* SIGUSR2 turns on a 'trace' of all DNS traffic, a second SIGUSR2 now turns
it off again. commit 4f217ce.
* Various fixes for Lua 5.2.
* commit 81859ba: No longer attempt to answer questions coming in from port
0, reply would not reach them anyhow. Thanks to Niels Bakker and
'sid3windr' for insight & debugging. Closes ticket 844.
* commit b1a2d6c: now, I'm not one to get OCD over things, but that log
message about stats based on 1801 seconds got to me. 1800 now.
* 0c9de4fc: stay away from getaddrinfo unless we really can't help it for
ascii ipv6 conversions to binary
* commit 08f3f63: fix average latency calculation, closing ticket 424.
* commit 75ba907: Some of our counters were still 32 bits, now 64.
* commit 2f22827: Fix statistics and stability when running with
* commit 6196f90: avoid merging old and new additional data, fixes an issue
caused by weird (but probably legal) Akamai behaviour
* commit 3a8a4d6: make sure we don't exceed the number of available
filedescriptors for mthreads. Raises performance in case of DoS. See this
post for further details.
* commit 7313fe6: implement indexed packet cache wiping for recursor, orders
of magnitude faster. Important when reloading all zones, which causes
massive cache cleaning.
* rec_control get-all would include 'cache-bytes' and 'packetcache-bytes',
which were expensive operations, too expensive for frequent polling.
Removed in commit 8e42d27.
* All old workarounds for supporting Windows of the XP era have been removed.
* Fix issues on S390X based systems which have unsigned characters (commit
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Pdns-dev