[Pdns-users] PowerDNS Recursor 3.0 Released!
bert.hubert at netherlabs.nl
Thu Apr 20 14:09:53 UTC 2006
Released 20th of April 2006, download from:
HTML version of these notes, with clickable links is available on:
This is the first separate release of the PowerDNS Recursor. There are
many reasons for this, one of the most important ones is that previously
we could only do a release when both the recursor and the authoritative
nameserver were fully tested and in good shape. The split allows us to
release new versions when each part is ready.
Now for the real news. This version of the PowerDNS recursor powers the
network access of over two million internet connections. Two large access
providers have been running pre-releases of 3.0 for the past few weeks and
results are good. Furthermore, the various pre-releases have been tested
nearly non-stop with DNS traffic replayed at 3000 queries/second.
As expected, the 2 million househoulds shook out some very rare bugs. But
even a rare bug happens once in a while when there are this many users.
We consider this version of the PowerDNS recursor to be the most advanced
resolver publicly available. Given current levels of spam, phishing and
other forms of internet crime we think no recursor should offer less than
the best in spoofing protection. We urge all operators of resolvers
without proper spoofing countermeasures to consider PowerDNS, as it is a
Better Internet Nameserver Daemon.
A good article on DNS spoofing can be found here. Some more information,
based on a previous version of PowerDNS, can be found on the PowerDNS
Warning Because of recent DNS based denial of service attacks, running an
open recursor has become a security risk. Therefore, unless
configured otherwise this version of PowerDNS will only listen on
localhost, which means it does not resolve for hosts on your
network. To fix, configure the local-address setting with all
addresses you want to listen on. Additionally, by default service
is restricted to RFC 1918 private IP addresses. Use allow-from to
selectively open up the recursor for your own network. See Section
12.1 for details.
Important new features of the PowerDNS recursor 3.0:
* Best spoofing protection and detection we know of. Not only is
spoofing made harder by using a new network address for each query,
PowerDNS detects when an attempt is made to spoof it, and temporarily
ignores the data. For details, see Section 12.4.1.
* First nameserver to benefit from epoll/kqueue/Solaris completion ports
event reporting framework, for stellar performance.
* Best statistics of any recursing nameserver we know of, see Section
* Last-recently-used based cache cleanup algorithm, keeping the 'best'
records in memory
* First class Solaris support, built on a 'try and buy' Sun CoolThreads
* Full IPv6 support, implemented natively.
* Access filtering, both for IPv4 and IPv6.
* Experimental SMP support for nearly double performance. See Section
Many people helped package and test this release. Jorn Ekkelenkamp of
ISP-Services helped find the '8000 SOAs' bug and spotted many other
oddities and XS4ALL internet funded a lot of the recent development.
Joaquin M Lopez Munoz of the boost::multi_index_container was again of
http://www.PowerDNS.com Open source, database driven DNS Software
http://netherlabs.nl Open and Closed source services
More information about the Pdns-users