[Pdns-users] PowerDNS Recursor 3.0 Released!

bert hubert bert.hubert at netherlabs.nl
Thu Apr 20 14:09:53 UTC 2006

Released 20th of April 2006, download from:




   HTML version of these notes, with clickable links is available on:


   This is the first separate release of the PowerDNS Recursor. There are
   many reasons for this, one of the most important ones is that previously
   we could only do a release when both the recursor and the authoritative
   nameserver were fully tested and in good shape. The split allows us to
   release new versions when each part is ready.

   Now for the real news. This version of the PowerDNS recursor powers the
   network access of over two million internet connections. Two large access
   providers have been running pre-releases of 3.0 for the past few weeks and
   results are good. Furthermore, the various pre-releases have been tested
   nearly non-stop with DNS traffic replayed at 3000 queries/second.

   As expected, the 2 million househoulds shook out some very rare bugs. But
   even a rare bug happens once in a while when there are this many users.

   We consider this version of the PowerDNS recursor to be the most advanced
   resolver publicly available. Given current levels of spam, phishing and
   other forms of internet crime we think no recursor should offer less than
   the best in spoofing protection. We urge all operators of resolvers
   without proper spoofing countermeasures to consider PowerDNS, as it is a
   Better Internet Nameserver Daemon.

   A good article on DNS spoofing can be found here. Some more information,
   based on a previous version of PowerDNS, can be found on the PowerDNS
   development blog.

   Warning Because of recent DNS based denial of service attacks, running an  
           open recursor has become a security risk. Therefore, unless        
           configured otherwise this version of PowerDNS will only listen on  
           localhost, which means it does not resolve for hosts on your       
           network. To fix, configure the local-address setting with all      
           addresses you want to listen on. Additionally, by default service  
           is restricted to RFC 1918 private IP addresses. Use allow-from to  
           selectively open up the recursor for your own network. See Section 
           12.1 for details.                                                  

   Important new features of the PowerDNS recursor 3.0:

     * Best spoofing protection and detection we know of. Not only is
       spoofing made harder by using a new network address for each query,
       PowerDNS detects when an attempt is made to spoof it, and temporarily
       ignores the data. For details, see Section 12.4.1.

     * First nameserver to benefit from epoll/kqueue/Solaris completion ports
       event reporting framework, for stellar performance.

     * Best statistics of any recursing nameserver we know of, see Section

     * Last-recently-used based cache cleanup algorithm, keeping the 'best'
       records in memory

     * First class Solaris support, built on a 'try and buy' Sun CoolThreads
       T 2000.

     * Full IPv6 support, implemented natively.

     * Access filtering, both for IPv4 and IPv6.

     * Experimental SMP support for nearly double performance. See Section

   Many people helped package and test this release. Jorn Ekkelenkamp of
   ISP-Services helped find the '8000 SOAs' bug and spotted many other
   oddities and XS4ALL internet funded a lot of the recent development.
   Joaquin M Lopez Munoz of the boost::multi_index_container was again of
   great help.

http://www.PowerDNS.com      Open source, database driven DNS Software 
http://netherlabs.nl              Open and Closed source services

More information about the Pdns-users mailing list