[Pdns-users] PowerDNS Recursor 3.2 Available
Steve Spencer
sspencer at kdsi.net
Mon Mar 8 14:27:58 UTC 2010
Just want to make sure this package is actually newer. I'm getting this
message when I attempt to update the recursor on an CentOS5.x box:
rpm -Uvh pdns-recursor-3.2-1.i386.rpm
Preparing... ###########################################
[100%]
package pdns-recursor-3.1.7.2-1.el5.MIND.i386 (which is newer than
pdns-recursor-3.2-1.i386) is already installed
bert hubert wrote:
> Hi everybody,
>
> Please find below the release notes of the PowerDNS Recursor version 3.2!
>
> Compared to RC1 and RC2 this version mostly contains compilation and
> platform fixes (for Solaris and CentOS4/RHEL4), as well as improved
> statistics, diagnostics and '--help' output, and assorted small useability
> fixes.
>
> RC1 and RC2 are already deployed in a number of large places, and it appears
> to be holding up well. In addition, a number of future users have performed
> stringent testing and performance measurements, and it appears this version
> works satisfactorily.
>
> It is also observed that this release candidate provides for vastly improved
> performance compared to 3.1.7.*, even bringing us close to the very
> impressive numbers measured by users of the Nominum Vantio and Nominum CNS
> software. On modern hardware, the PowerDNS Recursor may in fact be faster,
> and certainly better value for money. For more details, please see below.
>
> The PowerDNS Recursor 3.2 releases is a highly recommended upgrade.
>
> We are very interested in hearing your experiences, and if there are any
> issues, please let us know.
>
> Download from:
>
> http://downloads.powerdns.com/releases/pdns-recursor-3.2.tar.bz2
> http://downloads.powerdns.com/releases/deb/pdns-recursor_3.2-1_i386.deb
> http://downloads.powerdns.com/releases/rpm/pdns-recursor-3.2-1.i386.rpm
> http://downloads.powerdns.com/releases/deb/pdns-recursor_3.2-1_amd64.deb
> http://downloads.powerdns.com/releases/rpm/pdns-recursor-3.2-1.x86_64.rpm
> These directories also contain PGP signatures.
>
> Please note that the 'universal' RPMs are, in fact, too new for RHEL4 and
> derived distributions. It is expected that in the coming week,
> RHEL4-compatible RPMs will be announced.
>
> (Nominum, Nominum CNS & Nominum Vantio are trademarks owned by
> Nominum)
>
> Release notes
> -------------
> Version with clickable links:
> http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-2
>
> Warning!
>
> Lua scripts from version 3.1.7.* are fully compatible with
> version 3.2. However, scripts written for development snapshot
> releases, are NOT. Please see Section 12.7 for details!
>
> The 3.2 release is the first major release of the PowerDNS
> Recursor in a long time. Partly this is because 3.1.7.*
> functioned very well, and delivered satisfying performance,
> partly this is because in order to really move forward, some
> heavy lifting had to be done.
>
> As always, we are grateful for the large PowerDNS community
> that is actively involved in improving the quality of our
> software, be it by submitting patches, by testing development
> versions of our software or helping debug interesting issues.
> We specifically want to thank Stefan Schmidt and Florian
> Weimer, who both over the years have helped tremendously in
> keeping PowerDNS fast, stable and secure.
>
> This version of the PowerDNS Recursor contains a rather novel
> form of lock-free multithreading, a situation that comes close
> to the old '--fork' trick, but allows the Recursor to fully
> utilize multiple CPUs, while delivering unified statistics and
> operational control.
>
> In effect, this delivers the best of both worlds: near linear
> scaling, with almost no administrative overhead.
>
> Compared to 'regular multithreading', whereby threads cooperate
> more closely, more memory is used, since each thread maintains
> its own DNS cache. However, given the economics, and the
> relatively limited total amount of memory needed for high
> performance, this price is well worth it.
>
> In practical numbers, over 40,000 queries/second sustained
> performance has now been measured by a third party, with a
> 100.0% packet response rate. This means that the needs of
> around 400,000 residential connections can now be met by a
> single commodity server.
>
> In addition to the above, the PowerDNS Recursor is now
> providing resolver service for many more Internet users than
> ever before. This has brought with it 24/7 Service Level
> Agreements, and 24/7 operational monitoring by networking
> personnel at some of the largest telecommunications companies
> in the world.
>
> In order to facilitate such operation, more statistics are now
> provided that allow the visual verification of proper PowerDNS
> Recursor operation. As an example of this there are now graphs
> that plot how many queries were dropped by the operating system
> because of a CPU overload, plus statistics that can be
> monitored to determine if the PowerDNS deployment is under a
> spoofing attack.
>
> All in all, this is a large and important PowerDNS Release,
> paving the way for further innovation.
>
> Note
>
> This release removes support for the 'fork' multi-processor
> option. In addition, the default is now to spawn two threads.
> This has been done in such a way that total memory usage will
> remain identical, so each thread will use half of the allocated
> maximum number of cache entries.
>
> Changes between RC2 and -release:
>
> * 'Make install' when an existing configuration file
> contained a 'fork' statement has been fixed. Spotted by
> Darren Gamble, code in commit 1534.
> * Reloading a non-existant allow-from-file caused the control
> thread to stop working. Spotted by Imre Gergely, code in
> commit 1532.
> * Parser got confused by reading en empty line in
> auth-forward-zones. Spotted by Imre Gergely, code in commit
> 1533.
> * David Gavarret discovered undocumented and not-working
> settings to set the owner, group and access modes of the
> control socket. Code by Aki Tuomi and documentation in
> commit 1535. Fixup in commit 1536 for FreeBSD as found by
> Ralf van der Enden.
> * Tiny improvement possibly solving an issue on Solaris 10's
> completion port event multiplexer (commit 1537).
>
> Changes between RC1 and RC2:
>
> * Compilation on Solaris 10 has been fixed (various
> patchlevels had different issues), code in commit 1522.
> * Compatibility with CentOS4/RHEL4 has been restored, the gcc
> and glibc versions shipped with this distribution contain a
> Thread Local Storage bug which we now work around. Thanks
> to Darren Gamble and Imre Gergely for debugging this issue,
> code in commit 1527.
> * A failed setuid operation, because of misconfiguration,
> would result in a crash instead of an error message. Fixed
> in commit 1523.
> * Imre Gergely discovered that PowerDNS was doing spurious
> root repriming when invalidating nssets. Fixed in commit
> 1531.
> * Imre Gergely discovered our rrd graphs had not been changed
> for the new multithreaded world, and did not allow scaling
> beyond 200% cpu use. In addition, CPU usage graphs did not
> add up correctly. Implemented in commit 1524.
> * Andreas Jakum discovered the description of
> 'max-packetcache-entries' and 'forward-zones-recurse' was
> wrong in the output of '--help' and '--config'. In
> addition, some stray backup files made it into the RC1
> release. Addressed in commit 1529.
>
> Full release notes follow, including some overlap with the
> incremental release notes above. Improvements:
>
> * Multithreading, allowing near linear scaling to multiple
> CPUs or cores. Configured using 'threads=' (many commits).
> This also deprecates the '--fork' option.
> * Added ability to read a configuration item of a running
> PowerDNS Recursor using 'rec_control get-parameter' (commit
> 1243), suggested by Wouter de Jong.
> * Added ability to read all statistics in one go of a running
> PowerDNS Recursor using 'rec_control get-all' (commit
> 1496), suggested by Michael Renner.
> * Speedups in packet generation (Commits 1258, 1259, 1262)
> * TCP deferred accept() filter is turned on again for slight
> DoS protection. Code in commit 1414.
> * PowerDNS Recursor can now do TCP/IP queries to remote IPv6
> addresses (commit 1412).
> * Solaris 9 '/dev/poll' support added, Solaris 8 now
> deprecated. Changes in commit 1421, commit 1422, commit
> 1424, commit 1413.
> * Lua functions can now also see the address _to_ which a
> question was sent, using getlocaladdress(). Implemented in
> commit 1309 and commit 1315.
> * Maximum cache sizes now default to a sensible value.
> Suggested by Roel van der Made, implemented in commit 1354.
> * Domains can now be forwarded to IPv6 addresses too, using
> either ::1 syntax or [::1]:25. Thanks to Wijnand Modderman
> for discovering this issue, fixed in commit 1349.
> * Lua scripts can now load libraries at runtime, for example
> to calculate md5 hashes. Code by Winfried Angele in commit
> 1405.
> * Periodic statistics output now includes average queries per
> second, as well as packet cache numbers (commit 1493).
> * New metrics are available for graphing, plus added to the
> default graphs (commit 1495, commit 1498, commit 1503)
> * Fix errors/crashes on more recent versions of Solaris 10,
> where the ports functions could return ENOENT under some
> circumstances. Reported and debugged by Jan Gyselinck,
> fixed in commit 1372.
>
> New features:
>
> * Add pdnslog() function for Lua scripts, so errors or other
> messages can be logged properly.
> * New settings to set the owner, group and access modes of
> the control socket (socket-owner, socket-group,
> socket-mode). Code by Aki Tuomi and documentation in commit
> 1535. Fixup in commit 1536 for FreeBSD as found by Ralf van
> der Enden.
> * rec_control now accepts a --timeout parameter, which can be
> useful when reloading huge Lua scripts. Implemented in
> commit 1366.
> * Domains can now be forwarded with the 'recursion-desired'
> bit on or off, using either forward-zones-recurse or by
> prefixing the name of a zone with a '+' in
> forward-zones-file. Feature suggested by Darren Gamble,
> implemented in commit 1451.
> * Access control lists can now be reloaded at runtime
> (implemented in commit 1457).
> * PowerDNS Recursor can now use a pool of
> query-local-addresses to further increase resilience
> against spoofing. Suggested by Ad Spelt, implemented in
> commit 1426.
> * PowerDNS Recursor now also has a packet cache, greatly
> speeding up operations. Implemented in commit 1426, commit
> 1433 and further.
> * Cache can be limited in how long it maximally stores
> records, for BIND compatibility (TTL limiting), by setting
> max-cache-ttl.Idea by Winfried Angele, implemented in
> commit 1438.
> * Cache cleaning turned out to be scanning more of the cache
> than necessary for cache maintenance. In addition, far more
> frequent but smaller cache cleanups improve responsiveness.
> Thanks to Winfried Angele for discovering this issue.
> (commits 1501, 1507)
> * Performance graphs enhanced with separate CPU load and
> cache effectiveness plots, plus display of various overload
> situations (commits 1503)
>
> Compiler/Operating system/Library updates:
>
> * PowerDNS Recursor can now compile against newer versions of
> Boost (verified up to and including 1.42.0). Reported &
> fixed by Darix in commit 1274. Further fixes in commit
> 1275, commit 1276, commit 1277, commit 1283.
> * Fix compatibility with newer versions of GCC (closes ticket
> ticket 227, spotted by Ruben Kerkhof, code in commit 1345,
> more fixes in commit 1394, 1416, 1440).
> * Rrdtool update graph is now compatible with FreeBSD out of
> the box. Thanks to Bryan Seitz (commit 1517).
> * Fix up Makefile for older versions of Make (commit 1229).
> * Solaris compilation improvements (out of the box, no
> handwork needed).
> * Solaris 9 MTasker compilation fixes, as suggested by John
> Levon. Changes in commit 1431.
>
> Bug fixes:
>
> * Under rare circumstances, the recursor could crash on 64
> bit Linux systems running glibc 2.7, as found in Debian
> Lenny. These circumstances became a lot less rare for the
> 3.2 release. Discovered by Andreas Jakum and debugged by
> #powerdns, fix in commit 1519.
> * Imre Gergely discovered that PowerDNS was doing spurious
> root repriming when invalidating nssets. Fixed in commit
> 1531.
> * Configuration parser is now resistant against trailing tabs
> and other whitespace (commit 1242)
> * Fix typo in a Lua error message. Close ticket 210, as
> reported by Stefan Schmidt (commit 1319).
> * Profiled-build instructions were broken, discovered & fixes
> suggested by Stefan Schmidt. ticket 239, fix in commit
> 1462.
> * Fix up duplicate SOA from a remote authoritative server
> from showing up in our output (commit 1475).
> * All security fixes from 3.1.7.2 are included.
> * Under highly exceptional circumstances on FreeBSD the
> PowerDNS Recursor could crash because of a TCP/IP error.
> Reported and fixed by Andrei Poelov in ticket 192, fixed in
> commit 1280.
> * PowerDNS Recursor can be a root-server again. Error spotted
> by the ever vigilant Darren Gamble (t229), fix in commit
> 1458.
> * Rare TCP/IP errors no longer lead to PowerDNS Recursor
> logging errors or becoming confused. Debugged by Josh Berry
> of Plusnet PLC. Code in commit 1457.
> * Do not hammer parent servers in case child zones are
> misconfigured, requery at most once every 10 seconds.
> Reported & investigated by Stefan Schmidt and Andreas
> Jakum, fixed in commit 1265.
> * Properly process answers from remote authoritative servers
> that send error answers without including the original
> question (commit 1329, commit 1327).
> * No longer spontaneously turn on 'export-etc-hosts' after
> reloading zones. Discovered by Paul Cairney, reported in
> ticket 225, addressed in commit 1348.
> * Very abrupt server failure of large numbers of high-volume
> authoritative servers could trigger an out of memory
> situation. Addressed in commit 1505.
> * Make timeouts for queries to remote authoritative servers
> configurable with millisecond granularity. In addition, the
> old code turned out to consider the timeout expired when
> the integral number of seconds since 1970 increased by 1 -
> which *on average* is after 500ms. This might have caused
> spurious timeouts! New default timeout is 1500ms. See
> network-timeout setting for more details. Code in commit
> 1402.
>
> - ends -
_______________________________________________
Pdns-users mailing list
Pdns-users at mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users
--
--
Steven G. Spencer, Network Administrator
KSC Corporate - The Kelly Supply Family of Companies
Office 308-382-8764 Ext. 231
Mobile 308-380-7957
More information about the Pdns-users
mailing list