[Pdns-users] PowerDNS Authoritative Server 3.2 Release Candidate 2 available
Peter van Dijk
peter.van.dijk at netherlabs.nl
Wed Dec 19 12:33:52 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Release Candidate 2 of the PowerDNS Authoritative Server 3.2 is available from:
You are cordially invited to (carefully) test this Release Candidate for
Full release notes, with clickable links, are available from:
Changes between RC1 and RC2:
* Aki Tuomi contributed zone2json, a great way for programmers to benefit
from our zone file parser. Code in commit 2997, closes ticket 509.
* Our DNS TXT parser is not 8-bit safe, but our DNS TXT writer assumes the
reader is! Reported by Jan-Piet Mens in ticket 541, commit 2993 fixes our
writer but not yet our parser.
* Ruben d'Arco did some improvements to the MyDNS backend, and provided a
full test suite for it, that we now run after every commit. Code in commit
* Some exceptions from backends would lose their meaning while bubbling up.
Fixed by Aki Tuomi in commit 2985, closing ticket 639.
* The packet-cache honours max reply length while matching cached packets
against queries, but not EDNS status. This would mean that EDNS-enabled
replies with a 512 reply len could be returned on non-EDNS queries. Spotted
while investigating a report from Winfried Angele, patched by Ruben d'Arco
in commit 2982, closing ticket 630.
* Errors involving creating, deletion or changing permissions on the control
socket were unclear. Ruben d'Arco improved this in commit 2981.
* pipe-timeout was always documented to be in milliseconds, but it turns out
it was in seconds! commit 2971 changes them to actually be in ms, and
'increases' the default from 1000 seconds to 2000 milliseconds.
* Some exceptions would get dropped during inbound AXFR, yielding a log file
that says 'transaction started' and nothing after that, making AXFR fail
silently. commit 2976 and commit 2977 improve this somewhat.
* We now error out on empty labels inside of names (www..example.com) instead
of generating bogus reply packets. Code in commit 2972, reported by several
* Doing chmod before chown, instead of the other way around, apparently
avoids requiring a whole SELinux capability. Reported by Sander Hoentjen,
fixed in r2965.
* Christian Hofstaedtler fixed a bug in our Debian init.d script. Code in
* Superslave errors ('Unable to find backend willing to host ..') now include
the NSset found at the master, to aid debugging. Code in commit 2887.
* commit 2874 in RC1 broke compilation without SQLite3 and made query logging
unreliable. Fixed in commit 2888, commit 2889.
* The dnsreplay tool now processes single packet pcaps. Fix in commit 2895.
* PowerDNS always derives NSEC/NSEC3 from the actual zone content. To
accomodate this, zone2sql now drops NSEC/NSEC3 records, as those should
never be in a PowerDNS backend directly (commit 2915), bindbackend ignores
NSEC/NSEC3 while reading zonefiles (commit 2917) and pdnssec reports NSEC/
NSEC3 in the database as an error condition (commit 2918).
* The bindbackend now ignores NSEC/NSEC3 records while reading zonefiles.
Change in commit 2917.
* An EXPERIMENTAL feature ('direct-dnskey') for reading ZSKs from the records
table/your BIND zonefile was added in commit 2920, commit 2921, commit 2922
* While fully optional, PowerDNS supports direct RRSIG queries. Kees
Monshouwer improved on our behaviour for those queries in commit 2927.
* IPv6 glue situations require AAAA records for the receiving end of a
delegation in the ADDITIONAL section of a referral. This was supported
('do-ipv6-additional-processing') but not enabled by default. commit 2929
enables it by default.
* pdnssec check-zone now warns for CNAME-and-other data at names in your
zones. Code by Ruben d'Arco in commit 2930.
* Positive ANY-responses would include a spurious NSEC3. Corrected in commit
2932 and commit 2933, cleaned up by Kees Monshouwer in commit 2935.
* The ldapbackend now allows overriding the base dn for AXFR subtree search.
Fixed in commit 2934, closing ticket 536.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
-----END PGP SIGNATURE-----
More information about the Pdns-users