[Pdns-users] PowerDNS Recursor 3.5-RC4 released!

Odhiambo Washington odhiambo at gmail.com
Sat Apr 6 12:39:43 UTC 2013


Could pdns-recursor be made to compile with a specific path where the
binary should be installed? I'd like mine installing to /usr/local/sbin/ as
opposed to /usr/sbin


On 5 April 2013 10:55, Peter van Dijk <peter.van.dijk at netherlabs.nl> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi everybody,
>
> Release Candidate 4 of the PowerDNS Recursor 3.5 is available from:
>
> source: http://powerdnssec.org/downloads/pdns-recursor-3.5-rc4.tar.bz2
> semistatic packages: http://powerdnssec.org/downloads/packages/
> RHEL5/6 native:
> http://www.monshouwer.eu/download/3rd_party/pdns-recursor/rc4/
>
> You are cordially invited to (carefully) test this Release Candidate for
> correct behaviour.
>
> RC3 was skipped because the ever vigilant Winfried Angele spotted an
> issue with it even before we had fully released it!
>
> Full release notes, with clickable links, are available from:
> http://doc.powerdns.com/changelog.html#changelog-recursor-3-5
>
> Here is a text-only version:
>
> This is a stability, security and bugfix update to 3.3/3.3.1. It contains
> important fixes for slightly broken domain names, which your users expect
> to
> work anyhow.
>
> [Note] Note
>        Because a semi-sanctioned 3.4-pre was distributed for a long time,
> and
>        people have come to call that 3.4, we are skipping an actual 3.4
> release
>        to avoid confusion.
>
> Changes between RC3 (unreleased) and RC4:
>
>   * Winfried Angele spotted, even before release, that r3132 in RC3 broke
>     outgoing IPv6 queries. We are grateful for his attention to detail!
> Fixed
>     in r3141.
>
> Changes between RC2 and RC3 (unreleased):
>
>   * Use private temp dir when running under systemd, thanks Morten Stevens
> and
>     Ruben Kerkhof. Change in r3105.
>
>   * NSD mistakenly compresses labels for RP and other types, violating a
> MUST
>     in RFC 3597. Recursor does not decompress these labels, violating a
> SHOULD
>     in RF3597. We now decompress these labels, and reportedly NSD will stop
>     compressing them. Reported by Jan-Piet Mens, fixed in r3109.
>
>   * When forwarding to another recursor, we would handle responses to ANY
>     queries incorrectly. Spotted by Jan-Piet Mens, fixed in r3116, closes
>     ticket 704.
>
>   * Our local-nets definition (used as a default for some settings) now
>     includes the networks from RFC 3927 and RFC 6598. Reported by Maik
>     Zumstrull, fixed in r3122.
>
>   * The RC1 change to stop using ANY queries to get A+AAAA for name
> servers in
>     one go had a 5% performance impact. This impact is corrected in r3132.
>     Thanks to Winfried Angele for measuring and reporting this. Closees
> ticket
>     710.
>
>   * New command 'rec_control dump-nsspeeds' will dump our NS speeds
> (latency)
>     cache. Code in r3131.
>
> Changes between RC1 and RC2:
>
>   * While Recursor 3.3 was not vulnerable to the specific attack noted in
>     'Ghost Domain Names: Revoked Yet Still Resolvable', further
> investigation
>     showed that a variant of the attack could work. This was fixed in
> r3085.
>     This should also close the slightly bogus CVE-2012-1193. Closes ticket
> 668.
>
>   * The auth-can-lower-ttl flag was removed, as it did not have any effect
> in
>     most situations, and thus did not operate as advertised. We now always
>     comply with the related parts of RFC 2181. Change in r3092, closing
> ticket
>     88.
>
> Changes below are in RC1 (and up).
>
> New features:
>
>   * The local zone server now understands wilcards, code in commit 2062.
>
>   * The Lua postresolve and nodata hooks, that had been distributed as a
>     '3.3-hooks' snapshot earlier, have been merged. Code in commit 2309.
>
>   * A new feature, rec_control trace-regex allows the tracing of lookups
> for
>     specific names. Code in commit 3044, commit 3073.
>
>   * A new setting, export-etc-hosts-suffix, adds a configurable suffix to
> names
>     imported from /etc/hosts. Code in commit 2544, commit 2545.
>
> Improvements:
>
>   * We now throttle queries that don't work less agressively, code in
> commit
>     1766.
>
>   * Various improvements in tolerance against broken auths, code in commit
> 1996
>     , commit 2188, commit 3074 (thanks Winfried).
>
>   * Additional processing is now optional, and disabled by default.
> Presumably
>     this yields a performance improvement. Change in commit 2542.
>
>   * rec_control reload-lua-script now reports errors. Code in commit 2627,
>     closing ticket 278.
>
>   * rec_control help now lists commands. Code in commit 2628.
>
>   * rec_control wipe-cache now also wipes the recursor's packet cache.
> Code in
>     commit 2880 from ticket 333.
>
>   * Morten Stevens contributed a systemd file. Import in commit 2966, now
> part
>     of the recursor tarball.
>
>   * commit 2990 updates the address of D.root-servers.net.
>
>   * Winfried Angele implemented and documented the ipv6-questions metric.
> Merge
>     in commit 3034, closing ticket 619.
>
>   * We no longer use ANY to get A+AAAA for nameservers, because some auth
>     operators have decided to break ANY lookups. As a bonus, we now track
> v4
>     and v6 latency separately. Change in commit 3064.
>
> Bugs fixed:
>
>   * Some unaligned memory access was corrected, code in commit 2060, commit
>     2122, commit 2123, which would cause problems on UltraSPARC.
>
>   * Garbage encountered during reload-acls could cause crashes. Fixed in
> commit
>     2323, closing ticket 330.
>
>   * The recursor would lose its root hints in a very rare situation.
> Corrected
>     in commit 2380.
>
>   * We did not always drop supplemental groups while dropping privileges.
>     Reported by David Black of Atlassian, fixed in commit 2524.
>
>   * Cache aging would sometimes get confused when we had a mix of expired
> and
>     non-expired records in cache. Spotted and fixed by Winfried Angele in
>     commit 3068, closing ticket 438.
>
>   * rec_control reload-acl no longer ignores arguments. Fix in commit 3037,
>     closing ticket 490.
>
>   * Since we re-parse our commandline in rec_control we've been doubling
> the
>     commands on the commandline, causing weird output. Reported by Winfried
>     Angele. Fixed in commit 2992, closing ticket 618. This issue was not
>     present in any officially released versions.
>
>   * commit 2879 drops some spurious stderr logging from Lua scripts, and
> makes
>     sure 'place' is always valid.
>
>   * We would sometimes refuse to resolve domains with just one nameserver
>     living at the apex. Fixed in commit 2817.
>
>   * We would sometimes stick RRs in the wrong parts of response packets.
> Fixed
>     in commit 2625.
>
>   * The ACL parser was too liberal, sometimes causing recursors to be very
>     open. Fixed in commit 2629, closing ticket 331.
>
>   * rec_control now honours socket-dir from recursor.conf. Fixed in commit
> 2630
>     .
>
>   * When traversing CNAME chains, sometimes we would end up with multiple
> SOAs
>     in the result. Fixed in commit 2633.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
>
> iQIcBAEBAgAGBQJRXoMoAAoJENz1E/p+7RnzyJEP/AmXqDNnypJg87lTvdRzM857
> vN78yBCGSZ/pPFaJOXwxvYXRPLw41VIJHnf7x2XKm+S0l0wtIm2ptGwXM1gNdTM1
> GtWIGfFDS2H+UchG3DkMCqo/DhFD9jblKaRI7VlcYTLKyvSm5KDSsB+uwC5p1+CE
> xbpQmbM6hwMmhn7Hw307uYvWWOHAcJim2KnWzBPDvdRDCqaZaTKO/E1nDPdCl9Bm
> dUDX3fkPWOg8o2vX+RkU3fh11O7TL2Q8sP48SB0VCD9NKBY3ZDstGPy+cJreYZmc
> yPj6nynWh6DVjq88wDucAZ1RZlPkUj1zj4EsYkBdNyN/7SF0vKQlnApNjWlZXna9
> EVYHiuPmsra7aEuvFCd3QNvtsOQ68ZkiRRe/M11Lv0NcJkzDwNPcrA8HsK8eY47Q
> t1N0IoP1N4L9i6VDSk2dpNfRMVCElGKmV+83M/grMvH49RMOcWxLLB0ywUQQ+4JM
> Atzu4UUHrWPaVbbQbMm82LYk3HULcQtOZKxXpi9GA7gLSdFcogcnDP+vBj5irTDN
> r2pWpooL9aFemXHfZc4Z8DDfCZQVeuZqaUmtVYihp4/tVepww+74ADa8gXlJw8Ii
> rLJHsTMlZM4OKK0kpepuUuvN6u4iUDIqD9gw+kXoJPBO/4Oa3AiPAP1DEmqPxfDd
> ZH1h+srjJWod5vhMh9Bo
> =LZ8N
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>



-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
"I can't hear you -- I'm using the scrambler."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130406/3eaa9d7d/attachment-0001.html>


More information about the Pdns-users mailing list