[Pdns-users] PowerDNS Recursor 3.5-RC4 released!
odhiambo at gmail.com
Sat Apr 6 12:39:43 UTC 2013
Could pdns-recursor be made to compile with a specific path where the
binary should be installed? I'd like mine installing to /usr/local/sbin/ as
opposed to /usr/sbin
On 5 April 2013 10:55, Peter van Dijk <peter.van.dijk at netherlabs.nl> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Hi everybody,
> Release Candidate 4 of the PowerDNS Recursor 3.5 is available from:
> source: http://powerdnssec.org/downloads/pdns-recursor-3.5-rc4.tar.bz2
> semistatic packages: http://powerdnssec.org/downloads/packages/
> RHEL5/6 native:
> You are cordially invited to (carefully) test this Release Candidate for
> correct behaviour.
> RC3 was skipped because the ever vigilant Winfried Angele spotted an
> issue with it even before we had fully released it!
> Full release notes, with clickable links, are available from:
> Here is a text-only version:
> This is a stability, security and bugfix update to 3.3/3.3.1. It contains
> important fixes for slightly broken domain names, which your users expect
> work anyhow.
> [Note] Note
> Because a semi-sanctioned 3.4-pre was distributed for a long time,
> people have come to call that 3.4, we are skipping an actual 3.4
> to avoid confusion.
> Changes between RC3 (unreleased) and RC4:
> * Winfried Angele spotted, even before release, that r3132 in RC3 broke
> outgoing IPv6 queries. We are grateful for his attention to detail!
> in r3141.
> Changes between RC2 and RC3 (unreleased):
> * Use private temp dir when running under systemd, thanks Morten Stevens
> Ruben Kerkhof. Change in r3105.
> * NSD mistakenly compresses labels for RP and other types, violating a
> in RFC 3597. Recursor does not decompress these labels, violating a
> in RF3597. We now decompress these labels, and reportedly NSD will stop
> compressing them. Reported by Jan-Piet Mens, fixed in r3109.
> * When forwarding to another recursor, we would handle responses to ANY
> queries incorrectly. Spotted by Jan-Piet Mens, fixed in r3116, closes
> ticket 704.
> * Our local-nets definition (used as a default for some settings) now
> includes the networks from RFC 3927 and RFC 6598. Reported by Maik
> Zumstrull, fixed in r3122.
> * The RC1 change to stop using ANY queries to get A+AAAA for name
> servers in
> one go had a 5% performance impact. This impact is corrected in r3132.
> Thanks to Winfried Angele for measuring and reporting this. Closees
> * New command 'rec_control dump-nsspeeds' will dump our NS speeds
> cache. Code in r3131.
> Changes between RC1 and RC2:
> * While Recursor 3.3 was not vulnerable to the specific attack noted in
> 'Ghost Domain Names: Revoked Yet Still Resolvable', further
> showed that a variant of the attack could work. This was fixed in
> This should also close the slightly bogus CVE-2012-1193. Closes ticket
> * The auth-can-lower-ttl flag was removed, as it did not have any effect
> most situations, and thus did not operate as advertised. We now always
> comply with the related parts of RFC 2181. Change in r3092, closing
> Changes below are in RC1 (and up).
> New features:
> * The local zone server now understands wilcards, code in commit 2062.
> * The Lua postresolve and nodata hooks, that had been distributed as a
> '3.3-hooks' snapshot earlier, have been merged. Code in commit 2309.
> * A new feature, rec_control trace-regex allows the tracing of lookups
> specific names. Code in commit 3044, commit 3073.
> * A new setting, export-etc-hosts-suffix, adds a configurable suffix to
> imported from /etc/hosts. Code in commit 2544, commit 2545.
> * We now throttle queries that don't work less agressively, code in
> * Various improvements in tolerance against broken auths, code in commit
> , commit 2188, commit 3074 (thanks Winfried).
> * Additional processing is now optional, and disabled by default.
> this yields a performance improvement. Change in commit 2542.
> * rec_control reload-lua-script now reports errors. Code in commit 2627,
> closing ticket 278.
> * rec_control help now lists commands. Code in commit 2628.
> * rec_control wipe-cache now also wipes the recursor's packet cache.
> Code in
> commit 2880 from ticket 333.
> * Morten Stevens contributed a systemd file. Import in commit 2966, now
> of the recursor tarball.
> * commit 2990 updates the address of D.root-servers.net.
> * Winfried Angele implemented and documented the ipv6-questions metric.
> in commit 3034, closing ticket 619.
> * We no longer use ANY to get A+AAAA for nameservers, because some auth
> operators have decided to break ANY lookups. As a bonus, we now track
> and v6 latency separately. Change in commit 3064.
> Bugs fixed:
> * Some unaligned memory access was corrected, code in commit 2060, commit
> 2122, commit 2123, which would cause problems on UltraSPARC.
> * Garbage encountered during reload-acls could cause crashes. Fixed in
> 2323, closing ticket 330.
> * The recursor would lose its root hints in a very rare situation.
> in commit 2380.
> * We did not always drop supplemental groups while dropping privileges.
> Reported by David Black of Atlassian, fixed in commit 2524.
> * Cache aging would sometimes get confused when we had a mix of expired
> non-expired records in cache. Spotted and fixed by Winfried Angele in
> commit 3068, closing ticket 438.
> * rec_control reload-acl no longer ignores arguments. Fix in commit 3037,
> closing ticket 490.
> * Since we re-parse our commandline in rec_control we've been doubling
> commands on the commandline, causing weird output. Reported by Winfried
> Angele. Fixed in commit 2992, closing ticket 618. This issue was not
> present in any officially released versions.
> * commit 2879 drops some spurious stderr logging from Lua scripts, and
> sure 'place' is always valid.
> * We would sometimes refuse to resolve domains with just one nameserver
> living at the apex. Fixed in commit 2817.
> * We would sometimes stick RRs in the wrong parts of response packets.
> in commit 2625.
> * The ACL parser was too liberal, sometimes causing recursors to be very
> open. Fixed in commit 2629, closing ticket 331.
> * rec_control now honours socket-dir from recursor.conf. Fixed in commit
> * When traversing CNAME chains, sometimes we would end up with multiple
> in the result. Fixed in commit 2633.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> -----END PGP SIGNATURE-----
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
"I can't hear you -- I'm using the scrambler."
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Pdns-users