[Pdns-users] Recursor 3.5 is now available!

Odhiambo Washington odhiambo at gmail.com
Mon Apr 15 10:25:25 UTC 2013 

Thanks, but the bug that makes it ignore CONFIGDIR was not addressed.
It's not a show-stopper though.


On 15 April 2013 12:33, Peter van Dijk <peter.van.dijk at netherlabs.nl> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi everybody,
>
> version 3.5 of the PowerDNS Recursor is now available from
> https://www.powerdns.com/downloads.html
>
> Kees Monshouwer provides native RHEL5/6 packages at
> http://www.monshouwer.eu/download/3rd_party/pdns-recursor/
>
> Full release notes, with clickable links, are available from:
> http://doc.powerdns.com/changelog.html#changelog-recursor-3-5
>
> 3.5 is the best version of the PowerDNS Recursor currently available, and
> we
> recommend upgrading to it.
>
> Here is a text-only version:
>
> This is a stability, security and bugfix update to 3.3/3.3.1. It contains
> important fixes for slightly broken domain names, which your users expect
> to
> work anyhow.
>
> [Note] Note
>        Because a semi-sanctioned 3.4-pre was distributed for a long time,
> and
>        people have come to call that 3.4, we are skipping an actual 3.4
> release
>        to avoid confusion.
>
> Changes between RC5 and the final 3.5 release:
>
>   * Winfried Angele reported that restarting a very busy recursor could
> lead to
>     crashes. Fixed in r3153, closing ticket 735.
>
> Changes between RC4 and RC5:
>
>   * Bernd-René Predota of Liberty Global reported that Recursor 3.3 would
> treat
>     empty non-AA NOERROR responses as authoritative NXDATA responses. This
> bug
>     turned out to be in 3.5-RC4 too. Fixed in r3146, related to ticket 731.
>
> Changes between RC3 (unreleased) and RC4:
>
>   * Winfried Angele spotted, even before release, that r3132 in RC3 broke
>     outgoing IPv6 queries. We are grateful for his attention to detail!
> Fixed
>     in r3141.
>
> Changes between RC2 and RC3 (unreleased):
>
>   * Use private temp dir when running under systemd, thanks Morten Stevens
> and
>     Ruben Kerkhof. Change in r3105.
>
>   * NSD mistakenly compresses labels for RP and other types, violating a
> MUST
>     in RFC 3597. Recursor does not decompress these labels, violating a
> SHOULD
>     in RF3597. We now decompress these labels, and reportedly NSD will stop
>     compressing them. Reported by Jan-Piet Mens, fixed in r3109.
>
>   * When forwarding to another recursor, we would handle responses to ANY
>     queries incorrectly. Spotted by Jan-Piet Mens, fixed in r3116, closes
>     ticket 704.
>
>   * Our local-nets definition (used as a default for some settings) now
>     includes the networks from RFC 3927 and RFC 6598. Reported by Maik
>     Zumstrull, fixed in r3122.
>
>   * The RC1 change to stop using ANY queries to get A+AAAA for name
> servers in
>     one go had a 5% performance impact. This impact is corrected in r3132.
>     Thanks to Winfried Angele for measuring and reporting this. Closees
> ticket
>     710.
>
>   * New command 'rec_control dump-nsspeeds' will dump our NS speeds
> (latency)
>     cache. Code in r3131.
>
> Changes between RC1 and RC2:
>
>   * While Recursor 3.3 was not vulnerable to the specific attack noted in
>     'Ghost Domain Names: Revoked Yet Still Resolvable', further
> investigation
>     showed that a variant of the attack could work. This was fixed in
> r3085.
>     This should also close the slightly bogus CVE-2012-1193. Closes ticket
> 668.
>
>   * The auth-can-lower-ttl flag was removed, as it did not have any effect
> in
>     most situations, and thus did not operate as advertised. We now always
>     comply with the related parts of RFC 2181. Change in r3092, closing
> ticket
>     88.
>
> Changes below are in RC1 (and up).
>
> New features:
>
>   * The local zone server now understands wilcards, code in commit 2062.
>
>   * The Lua postresolve and nodata hooks, that had been distributed as a
>     '3.3-hooks' snapshot earlier, have been merged. Code in commit 2309.
>
>   * A new feature, rec_control trace-regex allows the tracing of lookups
> for
>     specific names. Code in commit 3044, commit 3073.
>
>   * A new setting, export-etc-hosts-suffix, adds a configurable suffix to
> names
>     imported from /etc/hosts. Code in commit 2544, commit 2545.
>
> Improvements:
>
>   * We now throttle queries that don't work less agressively, code in
> commit
>     1766.
>
>   * Various improvements in tolerance against broken auths, code in commit
> 1996
>     , commit 2188, commit 3074 (thanks Winfried).
>
>   * Additional processing is now optional, and disabled by default.
> Presumably
>     this yields a performance improvement. Change in commit 2542.
>
>   * rec_control reload-lua-script now reports errors. Code in commit 2627,
>     closing ticket 278.
>
>   * rec_control help now lists commands. Code in commit 2628.
>
>   * rec_control wipe-cache now also wipes the recursor's packet cache.
> Code in
>     commit 2880 from ticket 333.
>
>   * Morten Stevens contributed a systemd file. Import in commit 2966, now
> part
>     of the recursor tarball.
>
>   * commit 2990 updates the address of D.root-servers.net.
>
>   * Winfried Angele implemented and documented the ipv6-questions metric.
> Merge
>     in commit 3034, closing ticket 619.
>
>   * We no longer use ANY to get A+AAAA for nameservers, because some auth
>     operators have decided to break ANY lookups. As a bonus, we now track
> v4
>     and v6 latency separately. Change in commit 3064.
>
> Bugs fixed:
>
>   * Some unaligned memory access was corrected, code in commit 2060, commit
>     2122, commit 2123, which would cause problems on UltraSPARC.
>
>   * Garbage encountered during reload-acls could cause crashes. Fixed in
> commit
>     2323, closing ticket 330.
>
>   * The recursor would lose its root hints in a very rare situation.
> Corrected
>     in commit 2380.
>
>   * We did not always drop supplemental groups while dropping privileges.
>     Reported by David Black of Atlassian, fixed in commit 2524.
>
>   * Cache aging would sometimes get confused when we had a mix of expired
> and
>     non-expired records in cache. Spotted and fixed by Winfried Angele in
>     commit 3068, closing ticket 438.
>
>   * rec_control reload-acl no longer ignores arguments. Fix in commit 3037,
>     closing ticket 490.
>
>   * Since we re-parse our commandline in rec_control we've been doubling
> the
>     commands on the commandline, causing weird output. Reported by Winfried
>     Angele. Fixed in commit 2992, closing ticket 618. This issue was not
>     present in any officially released versions.
>
>   * commit 2879 drops some spurious stderr logging from Lua scripts, and
> makes
>     sure 'place' is always valid.
>
>   * We would sometimes refuse to resolve domains with just one nameserver
>     living at the apex. Fixed in commit 2817.
>
>   * We would sometimes stick RRs in the wrong parts of response packets.
> Fixed
>     in commit 2625.
>
>   * The ACL parser was too liberal, sometimes causing recursors to be very
>     open. Fixed in commit 2629, closing ticket 331.
>
>   * rec_control now honours socket-dir from recursor.conf. Fixed in commit
> 2630
>     .
>
>   * When traversing CNAME chains, sometimes we would end up with multiple
> SOAs
>     in the result. Fixed in commit 2633.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
>
> iQIcBAEBAgAGBQJRa8ibAAoJENz1E/p+7Rnz1GgQAK/47oeP3XtMyb0zJN4eqk/5
> XcWjM0129kltmDqtJy3GTXAAGZCwmHMNaT4E7TFuaFqr+b7Iqj/QJzY17augOvIH
> /I6AsXOSrnYofKdwnwM9SDlorJ4xnfc6AMF6KMLUlxndDWoupcHNDKIMH4SV7AdW
> DHxc888bBqyC326VR+7Jh3d083W5+TUvctPKeZrSayuXVhdu6ZTNJSlBJ/H5hasV
> H73AzRdogQvSALjCY/SKuvBcX6WPZhoJcSSf/gkLaxF6BxTibtQVyYzFfP3E7RZ4
> XnWVKZeFs3+yyvLbCJnxe9sIhVSNEA2JNxKZK4crBfVM8eArlSHxMqG6JzBpVu+B
> AIDgrJy+qRLCeD+ekTUrcA/ePNuotKkWD77NZE1fPZt1uYEiwzpxdgBYcHBXEno9
> 9VBrSoU7AePD7zgcHLCvpwEjL9xvLZFciPqHzi4yxKPp746rj12OhPS5wvHlNzTR
> WGg+oGuxfB79SeuY1BJ46DQTPlXJSEGTctN2SNVvwpjmLukwcPHQbTUqisBANnMW
> QpiLYzEvLbnsQQNp3spkw+cQ/hhdh9C20uaOna8qIlXE0AVy5TD9wY/xBzgWvHKa
> 3dK/YJ02M2xKgXzA5eP4eW0cR2/UhJ2hruIhooghQslycKhMu+OxMEb4k5uiKiZS
> 4Gj7OH5hABOEaa8gjSs/
> =S/r3
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>



-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
"I can't hear you -- I'm using the scrambler."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130415/d7138f31/attachment-0001.html>

More information about the Pdns-users mailing list