[Pdns-users] PowerDNS Authoritative Server 3.3 Release Candidate 1 available

Peter van Dijk peter.van.dijk at netherlabs.nl
Tue May 28 07:15:02 UTC 2013

Hash: SHA1

Hi everybody,

Release Candidate 1 of the PowerDNS Authoritative Server 3.3 is available from:


You are cordially invited to (carefully) test this Release Candidate for
correct behaviour.

Full release notes, with clickable links, are available from:

Here is a text-only version:

This a stability, bugfix and conformity update to 3.2. It improves
interoperability with various validators, either through bugfixes or by
catering to their needs beyond the specifications.

New features and important changes since 3.2:

  * commit 04576ee, commit b0e15c8: Implement pdnssec increase-serial, thanks
    Ruben d'Arco.

  * commit cee857b: PowerDNS now sets additional groups while dropping

  * commit 7796a3b: Merge support for include-dir directive, thanks Aki Tuomi!

  * commit d725755: make pdns-static Conflict with pdns-server, closes ticket

  * commit c0d5504: pdnssec now emits 'INSERT INTO domain ..' queries when
    running without named.conf

  * commit a1d6b0c: Older versions of the BIND 9 validating recursor need a
    superfluous NSEC3 record on positive wildcard responses. We now send this
    extra NSEC3. Closes ticket 814.

  * commit 07bf35d: catch a lot more errors in pdnssec and report them. Fixes
    ticket 588.

  * commit 032e390: make pdnssec exit with 1 on some error conditions, closes
    ticket 677

  * commit 4af49b8, commit 4cec6ac: add ability to create an 'active' or
    inactive key using add-zone-key and import-zone-key, plus silenced some
    debugging. Fixes ticket 707.

  * commit fae4167: Compiling against Lua 5.2 (--with-lua=lua5.2) now disables
    some code used for regression testing, instead of breaking during compile.
    This means that Lua 5.2 can be used in production.

  * commit abc8f3f, 357f6a7: Implement the new any-to-tcp option that, when
    set, always replies with a truncated response (TC=1) to ANY queries,
    forcing them to use TCP.

  * commit 496073b: Since 3.0, pdnssec secure-zone has always generated 3 keys:
    one KSK and two ZSK, with one ZSK active. For most, if not almost all,
    users, this inactive ZSK is never used. We now no longer generate this
    useless ZSK. The resulting smaller DNSKEY RRset improves interoperability
    with certain validators. Closes ticket 824.

  * commit df55450: Non-DNSSEC ANY queries no longer get sent DNSSEC records.
    This improves interoperability with some old resolvers. Patch by Kees

  * commit 04b4bf6: Merge support for not using opt-out with NSEC3. Many thanks
    to Kees Monshouwer.

  * commit 8db49a6: We now try not to NOTIFY ourselves. In convoluted cases
    involving REUSE_PORT and binding to and ::, it might be possible
    that we guess wrong, in which case you can set prevent-self-notification to

Important bug fixes:

  * commit 63e365d: don't mess up encoding when copying qname from question to
    answer in packetcache. Based on reports&debugging by Jimmy Bergman
    (sigint), Daniel Norman (Loopia) and the fine people at ISC. This avoids
    most issues related to BIND 9 erroneously blacklisting PowerDNS for lack of
    EDNS support.

  * commit 3526186: fix backslash handling in TXT parser, includes test. Thanks
    Jan-Piet Mens.

  * commit 830281f, aef7330: Accept chars >127 ('high ASCII') in TXT records,
    closing ticket 541 and 723.

  * commit feef1ec: fix missing NSEC3 for secure delegation, thanks Kees
    Monshouwer, closes ticket 682

  * commit b61e407: around Thursday midnight, during signature rollovers, we
    would update the SOA serial too early. Fixed by reverting commit d90efbf,
    adding 7 days margin to inception. Fix by Kees Monshouwer.

  * commit ff64750: make sure mixed-case queries get a correct apex NSEC3 type

  * commit 4b153d8: always lowercase next name in NSEC to avoid interop
    troubles with validators, thanks Marco Davids&Matthijs Mekking.

Other changes:

  * commit 49977c6: fix bug in boost.m4 where it insists on setting -L, causing
    useless RPATH in our binaries. Closes ticket 728

  * commit 62ac758: use PolarSSL for MD5 hashing instead of shipping our own
    copy of md5 hashing code.

  * commit 775acd9: give a better error on trying to add nsec3 parameters to a
    weird zone like "1 0 1 ab" (which indicates that you forgot to specify a
    zone name on the command line). Fixes ticket 800.

  * commit 315dd2e: Simplify socket listening code, and make sure we always set
    the nonblocking flag correctly. Patch by Mark Zealey, closes ticket 664.

  * commit b35da1b: if_ether.h is in netinet/ not net/ on OpenBSD, thanks
    Florian Obser.

  * commit 71301b6: Replicate gsql backend feature of having separate -auth
    queries for DNSSEC into oraclebackend. Also lets you disable dnssec if you
    are not ready for it. Closes ticket 527.

  * commit 2125dac: drop unused ignore-rd-bit flag

  * commit 8c1a6d6: NSECx optimizations, thanks Kees Monshouwer.

  * commit 664716a: drop unused variables in lua backend ( ticket 653)

  * commit d8ec70f: fix db2 backend includes ( ticket 653)

  * commit 6477102: add goracle schema

  * commit 9118638: make goraclebackend "at least work", closes ticket 729

  * commit e0ad7bb: add DS digest type 4 to show-zone output; add algorithm
    names. Based on a patch by Aki Tuomi, closes ticket 744

  * commit 61a7fac: enable AM_SILENT_RULES, closing ticket 647

  * commit cc6bf4c: Merge branch 'nodnssecany' of github.com:mind04/pdns into

  * commit 837f4b4: do a better job at escaping TXT, fixes ticket 795

  * commit 6ca3fa7: add SOA-EDIT INCEPTION-INCREMENT mode, thanks stbuehler

  * commit 6159c49: Add connection info to sql-connect message

  * commit 9f62e34, commit 0fc965f, commit 2035112: Added EUI48 and EUI64
    record types

  * commit f9cf6d9: cut the number of database queries in half for AXFR-in

  * commit c87f987: add default for SOA contact e-mail

  * commit bb4a573: move random backend to modules

  * commit 1071abd: restyle builtin webserver page

  * commit cd5e158: correct bogus use of poll(2) related constants, improving
    non-Linux portability. Thanks Wouter de Jong

  * commit 27ff60a: make sure our NSEC(3)s for names with spaces in them are
    correct. Reported by Jimmy Bergman. Includes test.

  * commit 116e28a: reduce log level of successful gpgsql/gsqlite3 connection
    to Info

  * commit b23b90a: Metadata update is now in the same transaction as the AXFR.
    This improves slaving speed tremendously, especially for SQLite users.

  * commit 4620e8a: Added zone2json

  * commit f0fa8b6: Fix remotebackend setdomainmetadata return value handling.
    Fix by Aki Tuomi, closes ticket 740

  * commit 80e82d6: log control listener abort even more explicitly

  * commit 7c0cb15, a718d74: support automake 1.12

  * commit 3fe22eb, 6707cb1: update autoconf/automake preamble to
    non-deprecated variant, thanks Morten Stevens

  * commit 6c4e531: disarm dead code that causes gcc crashes on ARM, thanks
    Morten Stevens

  * commit 36855b5: if we failed to make a new UDP socket, we'd report a
    confusing error about it

  * commit 1b8e5e6: autoconf support for oracle, thanks Aki Tuomi. Closes
    ticket 726

  * commit 8ac0c06: allow setting of some oracle env vars. Patch by Aki Tuomi,
    closes ticket 725

  * commit 45e845b: add example.rb sample script for remotebackend, thanks Aki

  * commit 950bddd: add pdnssec generate-zone-key command, thanks Aki. Closes
    ticket 711

  * commit 2c03cde: Replace select with waitForData in remotebackend. Patch by
    Aki Tuomi, closes ticket 715

  * commit 450292c: accept ANY responses during recursive forwarding, thanks
    Jan-Piet Mens

  * commit d9dd76b: actually clean up unix domain sockets too after use

  * commit 36758d2: merge ticket 476 by Aki Tuomi, providing default-ksk/
    zsk-algorithms/size configuration parameters for pdnssec.

  * commit 2f2b014: apply variant of code in ticket 714 so we can lauch pipe
    backend scripts with parameters, plus add experimental code that if
    pipe-command is a unix domain socket, we use that.

  * commit 9566683: merge patch from ticket 712 addressing memory leak in
    remotebackend (thanks Aki for the fix!)

  * commit fb6ed6f: explicitly set domain id during bindbackend superslave
    domain create, thanks Kees Monshouwer&Aki Tuomi

  * commit 69bae20: use private temp dir when running under systemd, thanks
    Morten Stevens&Ruben Kerkhof

  * commit b26a48a: fix rapidjson usage in remotebackend, patch by Aki Tuomi.
    Closes ticket 697

  * commit da8e6ae: also answer questions with : in them

  * commit ef1c4bf: also spot trailing dots on CNAME content, thanks Jan-Piet
    Mens and Ruben d'Arco

  * commit fb31631: only setCloseOnExec on valid sockets
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org


More information about the Pdns-users mailing list