[Pdns-users] PowerDNS Authoritative Server 3.3 Release Candidate 1 available
Peter van Dijk
peter.van.dijk at netherlabs.nl
Tue May 28 07:15:02 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi everybody,
Release Candidate 1 of the PowerDNS Authoritative Server 3.3 is available from:
http://powerdnssec.org/downloads/pdns-3.3-rc1.tar.gz
http://powerdnssec.org/downloads/packages/pdns-static-3.3rc1-1.i386.rpm
http://powerdnssec.org/downloads/packages/pdns-static-3.3rc1-1.x86_64.rpm
http://powerdnssec.org/downloads/packages/pdns-static_3.3-rc1-1_amd64.deb
http://powerdnssec.org/downloads/packages/pdns-static_3.3-rc1-1_i386.deb
You are cordially invited to (carefully) test this Release Candidate for
correct behaviour.
Full release notes, with clickable links, are available from:
http://doc.powerdns.com/changelog.html#changelog-auth-3-3
Here is a text-only version:
This a stability, bugfix and conformity update to 3.2. It improves
interoperability with various validators, either through bugfixes or by
catering to their needs beyond the specifications.
New features and important changes since 3.2:
* commit 04576ee, commit b0e15c8: Implement pdnssec increase-serial, thanks
Ruben d'Arco.
* commit cee857b: PowerDNS now sets additional groups while dropping
privileges.
* commit 7796a3b: Merge support for include-dir directive, thanks Aki Tuomi!
* commit d725755: make pdns-static Conflict with pdns-server, closes ticket
640
* commit c0d5504: pdnssec now emits 'INSERT INTO domain ..' queries when
running without named.conf
* commit a1d6b0c: Older versions of the BIND 9 validating recursor need a
superfluous NSEC3 record on positive wildcard responses. We now send this
extra NSEC3. Closes ticket 814.
* commit 07bf35d: catch a lot more errors in pdnssec and report them. Fixes
ticket 588.
* commit 032e390: make pdnssec exit with 1 on some error conditions, closes
ticket 677
* commit 4af49b8, commit 4cec6ac: add ability to create an 'active' or
inactive key using add-zone-key and import-zone-key, plus silenced some
debugging. Fixes ticket 707.
* commit fae4167: Compiling against Lua 5.2 (--with-lua=lua5.2) now disables
some code used for regression testing, instead of breaking during compile.
This means that Lua 5.2 can be used in production.
* commit abc8f3f, 357f6a7: Implement the new any-to-tcp option that, when
set, always replies with a truncated response (TC=1) to ANY queries,
forcing them to use TCP.
* commit 496073b: Since 3.0, pdnssec secure-zone has always generated 3 keys:
one KSK and two ZSK, with one ZSK active. For most, if not almost all,
users, this inactive ZSK is never used. We now no longer generate this
useless ZSK. The resulting smaller DNSKEY RRset improves interoperability
with certain validators. Closes ticket 824.
* commit df55450: Non-DNSSEC ANY queries no longer get sent DNSSEC records.
This improves interoperability with some old resolvers. Patch by Kees
Monshouwer.
* commit 04b4bf6: Merge support for not using opt-out with NSEC3. Many thanks
to Kees Monshouwer.
* commit 8db49a6: We now try not to NOTIFY ourselves. In convoluted cases
involving REUSE_PORT and binding to 0.0.0.0 and ::, it might be possible
that we guess wrong, in which case you can set prevent-self-notification to
off.
Important bug fixes:
* commit 63e365d: don't mess up encoding when copying qname from question to
answer in packetcache. Based on reports&debugging by Jimmy Bergman
(sigint), Daniel Norman (Loopia) and the fine people at ISC. This avoids
most issues related to BIND 9 erroneously blacklisting PowerDNS for lack of
EDNS support.
* commit 3526186: fix backslash handling in TXT parser, includes test. Thanks
Jan-Piet Mens.
* commit 830281f, aef7330: Accept chars >127 ('high ASCII') in TXT records,
closing ticket 541 and 723.
* commit feef1ec: fix missing NSEC3 for secure delegation, thanks Kees
Monshouwer, closes ticket 682
* commit b61e407: around Thursday midnight, during signature rollovers, we
would update the SOA serial too early. Fixed by reverting commit d90efbf,
adding 7 days margin to inception. Fix by Kees Monshouwer.
* commit ff64750: make sure mixed-case queries get a correct apex NSEC3 type
bitmap
* commit 4b153d8: always lowercase next name in NSEC to avoid interop
troubles with validators, thanks Marco Davids&Matthijs Mekking.
Other changes:
* commit 49977c6: fix bug in boost.m4 where it insists on setting -L, causing
useless RPATH in our binaries. Closes ticket 728
* commit 62ac758: use PolarSSL for MD5 hashing instead of shipping our own
copy of md5 hashing code.
* commit 775acd9: give a better error on trying to add nsec3 parameters to a
weird zone like "1 0 1 ab" (which indicates that you forgot to specify a
zone name on the command line). Fixes ticket 800.
* commit 315dd2e: Simplify socket listening code, and make sure we always set
the nonblocking flag correctly. Patch by Mark Zealey, closes ticket 664.
* commit b35da1b: if_ether.h is in netinet/ not net/ on OpenBSD, thanks
Florian Obser.
* commit 71301b6: Replicate gsql backend feature of having separate -auth
queries for DNSSEC into oraclebackend. Also lets you disable dnssec if you
are not ready for it. Closes ticket 527.
* commit 2125dac: drop unused ignore-rd-bit flag
* commit 8c1a6d6: NSECx optimizations, thanks Kees Monshouwer.
* commit 664716a: drop unused variables in lua backend ( ticket 653)
* commit d8ec70f: fix db2 backend includes ( ticket 653)
* commit 6477102: add goracle schema
* commit 9118638: make goraclebackend "at least work", closes ticket 729
* commit e0ad7bb: add DS digest type 4 to show-zone output; add algorithm
names. Based on a patch by Aki Tuomi, closes ticket 744
* commit 61a7fac: enable AM_SILENT_RULES, closing ticket 647
* commit cc6bf4c: Merge branch 'nodnssecany' of github.com:mind04/pdns into
mind04-nodnssecany
* commit 837f4b4: do a better job at escaping TXT, fixes ticket 795
* commit 6ca3fa7: add SOA-EDIT INCEPTION-INCREMENT mode, thanks stbuehler
* commit 6159c49: Add connection info to sql-connect message
* commit 9f62e34, commit 0fc965f, commit 2035112: Added EUI48 and EUI64
record types
* commit f9cf6d9: cut the number of database queries in half for AXFR-in
* commit c87f987: add default for SOA contact e-mail
* commit bb4a573: move random backend to modules
* commit 1071abd: restyle builtin webserver page
* commit cd5e158: correct bogus use of poll(2) related constants, improving
non-Linux portability. Thanks Wouter de Jong
* commit 27ff60a: make sure our NSEC(3)s for names with spaces in them are
correct. Reported by Jimmy Bergman. Includes test.
* commit 116e28a: reduce log level of successful gpgsql/gsqlite3 connection
to Info
* commit b23b90a: Metadata update is now in the same transaction as the AXFR.
This improves slaving speed tremendously, especially for SQLite users.
* commit 4620e8a: Added zone2json
* commit f0fa8b6: Fix remotebackend setdomainmetadata return value handling.
Fix by Aki Tuomi, closes ticket 740
* commit 80e82d6: log control listener abort even more explicitly
* commit 7c0cb15, a718d74: support automake 1.12
* commit 3fe22eb, 6707cb1: update autoconf/automake preamble to
non-deprecated variant, thanks Morten Stevens
* commit 6c4e531: disarm dead code that causes gcc crashes on ARM, thanks
Morten Stevens
* commit 36855b5: if we failed to make a new UDP socket, we'd report a
confusing error about it
* commit 1b8e5e6: autoconf support for oracle, thanks Aki Tuomi. Closes
ticket 726
* commit 8ac0c06: allow setting of some oracle env vars. Patch by Aki Tuomi,
closes ticket 725
* commit 45e845b: add example.rb sample script for remotebackend, thanks Aki
* commit 950bddd: add pdnssec generate-zone-key command, thanks Aki. Closes
ticket 711
* commit 2c03cde: Replace select with waitForData in remotebackend. Patch by
Aki Tuomi, closes ticket 715
* commit 450292c: accept ANY responses during recursive forwarding, thanks
Jan-Piet Mens
* commit d9dd76b: actually clean up unix domain sockets too after use
* commit 36758d2: merge ticket 476 by Aki Tuomi, providing default-ksk/
zsk-algorithms/size configuration parameters for pdnssec.
* commit 2f2b014: apply variant of code in ticket 714 so we can lauch pipe
backend scripts with parameters, plus add experimental code that if
pipe-command is a unix domain socket, we use that.
* commit 9566683: merge patch from ticket 712 addressing memory leak in
remotebackend (thanks Aki for the fix!)
* commit fb6ed6f: explicitly set domain id during bindbackend superslave
domain create, thanks Kees Monshouwer&Aki Tuomi
* commit 69bae20: use private temp dir when running under systemd, thanks
Morten Stevens&Ruben Kerkhof
* commit b26a48a: fix rapidjson usage in remotebackend, patch by Aki Tuomi.
Closes ticket 697
* commit da8e6ae: also answer questions with : in them
* commit ef1c4bf: also spot trailing dots on CNAME content, thanks Jan-Piet
Mens and Ruben d'Arco
* commit fb31631: only setCloseOnExec on valid sockets
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJRpFkVAAoJENz1E/p+7Rnz5UkQAIJYnHmqJDntUlbu9JgUw2de
28sbDV0oiNpAjnPr6HU0O640vM5eEYXFPMa2zY6uQkJrksuHSmKenFrME45CgIjc
xDBAbRBb5RecgXvEuC2semiJMHXfXGh5/SB+T1XPzFmWL8tWx86ozNh+EW85DeCC
2MW7UvWzGEjeZ+xgsAoxNFjJx7yo+RSv7pDHSP2uDy2Rr4efjBYg7DUuiRwLPhrL
8HDvrttLtzMRl1IrHBvnUb8llsZGvBfqZ8g1XeW+mw26nQZGcgmSqgts6a6/lhpN
terRHuOP/xL45GRS73QVkgpaasrpP8p8U4G3yuT0oHK5dGPKJxMJ4OUaQYO5hkXE
AyQnYNRh1yk8YArJtZgT+U1tCSu023DTbQGLbkDv5VZYOBxx1W8idWbHp34jHyMj
vdpfb77BAdorM2jYn7CVUbtFQAKpgOwRK6YZwrBju6lv2P7iDtFMgU9tXFVVHmUO
Fzk/Fg9rkFCLNei5x9vW6HeyO2XWyhIFHCHpy9jbIUYZmdXIlVburBGHs5gY3toR
LHPemrQqav2UppfTd+PRZ8Bp99whxTpiCKc5shnkCnPLfzBk5sWkNTECmAE5PGRg
8AqLhxjlDok+Z83Szx1D2DBbAx/z8sMw2+yiy8U4slOb3HZgyCsO5zyWTKu4hNIz
Pi3QcaHE2Q4qdKscXVxj
=849+
-----END PGP SIGNATURE-----
More information about the Pdns-users
mailing list