[Pdns-users] PowerDNS Authoritative Server 3.4.0 released

bert hubert bert.hubert at netherlabs.nl
Tue Sep 30 11:12:06 UTC 2014


Hi everybody,

As an aside to these giant & impressive release notes, I would like to thank
the PowerDNS open source community for the tremendous amount of work
invested in 3.4.0. It is astounding. 

For a small overview, check for example:
	https://github.com/PowerDNS/pdns/network/members 
	https://github.com/PowerDNS/pdns/graphs/contributors?from=2013-12-17&to=2014-09-30&type=c
	
Thank you very much everybody for your efforts in coding, packaging,
testing, suggesting and sometimes even documenting ;-)

	Bert
	(PowerDNS)


On Tue, Sep 30, 2014 at 12:41:27PM +0200, Peter van Dijk wrote:
> Hi everybody,
> 
> PowerDNS Authoritative Server 3.4.0 is now available!
> 
> 3.4.0 is the best version of the PowerDNS Authoritative Server currently
> available, and we recommend upgrading to it. Please read 
> http://doc.powerdns.com/html/from3.3.1to3.4.0.html before you do, however!
> 
> Please see http://doc.powerdns.com/changelog.html#changelog-auth-3.4.0 for full
> release notes and all download links.
> 
> You can get PowerDNS 3.4.0 from:
> 
> http://downloads.powerdns.com/releases/pdns-3.4.0.tar.bz2
> http://downloads.powerdns.com/releases/deb/pdns-static_3.4.0-1_i386.deb
> http://downloads.powerdns.com/releases/deb/pdns-static_3.4.0-1_amd64.deb
> http://downloads.powerdns.com/releases/rpm/pdns-static-3.4.0-1.i386.rpm
> http://downloads.powerdns.com/releases/rpm/pdns-static-3.4.0-1.x86_64.rpm
> 
> These files also come with GPG signatures (append .sig).
> 
> Additionally, Kees Monshouwer has kindly provided native builds for RHEL and CentOS
> at https://www.monshouwer.eu/download/3rd_party/pdns/
> 
> This is a performance, feature, bugfix and conformity update to
> 3.3.1 and any earlier version. It contains a huge amount of
> work by various contributors, to whom we are very grateful.
> 
> A list of changes since 3.3.1 follows.
> 
> Changes between RC2 and 3.4.0:
>  * gad189c9, g445d93c: also distribute the dnsdist manual page
>  * gb5a276d, g0b346e9, g74caf87, g642fd2e: Make sure all
>    backends actually work as dynamic modules
>  * g14b11c4: raise log level on dlerror(), fixes t1734, thanks
>    @James-TR
>  * g016d810: improve postgresql detection during ./configure
>  * gdce1e90: DNAME: don't sign the synthesised CNAME
>  * g25e7af3: send empty SERVFAIL after a backend throws a
>    DBException, instead of including useless content
> 
> Changes between RC1 and RC2:
>  * gbb6e54f: document udp6-queries, udp4-queries, add
>    rd-queries, recursion-unanswered metrics & document. Closes
>    t1400.
>  * g4a23af7: init script: support DAEMON_ARGS; g7e5b3a0: init
>    script: ensure socket dir exists
>  * gdd930ed: don't import supermaster ips from other accounts
>  * ged3afdf: fall back to central bind if reuseport bind
>    fails; improves t1715
>  * g709ca59: GeoIP backend implementation. This is a new
>    backend, still experimental!
>  * gbf5a484: support EVERY future version of OS X, fixes t1702
>  * g4dbaec6: Check for __FreeBSD_kernel__ as per
>    https://lists.debian.org/debian-bsd/2006/03/msg00127.html,
>    fixes t1684; g74f389d: __FreeBSD_kernel__ is defined but
>    empty on systems with FreeBSD kernels, breaking compile.
>    Thanks pawal
>  * g882ca9d: revert setpgrp changes
>  * g2e6bbd8: Catch PDNSException in Signingpiper::helperWorker
>    to avoid abort
>  * g0ffd51d: improve error reporting on malformed labels
>  * gc48dec7: Fix forwarded TSIG message issue
>  * gdad70f2: skip TCP_DEFER_ACCEPT on platforms that do not
>    have it (like FreeBSD); fixes t1658
>  * gc7287b6: should fix t1662, reloading while checking for
>    domains that need to be notified in BIND, causing lock
>  * g3e67ea8: allow OPT pseudo record type in IXFR query
>  * ga1caa8b: webserver: htmlescape VERSION and config name
>  * gdf9d980: Remove "log-failed-updates" leftover
>  * ga1fe72a: Remove unused "soa-serial-offset" option
> 
> Changes between 3.3.1 and 3.4.0-RC1 follow.
> 
> DNSSEC changes:
>  * gbba8413: add option (max-signature-cache-entries) to limit
>    the maximum number of cached signatures.
>  * g28b66a9: limit the number of NSEC3 iterations (see RFC5155
>    10.3), with the max-nsec3-iterations option.
>  * gb50efd6: drop the 'superfluous NSEC3' option that old BIND
>    validators need.
>  * The bindbackend 'hybrid' mode was reintroduced by Kees
>    Monshouwer. Enable it with bind-hybrid.
>  * Aki Tuomi contributed experimental PKCS#11 support for
>    DNSSEC key management with a (Soft)HSM.
>  * Direct RRSIG queries now return NOTIMP.
>  * gfa37777: add secure-all-zones command to pdnssec
>  * Unrectified zones can now get rectified 'on the fly' during
>    outgoing AXFR. This makes it possible to run a hidden
>    signing master without rectification.
>  * g82fb538: AXFR in: don't accept zones with a mixture of
>    Opt-Out NSEC3 RRs and non-Opt-Out NSEC3 RRs
>  * Various minor bugfixes, mostly from the unstoppable Kees
>    Monshouwer.
>  * g0c4c552: set non-zero exit status in pdnssec if an
>    exception was thrown, for easier automatic usage.
>  * gb8bd119: pdnssec -v show-zone: Print all keys instead of
>    just entry point keys.
>  * g52e0d78: answer direct NSEC queries without DO bit
>  * gca2eb01: output ZSK DNSKEY records if
>    experimental-direct-dnskey support is enabled
>  * g83609e2: SOA-EDIT: fix INCEPTION-INCREMENT handling
>  * gac4a2f1: AXFR-out can handle secure and insecure NSEC3
>    optout delegations
>  * gff47302: AXFR-in can handle secure and insecure NSEC3
>    optout delegations
> 
> New features:
>  * DNAME support. Enable with experimental-dname-processing.
>  * PowerDNS can now send stats directly to Carbon servers.
>    Enable with carbon-server, tweak with carbon-ourname and
>    carbon-interval.
>  * g767da1a: Add list-zone capability to pdns_control
>  * g51f6bca: Add delete-zone to pdnssec.
>  * The gsql backends now support record comments, and
>    disabling records.
>  * The new reuseport config option allows setting
>    SO_REUSEPORT, which allows for some performance
>    improvements.
>  * local-address-nonexist-fail and local-ipv6-nonexist-fail
>    allow pdns to start up even if some addresses fail to bind.
>  * 'AXFR-SOURCE' in domainmetadata sets the source address for
>    an AXFR retrieval.
>  * g451ba51: Implement pdnssec get-meta/set-meta
>  * Experimental RFC2136/DNS UPDATE support from Ruben d'Arco,
>    with extensive testing by Kees Monshouwer.
>  * pdns_control bind-add-zone
>  * New option bind-ignore-broken-records ignores out-of-zone
>    records while loading zone files.
>  * pdnssec now has commands for TSIG key management.
>  * We now support other algorithms than MD5 for TSIG.
>  * gba7244a: implement pdns_control qtypes
>  * Support for += syntax for options
> 
> Bugfixes:
>  * We verify the algorithm used for TSIG queries, and use the
>    right algorithm in signing if there is possible confusion.
>    Plus a few minor TSIG-related fixes.
>  * gff99a74: making *-threads settings empty now yields a
>    default of one instead of zero.
>  * g9215e60: we had a deadly embrace in getUpdatedMasters in
>    bindbackend reimplementation, thanks to Winfried for
>    detailed debugging!
>  * g9245fd9: don't addSuckRequest after supermaster zone
>    creation to avoid one cause of simultaneous AXFR for the
>    same zone
>  * g719f902: fix dual-stack superslave when multiple
>    namservers share a ip
>  * g33966bf: avoid address truncation in doNotifications
>  * geac85b1: prevent duplicate slave notications caused by
>    different ipv6 address formatting
>  * g3c8a711: make notification queue ipv6 compatible
>  * g0c13e45: make isMaster ip check more tolerant for
>    different ipv6 notations
>  * Various fixes for possible issues reported by Coverity Scan
>    (gf17c93b, )
>  * g9083987: don't rely on included polarssl header files when
>    using system polarssl. Spotted by Oden Eriksson of
>    Mandriva, thanks!
>  * Various users reported pdns_control hangs, especially when
>    using the guardian. We are confident that all causes of
>    these hangs are now gone.
>  * Decreasing the webserver ringbuffer size could cause
>    crashes.
>  * g4c89cce: nproxy: Add missing chdir("/") after chroot()
>  * g016a0ab: actually notice timeout during AXFR retrieve,
>    thanks hkraal
> 
> REST API changes:
>  * The REST API was much improved and is nearing stability,
>    thanks to Christian Hofstaedtler and others.
>  * Mark Schouten at Tuxis contributed a zone importer.
> 
> Other changes:
>  * Our tarballs and packages now include *.sql schema files
>    for the SQL backends.
>  * The webserver (including API) now has an ACL
>    (webserver-allow-from).
>  * Webserver (including API) is now powered by YaHTTP.
>  * Various autotools usage improvements from Ruben Kerkhof.
>  * The dist tarball is now bzip2-compressed instead of gzip.
>  * Various remotebackend updates, including replacing curl
>    with (included) yahttp.
>  * Dynamic module loading is now allowed on Mac OS X.
>  * The AXFR ACL (allow-axfr-ips) now defaults to
>    127.0.0.0/8,::1 instead of the whole world.
>  * gba91c2f: remove unused gpgsql-socket option and document
>    postgres socket usage
>  * Improved support for Lua 5.2.
>  * The edns-subnet option code is now fixed at 8, and the
>    edns-subnet-option-numbers option has been removed.
>  * geobackend now has very limited edns-subnet support - it
>    will use the 'real' remote if available.
>  * pipebackend ABI v4 adds the zone name to the AXFR command.
>  * We now avoid getaddrinfo() as much as possible.
>  * The packet cache now handles (forwarded) recursive answers
>    better, including TTL aging and respecting allow-recursion.
>  * gff5ba4f: pdns_server --help no longer exits with 1.
>  * Mark Zealey contributed an experimental LMDB backend. Kees
>    Monshouwer added experimental DNSSEC support to it. Thanks,
>    both!
>  * g81859ba: No longer attempt to answer questions coming in
>    from port 0, reply would not reach them anyhow. Thanks to
>    Niels Bakker and sid3windr for insight & debugging. Closes
>    t844.
>  * RCodes are now reported in text in various places, thanks
>    Aki.
>  * Kees Monshouwer set up automatic testing for the oracle and
>    goracle backends, and fixed various issues in them.
>  * Leftovers of previous support for Windows have been
>    removed, thanks to Kees Monshouwer, Aki Tuomi.
>  * Bundled PolarSSL has been upgraded to 1.3.2
>  * PolarSSL replaced previously bundled implementations of AES
>    (ge22d9b4) and SHA (g9101035)
>  * bindbackend is now a module
>  * g14a2e52: Use the inet data type for supermasters.ip on
>    postgrsql.
>  * We now send an empty SERVFAIL when a CNAME chain is too
>    long, instead of including the partial chain.
>  * g3613a51: Show built-in features in --version output
>  * g4bd7d35: make domainmetadata queries case insensitive
>  * g088c334: output warning message when no to be notified
>    NS's are found
>  * g5631b44: gpsqlbackend: use empty defaults for dbname and
>    user; libpq will use the current user name for both by
>    default
>  * gd87ded3: implement udp-truncation-threshold to override
>    the previous 1680 byte maximum response datagram size - no
>    matter what EDNS0 said. Plus document it.
>  * Implement udp-truncation-threshold to override the previous
>    1680 byte maximum response datagram size - no matter what
>    EDNS0 said.
>  * On shutdown, PowerDNS now attempts to stop all processes in
>    its process group, especially useful for pipe/remotebackend
>    users. Feature donated by Spotify.
>  * Removed settings related to fancy records, as we haven't
>    supported those since version 3.0
>  * Based on earlier work by Mark Zealey, Kees Monshouwer
>    increased our packet cache performance between 200% and
>    500% depending on the situation, by simplifying some code
>    in g801812e and g8403ade.
> 



> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users





More information about the Pdns-users mailing list