[Pdns-users] PowerDNS Recursor 4.0.1 released

Pieter Lexis pieter.lexis at powerdns.com
Fri Jul 29 17:35:09 UTC 2016 

Hi everybody,

We're happy to announce the release of the PowerDNS Recursor version 4.0.1.

This release has several improvements with regards to DNSSEC validation and it improves interoperability with DNSSEC clients that expect an AD-bit on validated data when they query with only the DO-bit set.

The clickable changelog is available[1].

Bug fixes
 - #4119 Improve DNSSEC record skipping for non dnssec queries (Kees Monshouwer)
 - #4162 Don't validate zones from the local auth store, go one level down while validating when there is a CNAME
 - #4187:
   - Don't go bogus on islands of security
   - Check all possible chains for Insecures
   - Don't go Bogus on a CNAME at the apex
 - #4215 RPZ: default policy should also override local data RRs
 - #4243 Fix a crash when the next name in a chained query is empty and rec_control current-queries is invoked

Improvements
 - #4056 OpenSSL 1.1.0 support (Christian Hofstaedtler)
 - #4140 Fix warnings with gcc on musl-libc (James Taylor)
 - #4160 Also validate on +DO
 - #4164 Fail to start when the lua-dns-script does not exist
 - #4168 Add more Netmask methods for Lua (Aki Tuomi)
 - #4210 Validate DNSSEC for security polling
 - #4217 Turn on root-nx-trust by default and log-common-errors=off
 - #4207 Allow for multiple trust anchors per zone
 - #4242 Fix compilation warning when building without Protobuf
 - #4133 Add limits to the size of received {A,I}XFR (CVE-2016-6172)

The sources are on the downloads site[2](sig[3]). Packages for several distributions are available from our repositories[4].

Best regards,

Pieter and the PowerDNS team.

1 - https://doc.powerdns.com/md/changelog/#powerdns-recursor-401
2 - https://downloads.powerdns.com/releases/pdns-recursor-4.0.1.tar.bz2
3 - https://downloads.powerdns.com/releases/pdns-recursor-4.0.1.tar.bz2.sig
4 - https://repo.powerdns.com

-- 
Pieter Lexis
PowerDNS.COM BV -- https://www.powerdns.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20160729/9762c328/attachment.sig>

More information about the Pdns-users mailing list