[Pdns-users] PDNS repos request

Frank @ kiwazo.be frank+pdns at tembo.be
Thu Oct 5 18:45:21 UTC 2023 

> On 5 Oct 2023, at 20:36, Alex Pavlov via Pdns-users <pdns-users at mailman.powerdns.com> wrote:
> 
> Thanks Peter,
> 
> As the ready for deployment DEB files all deleted, I have now only one way of recompiling binaries from sources.
> I'm not telling that it is not doable, but 10 seconds install process with "dpkg -i..." now turns in to much longer process for me.

Alex, 

I am really sorry for your loss, but you'll have to consider the amount of time you'll need to manually patch every CVE which might pop up in the future, as your 5+ years old distribution is no longer supported.

On top of that, it seems you're blaming others for issues which you are responsible for.. If you feel recompiling from the repo is too much of a hassle, you can either upgrade your OS, or ask Ubuntu to provide up to date PowerDNS packages.


> As the compiling already thrown some dependency libraries errors of mismatching versions... one of them h2o with libssl for enabling DoH and DoT in DNSDIST (in the builder.sh that you described below, as I need to add DoH & DoT). I don't know why those errors there and why libraries were replaced some years ago.
> In genera need to say that the idea is not to have old Ubuntu and old PDNS releases in production, but rather use it as step-by-step version updating DNSDIST 1.4->1.5->1.6->1.7->1.8 and same with PDNS from 4.2.3->4.3.2->up to latest stable.
> Every version jump requires sometimes adjust the conf file or MySQL tables (backend for PDNS-AUTH), as per Documented guides (version upgrade guides).

Please keep one thread to one subject. You're now mixing 2, sorry 3 issues. 

DNSDist 1.5 is End Of Life.

For DoH, if you need to support multiple hostnames on the same dnsdist instance, I would try with a single cert with multiple SANs. DNSdist should serve it well, the clients should accept it. If it's still an issue in a recent and support dnsdist version, please show us your config, the full cert to help debugging.

There is no MySQL in dnsdist, so not sure what you try to do there?

If you want to update your dnsservers, which should be running only the dns infra and nothing else, and thus should be easily upgradeable, I would recommend:

- provision new hosts
- install Ubuntu 22.04 LTS on them
- install dnsdist 1.8 on them

Frank


Frank Louwers
PowerDNS Certified Consultant @ Kiwazo.be

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20231005/88d7c7c6/attachment.htm>

More information about the Pdns-users mailing list