<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3. Release notes</title><link rel="stylesheet" href="docbook.css" type="text/css" /><meta name="generator" content="DocBook XSL Stylesheets V1.75.2" /><link rel="home" href="index.html" title="PowerDNS manual" /><link rel="up" href="powerdns.html" title="Chapter 1. The PowerDNS dynamic nameserver" /><link rel="prev" href="about.html" title="2. About this document" /><link rel="next" href="security-policy.html" title="4. Security" /></head><body><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">3. Release notes</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="about.html">Prev</a> </td><th width="60%" align="center">Chapter 1. The PowerDNS dynamic nameserver</th><td width="20%" align="right"> <a accesskey="n" href="security-policy.html">Next</a></td></tr></table><hr /></div><div class="sect1" title="3. Release notes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="changelog"></a>3. Release notes</h2></div></div></div><div class="toc"><dl><dt><span class="sect2"><a href="changelog.html#changelog-auth-3-2">3.1. PowerDNS Authoritative Server 3.2</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-auth-3-1">3.2. PowerDNS Authoritative Server 3.1</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-auth-2-9-22-6">3.3. Authoritative Server version 2.9.22.6</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-auth-2-9-22-5">3.4. Authoritative Server version 2.9.22.5</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-auth-3-0-1">3.5. PowerDNS Authoritative Server 3.0.1</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-auth-3-0">3.6. PowerDNS Authoritative Server 3.0</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-recursor-3-3-1">3.7. Recursor version 3.3.1 </a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-recursor-3-3">3.8. Recursor version 3.3 </a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-recursor-3-2">3.9. Recursor version 3.2</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-recursor-3-1-7-2">3.10. Recursor version 3.1.7.2</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-recursor-3-1-7-1">3.11. Recursor version 3.1.7.1</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-auth-2-9-22">3.12. Authoritative Server version 2.9.22</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-auth-2-9-21-2">3.13. Authoritative Server version 2.9.21.2</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-auth-2-9-21-1">3.14. Authoritative Server version 2.9.21.1</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-recursor-3-1-7">3.15. Recursor version 3.1.7</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-recursor-3-1-6">3.16. Recursor version 3.1.6</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-recursor-3-1-5">3.17. Recursor version 3.1.5</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-9-21">3.18. PowerDNS Authoritative Server version 2.9.21</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-recursor-3-1-4">3.19. Recursor version 3.1.4</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-recursor-3-1-3">3.20. Recursor version 3.1.3</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-recursor-3-1-2">3.21. Recursor version 3.1.2</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-recursor-3-1-1">3.22. Recursor version 3.1.1</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-recursor-3-0-1">3.23. Recursor version 3.0.1</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-recursor-3-0">3.24. Recursor version 3.0</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-9-20">3.25. Version 2.9.20</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-9-19">3.26. Version 2.9.19</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-9-18">3.27. Version 2.9.18</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-9-17">3.28. Version 2.9.17</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-9-16">3.29. Version 2.9.16</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-9-15">3.30. Version 2.9.15</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-9-14">3.31. Version 2.9.14</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-9-13">3.32. Version 2.9.13</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-9-12">3.33. Version 2.9.12</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-9-11">3.34. Version 2.9.11</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-9-10">3.35. Version 2.9.10</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-9-8">3.36. Version 2.9.8</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-9-7">3.37. Version 2.9.7</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-9-6">3.38. Version 2.9.6</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-9-5">3.39. Version 2.9.5</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-9-4">3.40. Version 2.9.4</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-9-3">3.41. Version 2.9.3a</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-9-2">3.42. Version 2.9.2</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-9-1">3.43. Version 2.9.1</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-9">3.44. Version 2.9</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-8">3.45. Version 2.8</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-7">3.46. Version 2.7 and 2.7.1</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-6-1">3.47. Version 2.6.1</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-6">3.48. Version 2.6</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-5-1">3.49. Version 2.5.1</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-5">3.50. Version 2.5</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-4">3.51. Version 2.4</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-3">3.52. Version 2.3</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-2">3.53. Version 2.2</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-1">3.54. Version 2.1</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-0-1">3.55. Version 2.0.1</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-0">3.56. Version 2.0</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-0-rc2">3.57. Version 2.0 Release Candidate 2</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-2-0-rc1">3.58. Version 2.0 Release Candidate 1</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-1-99-12">3.59. Version 1.99.12 Prerelease</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-1-99-11">3.60. Version 1.99.11 Prerelease</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-1-99-10">3.61. Version 1.99.10 Prerelease</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-1-99-9">3.62. Version 1.99.9 Early Access Prerelease</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-1-99-8">3.63. Version 1.99.8 Early Access Prerelease</a></span></dt><dt><span class="sect2"><a href="changelog.html#changelog-1-99-7">3.64. Version 1.99.7 Early Access Prerelease</a></span></dt><dt><span class="sect2"><a href="changelog.html#idp7473920">3.65. Version 1.99.6 Early Access Prerelease</a></span></dt><dt><span class="sect2"><a href="changelog.html#idp7487696">3.66. Version 1.99.5 Early Access Prerelease</a></span></dt><dt><span class="sect2"><a href="changelog.html#idp7505760">3.67. Version 1.99.4 Early Access Prerelease</a></span></dt><dt><span class="sect2"><a href="changelog.html#idp7524240">3.68. Version 1.99.3 Early Access Prerelease</a></span></dt><dt><span class="sect2"><a href="changelog.html#idp7541440">3.69. Version 1.99.2 Early Access Prerelease</a></span></dt><dt><span class="sect2"><a href="changelog.html#idp7564112">3.70. Version 1.99.1 Early Access Prerelease</a></span></dt></dl></div><p>
Before proceeding, it is advised to check the release notes for your PDNS version, as specified in the name of the distribution
file.
</p><p>
Beyond PowerDNS 2.9.20, the Authoritative Server and Recursor are released separately.
</p><div class="sect2" title="3.1. PowerDNS Authoritative Server 3.2"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-auth-3-2"></a>3.1. PowerDNS Authoritative Server 3.2</h3></div></div></div><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Warning"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Warning]" src="warning.png" /></td><th align="left">Warning</th></tr><tr><td align="left" valign="top"><p>Version 3.2 of the PowerDNS Authoritative Server is a major upgrade if you are coming from 2.9.x. There are also some important changes if you are coming from 3.0 or 3.1
Please refer to <a class="xref" href="upgrades.html#from2.9to3.0" title="1. From PowerDNS Authoritative Server 2.9.x to 3.0">Section 1, “From PowerDNS Authoritative Server 2.9.x to 3.0”</a>, <a class="xref" href="from3.0to3.1.html" title="2. From PowerDNS Authoritative Server 3.0 to 3.1">Section 2, “From PowerDNS Authoritative Server 3.0 to 3.1”</a> and <a class="xref" href="from3.1to3.2.html" title="3. From PowerDNS Authoritative Server 3.1 to 3.2">Section 3, “From PowerDNS Authoritative Server 3.1 to 3.2”</a> for important information on
correct and stable operation, as well as notes on performance and memory use.</p></td></tr></table></div><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Note"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Note]" src="note.png" /></td><th align="left">Note</th></tr><tr><td align="left" valign="top"><p>Released January 17th, 2013</p><p>Downloads:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
<a class="ulink" href="http://www.powerdns.com/content/downloads.html" target="_top">Official download page</a>
</p></li><li class="listitem"><p>
<a class="ulink" href="http://www.monshouwer.eu/download/3rd_party/pdns-server/" target="_top">native RHEL5/6 packages from Kees Monshouwer</a>
</p></li><li class="listitem"><p>
<a class="ulink" href="http://wiki.powerdns.com/trac#GettingPowerDNSpackages" target="_top">additional third-party builds</a>
</p></li></ul></div><p>
</p></td></tr></table></div><p>
This is a stability and conformity update to 3.1. It mostly makes our DNSSEC implementation more robust,
and improves interoperability with various validators. 3.2 has received very extensive testing on a lot
of edge cases, verifying output both against common validators and compared against other authoritative servers.
</p><p>
In addition to all the changes below, we now auto-build semi-static packages. Relevant changes to
make that possible are in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2849" target="_top">commit 2849</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2853" target="_top">commit 2853</a>, 2858, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2859" target="_top">commit 2859</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2860" target="_top">commit 2860</a>.
</p><p>
Changes between 3.2-RC4 and the final 3.2 release:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Aki Tuomi contributed a bunch of fixes to our crypto drivers. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/3036" target="_top">commit 3036</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/3055" target="_top">commit 3055</a>/<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/3057" target="_top">commit 3057</a>.
</p></li><li class="listitem"><p>
The ksk|zsk argument for pdnssec import-zone-key was required while it should be optional. Fixed in r3051.
</p></li></ul></div><p>
</p><p>
Changes between 3.2-RC3 and 3.2-RC4:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
The experimental undocumented bindbackend superslave mode would break the first added domain until a restart. Fixed by Kees Monshouwer in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/3013" target="_top">commit 3013</a>.
</p></li><li class="listitem"><p>
Sander Hoentjen reported an issue with our choice of ports for outgoing TCP connections. Investigating it
turned up that we were randomizing TCP connections on purpose while leaving UDP port choice to the kernel,
which should be the other way around. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/3014" target="_top">commit 3014</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/643" target="_top">ticket 643</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/644" target="_top">ticket 644</a>.
</p></li><li class="listitem"><p>
Aki Tuomi contributed some autoconf code to use mysql_config if it is available. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/3015" target="_top">commit 3015</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/3019" target="_top">commit 3019</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/458" target="_top">ticket 458</a>.
</p></li><li class="listitem"><p>
The MongoDB backend was removed at the author's request, as it does not work with any current libmongo versions.
Change in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/3017" target="_top">commit 3017</a>.
</p></li><li class="listitem"><p>
Mark Zealey discovered we were retrieving the ascii powerdns version string for each packet, not just for version string queries. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/3018" target="_top">commit 3018</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/651" target="_top">ticket 651</a>.
</p></li><li class="listitem"><p>
Our new json code would not compile on solaris 9 and 10 due to lack of strcasestr. Juraj Lutter contributed
a portable version in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/3020" target="_top">commit 3020</a>.
</p></li><li class="listitem"><p>
Mark Zealey noted that RRs with low TTLs could lower our query-cache-ttl persistently. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/3023" target="_top">commit 3023</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/662" target="_top">ticket 662</a>.
</p></li><li class="listitem"><p>
pdnssec now honours module-dir, patch by Fredrik Danerklint in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/3026" target="_top">commit 3026</a>.
</p></li></ul></div><p>
</p><p>
Changes between 3.2-RC2 and 3.2-RC3:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Michael Scheffler noticed that the lazy-recursion setting had no effect at all. Setting removed in
<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/3003" target="_top">commit 3003</a>.
</p></li><li class="listitem"><p>
Mark Zealey found that an earlier performance improvement could cause crashes under high load,
with lots of IPs configured in local-address and receiver-threads higher than 1. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/3005" target="_top">commit 3005</a>.
</p></li></ul></div><p>
</p><p>
Changes between 3.2-RC1 and 3.2-RC2:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
The udp-queries metric would only count on the first thread launched, instead of on all threads.
Additionally, it was initialised at MAXINT at startup, instead of at 0. Both issues fixed by Kees
Monshouwer in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2999" target="_top">commit 2999</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/491" target="_top">ticket 491</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/582" target="_top">ticket 582</a>.
</p></li><li class="listitem"><p>
Aki Tuomi contributed zone2json, a great way for programmers to benefit from our zone file parser.
Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2997" target="_top">commit 2997</a>, closes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/509" target="_top">ticket 509</a>.
</p></li><li class="listitem"><p>
Our DNS TXT parser is not 8-bit safe, but our DNS TXT writer assumes the reader is! Reported by Jan-Piet Mens in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/541" target="_top">ticket 541</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2993" target="_top">commit 2993</a> fixes our writer but not yet our parser.
</p></li><li class="listitem"><p>
Ruben d'Arco did some improvements to the MyDNS backend, and provided a full test suite for it, that we
now run after every commit. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2988" target="_top">commit 2988</a>.
</p></li><li class="listitem"><p>
Some exceptions from backends would lose their meaning while bubbling up. Fixed by Aki Tuomi
in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2985" target="_top">commit 2985</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/639" target="_top">ticket 639</a>.
</p></li><li class="listitem"><p>
The packet-cache honours max reply length while matching cached packets against queries, but not EDNS
status. This would mean that EDNS-enabled replies with a 512 reply len could be returned on non-EDNS queries.
Spotted while investigating a report from Winfried Angele, patched by Ruben d'Arco in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2982" target="_top">commit 2982</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/630" target="_top">ticket 630</a>.
</p></li><li class="listitem"><p>
Errors involving creating, deletion or changing permissions on the control socket were unclear.
Ruben d'Arco improved this in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2981" target="_top">commit 2981</a>.
</p></li><li class="listitem"><p>
pipe-timeout was always documented to be in milliseconds, but it turns out it was in seconds! <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2971" target="_top">commit 2971</a> changes
them to actually be in ms, and 'increases' the default from 1000 seconds to 2000 milliseconds.
</p></li><li class="listitem"><p>
Some exceptions would get dropped during inbound AXFR, yielding a log file that says 'transaction started'
and nothing after that, making AXFR fail silently. <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2976" target="_top">commit 2976</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2977" target="_top">commit 2977</a> improve this somewhat.
</p></li><li class="listitem"><p>
We now error out on empty labels inside of names (www..example.com) instead of generating bogus reply
packets. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2972" target="_top">commit 2972</a>, reported by several users.
</p></li><li class="listitem"><p>
Doing chmod before chown, instead of the other way around, apparently avoids requiring a whole SELinux capability. Reported by Sander Hoentjen, fixed in r2965.
</p></li><li class="listitem"><p>
Christian Hofstaedtler fixed a bug in our Debian init.d script. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2963" target="_top">commit 2963</a>.
</p></li><li class="listitem"><p>
Superslave errors ('Unable to find backend willing to host ..') now include the NSset found at the master, to aid debugging. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2887" target="_top">commit 2887</a>.
</p></li><li class="listitem"><p>
<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2874" target="_top">commit 2874</a> in RC1 broke compilation without SQLite3 and made query logging unreliable. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2888" target="_top">commit 2888</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2889" target="_top">commit 2889</a>.
</p></li><li class="listitem"><p>
The dnsreplay tool now processes single packet pcaps. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2895" target="_top">commit 2895</a>.
</p></li><li class="listitem"><p>
PowerDNS always derives NSEC/NSEC3 from the actual zone content. To accomodate this, zone2sql now drops NSEC/NSEC3 records, as those should never be in a PowerDNS backend directly (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2915" target="_top">commit 2915</a>), bindbackend ignores NSEC/NSEC3 while reading zonefiles (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2917" target="_top">commit 2917</a>) and pdnssec reports NSEC/NSEC3 in the database as an error condition (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2918" target="_top">commit 2918</a>).
</p></li><li class="listitem"><p>
The bindbackend now ignores NSEC/NSEC3 records while reading zonefiles. Change in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2917" target="_top">commit 2917</a>.
</p></li><li class="listitem"><p>
An EXPERIMENTAL feature ('direct-dnskey') for reading ZSKs from the records table/your BIND zonefile was added in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2920" target="_top">commit 2920</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2921" target="_top">commit 2921</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2922" target="_top">commit 2922</a>.
</p></li><li class="listitem"><p>
While fully optional, PowerDNS supports direct RRSIG queries. Kees Monshouwer improved on our behaviour for those queries in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2927" target="_top">commit 2927</a>.
</p></li><li class="listitem"><p>
IPv6 glue situations require AAAA records for the receiving end of a delegation in the ADDITIONAL section of a referral. This was supported ('do-ipv6-additional-processing') but not enabled by default. <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2929" target="_top">commit 2929</a> enables it by default.
</p></li><li class="listitem"><p>
pdnssec check-zone now warns for CNAME-and-other data at names in your zones. Code by Ruben d'Arco in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2930" target="_top">commit 2930</a>.
</p></li><li class="listitem"><p>
Positive ANY-responses would include a spurious NSEC3. Corrected in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2932" target="_top">commit 2932</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2933" target="_top">commit 2933</a>, cleaned up by Kees Monshouwer in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2935" target="_top">commit 2935</a>.
</p></li><li class="listitem"><p>
The ldapbackend now allows overriding the base dn for AXFR subtree search. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2934" target="_top">commit 2934</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/536" target="_top">ticket 536</a>.
</p></li></ul></div><p>
</p><p>
Changes below are in 3.2-RC1 and up.
</p><p>
DNSSEC changes in 3.2:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Kees Monshouwer did a tremendous amount of work to improve and perfect our DNSSEC implementation,
mostly in the NSEC3 area. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2687" target="_top">commit 2687</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2689" target="_top">commit 2689</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2691" target="_top">commit 2691</a>, fixing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/486" target="_top">ticket 486</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/537" target="_top">ticket 537</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/540" target="_top">ticket 540</a>. He also implemented support for Empty Non-Terminals,
code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2721" target="_top">commit 2721</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2732" target="_top">commit 2732</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2745" target="_top">commit 2745</a>, fixing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/127" target="_top">ticket 127</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/558" target="_top">ticket 558</a>.
</p></li><li class="listitem"><p>
Presigned wildcard operation was improved with the help of many parties (see commit message for <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2676" target="_top">commit 2676</a>). Presigned operation
was also changed to be more consistent with master/live-signing operation. Code and a full test suite in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2709" target="_top">commit 2709</a>, which also improves
TTL behaviour for various situations. Fixes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/460" target="_top">ticket 460</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/533" target="_top">ticket 533</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/559" target="_top">ticket 559</a>.
</p></li><li class="listitem"><p>
Depending on database & locale settings, names starting with underscore would sometimes cause broken records. <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2710" target="_top">commit 2710</a> contains schema
and code changes for the gpgsql and gmysql backends to sort this (no pun intended) definitively, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/550" target="_top">ticket 550</a>. In addition, a pdnssec test-schema command was added (experimental and incomplete). It can be used to verify underscore sorting and a few other parameters of the database. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2714" target="_top">commit 2714</a>.
</p></li><li class="listitem"><p>
We now always include an EDNS section in responses to queries that also had an EDNS section. This was thought to improve BIND interoperability, but this turned out to be false. In any case, this change improves standards compliance. Spotted by Mats Dufberg, code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2649" target="_top">commit 2649</a>.
</p></li><li class="listitem"><p>
It turns out we were storing Botan keys the wrong way. Botan did not care but Polar did, causing interoperability problems. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2720" target="_top">commit 2720</a>, with the kind help of Paul Bakker of PolarSSL. Fixes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/492" target="_top">ticket 492</a> as reported by Florian Obser via Debian.
</p></li><li class="listitem"><p>
pdnssec add-zone-key now defaults to RSASHA256, like secure-zone already did. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2692" target="_top">commit 2692</a>.
</p></li><li class="listitem"><p>
pdns_control purge now also purges DNSSEC-related caches (keys and metadata). Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2694" target="_top">commit 2694</a>, by Ruben d'Arco. Fixes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/530" target="_top">ticket 530</a>.
</p></li><li class="listitem"><p>
The signer thread would die in specific situations, leaving you with a non-working but very busy system. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2668" target="_top">commit 2668</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2670" target="_top">commit 2670</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/517" target="_top">ticket 517</a>.
</p></li><li class="listitem"><p>
pdnssec secure-zone now warns when you just signed a slave zone. Suggested by Mark Scholten, code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2795" target="_top">commit 2795</a>, closes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/592" target="_top">ticket 592</a>.
</p></li><li class="listitem"><p>
pdnssec check-zone now warns about out-of-zone data. Patch by Kees Monshouwer in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2826" target="_top">commit 2826</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/604" target="_top">ticket 604</a>.
</p></li><li class="listitem"><p>
pdnssec now honours --no-config. Patch by Kees Monshouwer in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2810" target="_top">commit 2810</a>.
</p></li><li class="listitem"><p>
Various fixes for bindbackend presigned operation, mostly by Kees Monshouwer. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2815" target="_top">commit 2815</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/600" target="_top">ticket 600</a>.
</p></li><li class="listitem"><p>
Bindbackend could get confused about domain metadata, sometimes even causing hangs. Fixes by Kees Monshouwer in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2819" target="_top">commit 2819</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2834" target="_top">commit 2834</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/600" target="_top">ticket 600</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/603" target="_top">ticket 603</a>.
</p></li><li class="listitem"><p>
SQL queries in gsql backends that reference the domain_id column have been made explicit about from what table they want this column. This makes it
easier to operate custom schemas without changing the queries. Fix by Nicky Gerritsen in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2821" target="_top">commit 2821</a>.
</p></li><li class="listitem"><p>
In various situations involving CNAMEs and wildcards, and for ANY queries involving CNAMEs, we would sometimes return bogus results. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2825" target="_top">commit 2825</a> by Kees Monshouwer.
</p></li><li class="listitem"><p>
rectify-zone accidentally set auth=1 on NS records of secure delegations. Reported by George Notaras, fixed by Kees Monshouwer in r2831, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/605" target="_top">ticket 605</a>.
</p></li><li class="listitem"><p>
The DNSSEC signature cache now actually gets cleaned up, avoiding lasting spikes in memory usage every thursday. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2836" target="_top">commit 2836</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2843" target="_top">commit 2843</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/594" target="_top">ticket 594</a>.
</p></li><li class="listitem"><p>
Signatures used to roll at midnight on thursday. We now roll them one hour after midnight, with inception
still set to midnight, to allow for some variations in clock quality on resolvers. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2857" target="_top">commit 2857</a>.
</p></li><li class="listitem"><p>
Duplicate records (same name/type/content/priority) would sometimes get broken RRSIGs during
outgoing AXFR. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2856" target="_top">commit 2856</a>.
</p></li><li class="listitem"><p>
A root zone (name="") with DNSSEC would cause crashes in some situations. Reported by Luuk Hendriks. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2867" target="_top">commit 2867</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2868" target="_top">commit 2868</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/614" target="_top">ticket 614</a>.
</p></li><li class="listitem"><p>
Direct RRSIG queries for zones with auto-completed SOA records would cause trouble. Reported by Kees Monshouwer and fixed by him in r2869.
</p></li><li class="listitem"><p>
When a name is matched only by a wildcard, but the type in the query is not present, we would be
lacking one NSEC(3) record to prove the existence of the wildcard. Fixed by Kees Monshouwer in r2872 and r2873.
</p></li><li class="listitem"><p>
Luuk Hendriks spotted that our PolarSSL RSA key generation code was using inferior entropy. This can be important on virtual machines with badly implemented clocks. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2876" target="_top">commit 2876</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/615" target="_top">ticket 615</a>.
</p></li></ul></div><p>
Non-DNSSEC improvements/changes in 3.2:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Bindbackend would sometimes crash on startup, due to a sync_with_stdio call. This call has been
moved to pdns_server proper to occur before any threads are spawned, avoiding race conditions in this call. Note that this crash has only been observed twice in thousands of regression test runs and has never been reported in the real world. Change in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2882" target="_top">commit 2882</a>.
</p></li><li class="listitem"><p>
Leen Besselink submitted query logging support for the SQLite3 parts in the bindbackend. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2874" target="_top">commit 2874</a>.
</p></li><li class="listitem"><p>
Multi-backend operation would sometimes cause garbage domain IDs to be passed to backends. Reported by Kees Monshouwer and fixed by him in r2871.
</p></li><li class="listitem"><p>
Bindbackend would sometimes crash during reloads/rediscovers. The changes in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2837" target="_top">commit 2837</a> get rid of the crash, at the cost of returning SERVFAIL
during reloads. Closes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/564" target="_top">ticket 564</a>.
</p></li><li class="listitem"><p>
Our label decompression code was naive, causing troubles for slaving of very specifically formatted zones. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/2822" target="_top">ticket 2822</a>, closes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/599" target="_top">ticket 599</a>.
</p></li><li class="listitem"><p>
Bindbackend slaves would choke on unknown RR types and do silly things with RP and SRV records. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2811" target="_top">commit 2811</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2812" target="_top">commit 2812</a>.
</p></li><li class="listitem"><p>
The luabackend can now compile against Lua 5.2. Patch by Fredrik Danerklint in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2794" target="_top">commit 2794</a>, additional
luabackend compile fixes in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2854" target="_top">commit 2854</a>.
</p></li><li class="listitem"><p>
A new backend, the 'Remote backend' <a class="xref" href="remotebackend.html" title="15. Remote Backend">Section 15, “Remote Backend”</a> was submitted by Aki Tuomi. It aims to replace the pipebackend with a better protocol and support for more connection methods, including HTTP. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2755" target="_top">commit 2755</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2756" target="_top">commit 2756</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2757" target="_top">commit 2757</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2758" target="_top">commit 2758</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2759" target="_top">commit 2759</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2824" target="_top">commit 2824</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/529" target="_top">ticket 529</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/597" target="_top">ticket 597</a>.
</p></li><li class="listitem"><p>
The gsqlite (SQLite 2) backend was removed. We were not aware of any users and it was not actually working anyway. Changes in commits <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2773" target="_top">2773</a>-<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2777" target="_top">2777</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/565" target="_top">ticket 565</a>.
</p></li><li class="listitem"><p>
Various tinydnsbackend improvements: ignore-bogus-records option; TAI offset updated; strip dots on names where suitable; various internal improvements. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2762" target="_top">commit 2762</a>.
</p></li><li class="listitem"><p>
gpgsql no longer logs the database password in connection errors. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2609" target="_top">commit 2609</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2612" target="_top">commit 2612</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/459" target="_top">ticket 459</a>.
</p></li><li class="listitem"><p>
You can now finally specify 0.0.0.0 or :: as local-address/local-ipv6 without getting replies from the wrong address. This much-requested feature is implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2763" target="_top">commit 2763</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2766" target="_top">commit 2766</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2779" target="_top">commit 2779</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2781" target="_top">commit 2781</a>. Tested on Linux, FreeBSD and Mac OS X.
</p></li><li class="listitem"><p>
3.2 can be reliably built with or without Lua. This and many other configure/compile-related fixes in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2610" target="_top">commit 2610</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2611" target="_top">commit 2611</a> / <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/461" target="_top">ticket 461</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2666" target="_top">commit 2666</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2671" target="_top">commit 2671</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2672" target="_top">commit 2672</a> / <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/522" target="_top">ticket 522</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2673" target="_top">commit 2673</a> / <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/522" target="_top">ticket 522</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2696" target="_top">commit 2696</a> / <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/555" target="_top">ticket 555</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2697" target="_top">commit 2697</a> / <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/457" target="_top">ticket 457</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2698" target="_top">commit 2698</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2708" target="_top">commit 2708</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2742" target="_top">commit 2742</a> / <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/462" target="_top">ticket 462</a>), <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2752" target="_top">commit 2752</a> / <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/437" target="_top">ticket 437</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2764" target="_top">commit 2764</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2809" target="_top">commit 2809</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2844" target="_top">commit 2844</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2845" target="_top">commit 2845</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2846" target="_top">commit 2846</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2881" target="_top">commit 2881</a>.
</p></li><li class="listitem"><p>
Juraj Lutter contributed AXFR-SOURCE per zone metadata settings. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2616" target="_top">commit 2616</a>.
</p></li><li class="listitem"><p>
Initscripts now have exit codes, submitted by Sander Hoentjen. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2728" target="_top">commit 2728</a>. Guardian now returns 0 instead of 1 when receiving SIGTERM, requested by Morten Stevens of Fedora. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2717" target="_top">commit 2717</a>.
</p></li><li class="listitem"><p>
Mark Zealey submitted various performance improvement patches and suggestions. Accepted as <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2729" target="_top">commit 2729</a> / <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/579" target="_top">ticket 579</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2730" target="_top">commit 2730</a> / <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/584" target="_top">ticket 584</a>), <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2731" target="_top">commit 2731</a> / <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/583" target="_top">ticket 583</a>), <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2768" target="_top">commit 2768</a> / <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/578" target="_top">ticket 578</a>). Please see commit messages for more details.
</p></li><li class="listitem"><p>
pdnssec check-all-zones now reuses database connections, avoiding a socket exhaustion issue in some situations. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2749" target="_top">commit 2749</a>, closes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/519" target="_top">ticket 519</a>.
</p></li><li class="listitem"><p>
Ruben d'Arco submitted various improvements regarding trailing dots. Additional lookups now try harder, pdnssec errors about trailing dots in names, pdnssec warns about trailing dots in names inside content fields, AXFR now strips the dot from SRV hostnames. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2748" target="_top">commit 2748</a>, fixes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/289" target="_top">ticket 289</a>.
</p></li><li class="listitem"><p>
Pre-3.0, backends would get cycled if they threw the right error. 3.2 reinstates this behaviour, as it is more robust. Change in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2734" target="_top">commit 2734</a> (reverting <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2100" target="_top">commit 2100</a>), fixes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/386" target="_top">ticket 386</a>.
</p></li><li class="listitem"><p>
PowerDNS auth does not use the select() kernel/library call anymore. This means fd-numbers over 1023 (and, in general, more than 1024 sockets, including more than 1024 listening sockets) should now work reliably. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2739" target="_top">commit 2739</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2740" target="_top">commit 2740</a>, fixes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/408" target="_top">ticket 408</a>.
</p></li><li class="listitem"><p>
gmysql users can now specify the 'group' we connect as, using the gmysql-group setting. Submitted by Kees Monshouwer, code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2770" target="_top">commit 2770</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2771" target="_top">commit 2771</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2778" target="_top">commit 2778</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2780" target="_top">commit 2780</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/463" target="_top">ticket 463</a>.
</p></li><li class="listitem"><p>
The Linux-only traceback handler is now optional (use traceback-handler=off to disable it). Suggested by Marc Haber. Change in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2798" target="_top">commit 2798</a>, closes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/497" target="_top">ticket 497</a>.
</p></li><li class="listitem"><p>
We now use IPV6_V6ONLY to bind IPv6 sockets. This ensures consistent behaviour between different operating systems. Change in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2799" target="_top">commit 2799</a>.
</p></li><li class="listitem"><p>
MySQL connections are now logged at a higher loglevel, reducing log clutter. Change in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2800" target="_top">commit 2800</a>.
</p></li><li class="listitem"><p>
We now ship a systemd unit file in contrib/. Added in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2847" target="_top">commit 2847</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2848" target="_top">commit 2848</a>, submitted by Morten Stevens.
</p></li></ul></div><p>
Assorted bugfixes:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
If a slave domain is removed while a transfer for it is queued, we no longer try the transfer. This also avoids a rare crash in similar circumstances. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2802" target="_top">commit 2802</a>, closes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/596" target="_top">ticket 596</a>.
</p></li><li class="listitem"><p>
When using pdnssec with gsql backends, sometimes an SSqlException would pop up without any useful information. This no longer happens and errors are now in general more meaningful. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2803" target="_top">commit 2803</a>.
</p></li><li class="listitem"><p>
zone2sql now uses correct string syntax for PostgreSQL. This is needed for importing with the changed default settings in PostgreSQL 9.2 and up.
Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2797" target="_top">commit 2797</a>, closes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/471" target="_top">ticket 471</a>.
</p></li><li class="listitem"><p>
We no longer send v6 notifications if v6 is not available. Same for IPv4. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2772" target="_top">commit 2772</a>, fixes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/515" target="_top">ticket 515</a>.
</p></li><li class="listitem"><p>
We would sometimes serve stale data after an incoming AXFR. Reported by Martin Draschl, fixed by Ruben d'Arco in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2699" target="_top">commit 2699</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/525" target="_top">ticket 525</a>.
</p></li><li class="listitem"><p>
Duplicate incoming NOTIFYs could cause PowerDNS to try to insert the same domain name into a database twice. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2703" target="_top">commit 2703</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/453" target="_top">ticket 453</a>.
</p></li><li class="listitem"><p>
pdnssec show-zone now works on a zone that has any number of keys, instead of requiring active keys. Reported by Jeroen Tushuizen of myH2Oservers, code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2769" target="_top">commit 2769</a>, closes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/586" target="_top">ticket 586</a>.
</p></li><li class="listitem"><p>
pdns-control notify-host now accepts v6 literals. Reported by Christof Meerwald, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2704" target="_top">commit 2704</a>.
</p></li><li class="listitem"><p>
The tinydnsbackend no longer chokes on questions longer than 64 bytes. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2622" target="_top">commit 2622</a>.
</p></li><li class="listitem"><p>
*-all-domains commands in pdnssec now work with Postgres (gpgsql) too. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2645" target="_top">commit 2645</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/472" target="_top">ticket 472</a>.
</p></li><li class="listitem"><p>
We would sometimes leave the opcode of an outgoing packet uninitialized. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2680" target="_top">commit 2680</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/532" target="_top">ticket 532</a>.
</p></li><li class="listitem"><p>
nproxy can now listen on a configurable port. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2684" target="_top">commit 2684</a>, fixes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/534" target="_top">ticket 534</a>.
</p></li><li class="listitem"><p>
Improve mydnsbackend for SOA queries. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2751" target="_top">commit 2751</a>, fixes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/439" target="_top">ticket 439</a>, by Ruben d'Arco.
</p></li><li class="listitem"><p>
Various non-functional fixes that make Valgrind happy (note that Valgrind was right to complain in all of these situations), in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2715" target="_top">commit 2715</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2716" target="_top">commit 2716</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2718" target="_top">commit 2718</a>.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.2. PowerDNS Authoritative Server 3.1"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-auth-3-1"></a>3.2. PowerDNS Authoritative Server 3.1</h3></div></div></div><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Warning"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Warning]" src="warning.png" /></td><th align="left">Warning</th></tr><tr><td align="left" valign="top"><p>Version 3.1 of the PowerDNS Authoritative Server is a major upgrade if you are coming from 2.9.x. There are also some important changes if you are coming from 3.0.
Please refer to <a class="xref" href="upgrades.html#from2.9to3.0" title="1. From PowerDNS Authoritative Server 2.9.x to 3.0">Section 1, “From PowerDNS Authoritative Server 2.9.x to 3.0”</a> and <a class="xref" href="from3.0to3.1.html" title="2. From PowerDNS Authoritative Server 3.0 to 3.1">Section 2, “From PowerDNS Authoritative Server 3.0 to 3.1”</a> for important information on
correct and stable operation, as well as notes on performance and memory use.</p></td></tr></table></div><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Note"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Note]" src="note.png" /></td><th align="left">Note</th></tr><tr><td align="left" valign="top"><p>Released on the 4th of May 2012</p><p>RC3 released on the 30th of April 2012</p><p>RC2 released on the 14th of April 2012</p><p>RC1 released on the 23th of March 2012</p></td></tr></table></div><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Note"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Note]" src="note.png" /></td><th align="left">Note</th></tr><tr><td align="left" valign="top"><p>Downloads:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
<a class="ulink" href="http://www.powerdns.com/content/downloads.html" target="_top">Official download page</a>
</p></li><li class="listitem"><p>
<a class="ulink" href="http://www.monshouwer.eu/download/3rd_party/pdns-server/" target="_top">CentOS/RHEL 5/6 RPMs</a> kindly provided by Kees Monshouwer.
</p></li><li class="listitem"><p>
<a class="ulink" href="http://wiki.powerdns.com/trac#GettingPowerDNSpackages" target="_top">Additional packages</a> kindly provided by various other people.
</p></li></ul></div><p>
</p></td></tr></table></div><p>
Version 3.1 of the PowerDNS Authoritative Server represents the 'coming of age' of our DNSSEC implementation.
In addition, 3.1 solves a lot of '.0' issues typically associated with a major new release.
</p><p>
As usual, we are very grateful for the involvement of the PowerDNS community. The uptake of 3.0
was rapid, and many users were very helpful in shaking out the bugs, and willing to test the fixes we provided or, in many cases,
provided the fixes themselves.
</p><p>
Of specific note is the giant PowerDNS DNSSEC deployment in Sweden by Atomia and Binero. PowerDNS 3.0 now powers
over 150000 DNSSEC domains in Sweden, around 95% of all DNSSEC domains, in a country were most internet service
providers actually validate all .SE domains.
</p><p>
Finally, this release has benefited a lot from Peter van Dijk joining us, as he has merged a tremendous amount of patches,
cleaned up years of accumulated dust in the code, and massively improved our regression testing into a full blown continuous integration setup
with full DNSSEC tests!
</p><p>
Additionally, we would like to thank Ruben d'Arco, Jose Arthur Benetasso Villanova, Marc Haber, Jimmy Bergman, Aki Tuomi and everyone else who helped us out!
</p><p>
Changes between RC3 and final:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
pdnssec now honours the default-soa-name setting. Reported by Kees Monshouwer, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2600" target="_top">commit 2600</a>.
</p></li></ul></div><p>
</p><p>
Changes between RC2 and RC3:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
The hidden test-algorithms command for pdnssec now has a little brother 'test-algorithm X'. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2596" target="_top">commit 2596</a>, by Aki Tuomi.
</p></li><li class="listitem"><p>
PolarSSL upgraded to 1.1.2 due to weak RSA key generation (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2586" target="_top">commit 2586</a>). If you created RSA keys with RC1 or RC2 using PolarSSL, please replace them! This upgrade introduced a slowdown; speedup patch in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2593" target="_top">commit 2593</a>.
</p></li><li class="listitem"><p>
It turns out we were using libmysqlclient in a thread-unsafe manner. This issue was reported and painstakingly debugged by Marc Haber. Presumably fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2591" target="_top">commit 2591</a>.
</p></li><li class="listitem"><p>
Updated a bunch of internal counters to be threadsafe. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2579" target="_top">commit 2579</a>.
</p></li><li class="listitem"><p>
NSEC(3) bitmaps can now cover RRtypes above 255. Reported by Michael Braunoeder, patch by Aki Tuomi in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2590" target="_top">commit 2590</a>.
</p></li><li class="listitem"><p>
pdnssec check-zone now reports MBOXFW and URL records (as those are unsupported since 3.0). Reported by Gerwin Krist of Digitalus, patch by Ruben d'Arco. Closes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/446" target="_top">ticket 446</a>.
</p></li><li class="listitem"><p>
The odbcbackend was removed. It only runs on Windows and Windows is unsupported since 3.0. Removal in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2576" target="_top">commit 2576</a>.
</p></li><li class="listitem"><p>
We used to send the chunk length and the actual chunk in two separate writes (often resulting in two separate TCP packets) during outbound AXFR. This confused MSDNS. We now combine those writes. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2575" target="_top">commit 2575</a>.
</p></li><li class="listitem"><p>
The bindbackend can now run without SQLite3, as previously intended. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2574" target="_top">commit 2574</a>.
</p></li><li class="listitem"><p>
Some high-concurrency master setups would crash under load. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2571" target="_top">commit 2571</a>.
</p></li></ul></div><p>
</p><p>
Changes between RC1 and RC2:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
We imported the TinyDNS backend by Ruben d'Arco. Code mostly in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2559" target="_top">commit 2559</a>. See <a class="xref" href="tinydnsbackend.html" title="14. TinyDNS Backend">Section 14, “TinyDNS Backend”</a>.
</p></li><li class="listitem"><p>
Overriding C(XX)FLAGS is easier now. Problem pointed out by Jose Arthur Benetasso Villanova and others, fix suggested by Sten Spans. Patch in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2533" target="_top">commit 2533</a>.
</p></li><li class="listitem"><p>
TSIG fixes: skip embedded spaces in keys (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2536" target="_top">commit 2536</a>), compute signatures correctly (by Ruben d'Arco in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2547" target="_top">commit 2547</a>),
</p></li><li class="listitem"><p>
nproxy, dnsscan and dnsdemog did not compile at all. Fixes in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2538" target="_top">commit 2538</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2554" target="_top">commit 2554</a>.
</p></li><li class="listitem"><p>
We now allow unescaped tabs in TXT records. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2539" target="_top">commit 2539</a>.
</p></li><li class="listitem"><p>
SOA records no longer disappear during incoming transfers. Fix by Ruben d'Arco in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2540" target="_top">commit 2540</a>.
</p></li><li class="listitem"><p>
PowerDNS compiles on OS X (and other platforms that support our auth server but not the recursor) again, fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2566" target="_top">commit 2566</a>.
</p></li><li class="listitem"><p>
Cleanups related to warnings from gcc and valgrind in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2561" target="_top">commit 2561</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2562" target="_top">commit 2562</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2565" target="_top">commit 2565</a>.
</p></li><li class="listitem"><p>
Solaris compatibility fixes by Ruben d'Arco, Juraj Lutter and others in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2548" target="_top">commit 2548</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2552" target="_top">commit 2552</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2553" target="_top">commit 2553</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2560" target="_top">commit 2560</a>.
Fixes for *BSD in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2546" target="_top">commit 2546</a>.
</p></li><li class="listitem"><p>
pdns_control help would report 'version' twice, reported by Gerwin, fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2549" target="_top">commit 2549</a>.
</p></li></ul></div><p>
</p><p>
DNSSEC related fixes:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
When slaving zones, PowerDNS now automatically detects that a zone is presigned. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2502" target="_top">commit 2502</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/369" target="_top">ticket 369</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/392" target="_top">ticket 392</a>.
</p></li><li class="listitem"><p>
The bindbackend can now manage its own SQLite3 database to store key data, removing the need to run it with a gsql backend. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2448" target="_top">commit 2448</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2449" target="_top">commit 2449</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2450" target="_top">commit 2450</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2451" target="_top">commit 2451</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2452" target="_top">commit 2452</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2453" target="_top">commit 2453</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2455" target="_top">commit 2455</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2482" target="_top">commit 2482</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2496" target="_top">commit 2496</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2499" target="_top">commit 2499</a>.
</p></li><li class="listitem"><p>
NSEC/NSEC3 logic for picking 'boundary' names was tricky, and got it wrong in some cases. Fixes in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2289" target="_top">commit 2289</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2429" target="_top">commit 2429</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2435" target="_top">commit 2435</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2473" target="_top">commit 2473</a>.
</p></li><li class="listitem"><p>
The subtle differences between 'what records get NSEC', 'what records get NSEC3' and 'what records should get signed' did not translate well to the SQL auth column. We now use 'ordername IS NULL' to map the whole spectrum. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2477" target="_top">commit 2477</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2480" target="_top">commit 2480</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2492" target="_top">commit 2492</a>.
</p></li><li class="listitem"><p>
Pre-signed AXFR output, although correct, was different from our query responses. Rectified in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2477" target="_top">commit 2477</a>.
</p></li><li class="listitem"><p>
Spotted & fixed by Jimmy Bergman of Atomia, CNAMEs and RRSIGs could have bad interactions. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2314" target="_top">commit 2314</a>,
further refined in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2318" target="_top">commit 2318</a>. Closes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/411" target="_top">ticket 411</a>.
</p></li><li class="listitem"><p>
Spotted & fixed by Jimmy Bergman of Atomia, we now allow direct RRSIG queries even when do=0.
</p></li><li class="listitem"><p>
Spotted by Mark Scholten and Marco Davids, we would sometimes generate duplicate (and wrong) RRSIGs when signing an ANY answer
because of record jumbling. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2381" target="_top">commit 2381</a>.
</p></li><li class="listitem"><p>
Several fixes to handling of DS queries, in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2420" target="_top">commit 2420</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2510" target="_top">commit 2510</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2512" target="_top">commit 2512</a>.
</p></li><li class="listitem"><p>
We now lowercase the signer name in an RRSIG. This is not mandated by DNSSEC specification but it improves compatibility with some validators. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2426" target="_top">commit 2426</a>.
</p></li></ul></div><p>
</p><p>
Bug fixes:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Winfried Angele discovered we would open an additional backend connection per zone in the BIND backend.
This only impacted users with multiple simultaneous backends. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2253" target="_top">commit 2253</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/383" target="_top">ticket 383</a>.
</p></li><li class="listitem"><p>
All versions of max-cache-entries setting had confusing behaviour when set to 0. Now clarified to mean that 0 truly means 0, and not 'infinite'.
Change in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2328" target="_top">commit 2328</a>.
</p></li><li class="listitem"><p>
Wildcards in the presence of delegations were broken. Reported by a cast of thousands. Fix & regression test in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2368" target="_top">commit 2368</a>. Closes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/389" target="_top">ticket 389</a>.
</p></li><li class="listitem"><p>
Internal caches used an order of magnitude more memory than expected and some were not purged properly, which hindered real life deployments. Spotted
by Winfried Angele and others. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2287" target="_top">commit 2287</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2328" target="_top">commit 2328</a>.
</p></li><li class="listitem"><p>
Christof Meerwald discovered our .tar file missed a file of the Lua backend. Change in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2257" target="_top">commit 2257</a>.
</p></li><li class="listitem"><p>
Paul Xek found out that the edns-subnet support did not work for subnets tinier than a /25 or /121. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2258" target="_top">commit 2258</a>.
</p></li><li class="listitem"><p>
edns-subnet aware PIPE scripts received bogus remote information on AXFR requests. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2284" target="_top">commit 2284</a>.
</p></li><li class="listitem"><p>
Fix compilation against older versions of MySQL that do not have MYSQL_OPT_RECONNECT. <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2264" target="_top">commit 2264</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/378" target="_top">ticket 378</a>.
</p></li><li class="listitem"><p>
D. Stussy of Snarked.net discovered that PowerDNS could not parse a DNS packet with a trailing blob of unknown length. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2267" target="_top">commit 2267</a>.
</p></li><li class="listitem"><p>
'pdnssec' did not work for records with NULL ttls. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2266" target="_top">commit 2266</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/432" target="_top">ticket 432</a>.
</p></li><li class="listitem"><p>
Pipe backend had issues parsing IPv6 records in ABI version 3. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2260" target="_top">commit 2260</a>.
</p></li><li class="listitem"><p>
We truncated the altitude in LOC records! I hope no one got lost. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2268" target="_top">commit 2268</a>.
</p></li><li class="listitem"><p>
Xander Soldaat discovered that even if the web server was not configured, we'd still listen on the port. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2269" target="_top">commit 2269</a>, closes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/402" target="_top">ticket 402</a>.
</p></li><li class="listitem"><p>
The PIPE backend issues frequent fork()s, leading to potential fd leaks if these are not marked as
'close on exec'. Solved in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2273" target="_top">commit 2273</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/194" target="_top">ticket 194</a>.
</p></li><li class="listitem"><p>
Robert van der Meulen found that we messed up the interaction between wildcards and CNAMEs. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2276" target="_top">commit 2276</a>, which also
adds a regression test to prevent this issue from recurring.
</p></li><li class="listitem"><p>
Fred Wittekind discovered that our notification proxy 'nproxy' no longer built from source. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2278" target="_top">commit 2278</a>.
</p></li><li class="listitem"><p>
Grant Keller found that we were inconsistent with spaces in labels, thus breaking DNS-SD. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2305" target="_top">commit 2305</a>.
</p></li><li class="listitem"><p>
Winfried Angele fixed our autoconf script for Lua detection in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2308" target="_top">commit 2308</a>.
</p></li><li class="listitem"><p>
BIND backend would leak an fd when including a configuration file from named.conf. Spotted
by Hannu Ylitalo of Nebula Oy in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2359" target="_top">commit 2359</a>.
</p></li><li class="listitem"><p>
GSQLite3 backend could crash on a network error at the wrong moment, leading to a restart by the guardian.
Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2336" target="_top">commit 2336</a>.
</p></li><li class="listitem"><p>
'./configure --enable-verbose-logging' was broken, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2312" target="_top">commit 2312</a>.
</p></li><li class="listitem"><p>
PowerDNS would serve up old SOA data immediately after sending out a notification. Complicated bug
documented perfectly in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/427" target="_top">ticket 427</a>, which also came with not one but with two different patches to fix the problem.
Thanks to Keith Buck. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2408" target="_top">commit 2408</a>.
</p></li><li class="listitem"><p>
Flag '--start-id' in zone2sql was not functional. Removed for now in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2387" target="_top">commit 2387</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/332" target="_top">ticket 332</a>.
</p></li><li class="listitem"><p>
Our distribution tarball did not have the SQL schemas. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2459" target="_top">commit 2459</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2460" target="_top">commit 2460</a>.
</p></li><li class="listitem"><p>
"Empty" MX records would confuse one of our parsers. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2468" target="_top">commit 2468</a>, closing Debian bug 533023.
</p></li><li class="listitem"><p>
The pdns.conf 'wildcards'-setting did not do anything in 3.0, so it was removed. Change in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2508" target="_top">commit 2508</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2509" target="_top">commit 2509</a>.
</p></li><li class="listitem"><p>
Additional processing based on records loaded by the BIND backend might fail because of a trailing dot mismatch. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2398" target="_top">commit 2398</a>.
</p></li></ul></div><p>
</p><p>
New features:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Per-zone AXFR ACLs, based on the allow-axfr-ips zone metadata item. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2274" target="_top">commit 2274</a>. Also, remove
some remains of our previous approach to supporting this in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2326" target="_top">commit 2326</a>.
</p></li><li class="listitem"><p>
Alberto Donato and Zsolt Dollenstein implemented autoserial support for the Generic SQL backends. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2290" target="_top">commit 2290</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2294" target="_top">commit 2294</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2296" target="_top">commit 2296</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2299" target="_top">commit 2299</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2300" target="_top">commit 2300</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2303" target="_top">commit 2303</a>. Closes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/52" target="_top">ticket 52</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/299" target="_top">ticket 299</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/301" target="_top">ticket 301</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/336" target="_top">ticket 336</a>.
</p></li><li class="listitem"><p>
New SOA Serial Tweak mode INCEPTION-EPOCH for when operating as a 'signing slave', contributed by Jimmy Bergman. Code and documentation
in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2320" target="_top">commit 2320</a>.
</p></li><li class="listitem"><p>
Newlines in the 'content' field of backends are now allowed, restoring some DKIM setups to working condition.
Update in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2394" target="_top">commit 2394</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/395" target="_top">ticket 395</a>.
</p></li></ul></div><p>
</p><p>
Improvements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Depending on the encoding used, MySQL could take issue with our 'tsigkeys' table which contained very large rows. Trimmed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2400" target="_top">commit 2400</a>,
closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/410" target="_top">ticket 410</a>.
</p></li><li class="listitem"><p>
Various build/configure-related fixes in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2319" target="_top">commit 2319</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2373" target="_top">commit 2373</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2386" target="_top">commit 2386</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/380" target="_top">ticket 380</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/405" target="_top">ticket 405</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/420" target="_top">ticket 420</a>.
</p></li><li class="listitem"><p>
We now show the SOA serial after zone transfers. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2385" target="_top">commit 2385</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/416" target="_top">ticket 416</a>.
</p></li><li class="listitem"><p>
Ruben d'Arco submitted a full rework of our slave-side AXFR TSIG handling, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/393" target="_top">ticket 393</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/400" target="_top">ticket 400</a> in the process. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2506" target="_top">commit 2506</a>. Additional improvement in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2513" target="_top">commit 2513</a>.
</p></li><li class="listitem"><p>
The records.name-column in the gpgsql schema is now constrained to lowercase, as PowerDNS would be unable to find other entries anyway. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2503" target="_top">commit 2503</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/426" target="_top">ticket 426</a>.
</p></li><li class="listitem"><p>
The gsql-backends can now handle huge records, thanks to a patch by Ruben d'Arco. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2476" target="_top">commit 2476</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/407" target="_top">ticket 407</a>. Additional changes in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2292" target="_top">commit 2292</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2487" target="_top">commit 2487</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2489" target="_top">commit 2489</a>. Closes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/218" target="_top">ticket 218</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/316" target="_top">ticket 316</a>.
</p></li><li class="listitem"><p>
Some of PowerDNS' internal classes would work with uninitialized data when repurposed outside of the PowerDNS core logic. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2469" target="_top">commit 2469</a>,
</p></li><li class="listitem"><p>
pdnssec now has 'check-all-zones' and 'rectify-all-zones' commands. Submitted by Ruben d'Arco, code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2467" target="_top">commit 2467</a>.
</p></li><li class="listitem"><p>
'restart' in our init.d-script would not start pdns if it was down before. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2462" target="_top">commit 2462</a>.
</p></li><li class="listitem"><p>
'pdnssec rectify-zone' now honours --verbose and is rather quiet without it. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2443" target="_top">commit 2443</a>.
</p></li><li class="listitem"><p>
Improved error messages for systems without IPv6. Changes in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2425" target="_top">commit 2425</a>.
</p></li><li class="listitem"><p>
The packet- and querycache now honour TTLs from backend data. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2414" target="_top">commit 2414</a>.
</p></li><li class="listitem"><p>
'pdns_control help' now shows useful usage information. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2410" target="_top">commit 2410</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2465" target="_top">commit 2465</a>.
</p></li><li class="listitem"><p>
Jasper Spaans improved our init.d script for compliance with Debian Squeeze. Patch in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2251" target="_top">commit 2251</a>. Further improvement with 'set -e'
to initscript contributed by Marc Haber in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2301" target="_top">commit 2301</a>.
</p></li><li class="listitem"><p>
Klaus Darilion discovered our configuration file template and --help output explained the various cache TTLs wrongly,
and he also added documentation for some missing parameters. <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2271" target="_top">commit 2271</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2272" target="_top">commit 2272</a>.
</p></li><li class="listitem"><p>
Add support for building against Botan 1.10 (stable) and drop support for 1.9 (development). Changes in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2334" target="_top">commit 2334</a>. This fixes
several bugs when building against 1.9.
</p></li><li class="listitem"><p>
Upgrade internal PolarSSL library to their version 1.1.1. Change in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2389" target="_top">commit 2389</a> and beyond.
</p></li><li class="listitem"><p>
Compilation of several backends failed for Boost in non-standard locations. Fixes in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2316" target="_top">commit 2316</a>..
</p></li><li class="listitem"><p>
We now do additional processing for SRV records too. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2388" target="_top">commit 2388</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/423" target="_top">ticket 423</a> (which also contained the patch). Regression test
updates that flow from this in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2390" target="_top">commit 2390</a>.
</p></li><li class="listitem"><p>
Fix compilation on OSX. <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2316" target="_top">commit 2316</a>.
</p></li><li class="listitem"><p>
Fix pdnssec crash when asked to do DNSSEC without a DNSSEC capable backend. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2369" target="_top">commit 2369</a>.
</p></li><li class="listitem"><p>
If PowerDNS was not configured to operate as a DNS master, it would still accept 'pdns_control notify' commands,
but then not do it. Spotted by David Gavarret, patch by Jose Arthur Benetasso Villanova in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2379" target="_top">commit 2379</a>.
</p></li><li class="listitem"><p>
In various places we would only accept UPPERCASE DNS typenames. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2370" target="_top">commit 2370</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/390" target="_top">ticket 390</a>.
</p></li><li class="listitem"><p>
We would not always drop supplemental groups correctly. Reported by David Black of Atlassian.
</p></li><li class="listitem"><p>
Our regression tests have been strengthened a lot, and now cover way more features. Commits in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2280" target="_top">2280</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2281" target="_top">2281</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2282" target="_top">2282</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2317" target="_top">2317</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2348" target="_top">2348</a>,
<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2349" target="_top">2349</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2350" target="_top">2350</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2351" target="_top">2351</a> and beyond.
</p></li><li class="listitem"><p>
Update to support the latest draft of DANE/TLSA. Spotted by James Cloos (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2338" target="_top">commit 2338</a>). Further improvements by Pieter Lexis in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2347" target="_top">commit 2347</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2358" target="_top">commit 2358</a>.
</p></li><li class="listitem"><p>
Compilation on OpenBSD was eased by patches from Brad Smith, which can be found in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2288" target="_top">commit 2288</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2291" target="_top">commit 2291</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/95" target="_top">ticket 95</a>.
</p></li><li class="listitem"><p>
'make check' failed on the internal PolarSSL. Spotted by Daniel Briley, fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2283" target="_top">commit 2283</a>.
</p></li><li class="listitem"><p>
The default SQL schemas were expanded to contain far longer content fields. <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2292" target="_top">commit 2292</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2293" target="_top">commit 2293</a>.
</p></li><li class="listitem"><p>
Documentation typos, Jake Spencer (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2304" target="_top">commit 2304</a>), Jose Arthur Benetasso Villanova (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2337" target="_top">commit 2337</a>). Code typos in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2324" target="_top">commit 2324</a> (closes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/296" target="_top">ticket 296</a>).
</p></li><li class="listitem"><p>
Manpage updates from Debian, provided by Matthijs Möhlmann. Content in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2306" target="_top">commit 2306</a>.
</p></li><li class="listitem"><p>
pdnssec rectify-zone can now accept multiple zones at the same time. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2383" target="_top">commit 2383</a>.
</p></li><li class="listitem"><p>
As suggested in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/416" target="_top">ticket 416</a>, we now log the SOA serial number after committing an AXFRed zone to the backend. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2385" target="_top">commit 2385</a>.
</p></li><li class="listitem"><p>
Pick up location of sqlite3 libraries using pkg-config. Implemented using a variation of the patch found in the, now closed, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/380" target="_top">ticket 380</a>. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2386" target="_top">commit 2386</a>.
</p></li><li class="listitem"><p>
Documented 'pdnssec --verbose' flag is now accepted. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2384" target="_top">commit 2384</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/404" target="_top">ticket 404</a>.
</p></li><li class="listitem"><p>
'pdnssec --help' now lists all supported signing algorithms. Suggested by Jose Arthur Benetasso Villanova.
</p></li><li class="listitem"><p>
PIPE backend example script with edns-subnet support was improved to actually use edns-subnet field. Plus update
PIPE backend documentation. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2285" target="_top">commit 2285</a>, more documentation regarding MX and SRV in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2313" target="_top">commit 2313</a>.
</p></li><li class="listitem"><p>
edns-subnet fields now also output in logfile when available (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2321" target="_top">commit 2321</a>).
</p></li><li class="listitem"><p>
When running with virtualized configuration files, we now allow dashes in the configuration name. Suggested by Marc Haber,
code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2295" target="_top">commit 2295</a>. Further fixes by Brielle Bruns in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2327" target="_top">commit 2327</a>.
</p></li><li class="listitem"><p>
Compilation fixes for GNU/Hurd in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2307" target="_top">commit 2307</a> via Matthijs Möhlmann.
</p></li><li class="listitem"><p>
Marc Haber improved our Debian packaging scripts for smoother upgrades. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2315" target="_top">commit 2315</a>.
</p></li><li class="listitem"><p>
When failing to bind to an IP address, report to which one it failed. <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2325" target="_top">commit 2325</a>.
</p></li><li class="listitem"><p>
Supermaster checks were performed synchronously, leading to the possibilities of slowdowns.
Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2402" target="_top">commit 2402</a>.
</p></li></ul></div><p>
</p><p>
Other changes:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Removed the deprecated non-generic mysqlbackend, in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2488" target="_top">commit 2488</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2514" target="_top">commit 2514</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2515" target="_top">commit 2515</a>.
</p></li><li class="listitem"><p>
Removed the deprecated 'pdnsbackend', in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2490" target="_top">commit 2490</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2516" target="_top">commit 2516</a>.
</p></li><li class="listitem"><p>
Removed GRANT statements from the gpgsql schema, as we can't assume they will work for everyone. Change in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2493" target="_top">commit 2493</a>.
</p></li></ul></div><p>
</p><p>
Tickets closed but not associated with a commit:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
<a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/125" target="_top">ticket 125</a>: "PowerDNS offers wild card info. when it is not queried for."
</p></li><li class="listitem"><p>
<a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/219" target="_top">ticket 219</a>: "Accept NOTIFY from masters on non-standard port"
</p></li><li class="listitem"><p>
<a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/247" target="_top">ticket 247</a>: "pdns caching weirdness with recursion-desired flag"
</p></li><li class="listitem"><p>
<a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/253" target="_top">ticket 253</a>: "bind backend crashes on long comment line in included file"
</p></li><li class="listitem"><p>
<a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/271" target="_top">ticket 271</a>: "PowerDNS Server responding with out-of-zone authority section in case there is a cname"
</p></li><li class="listitem"><p>
<a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/304" target="_top">ticket 304</a>: "also-notify option for pdns, also gives also-notify for bindbackend."
</p></li><li class="listitem"><p>
<a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/311" target="_top">ticket 311</a>: "PowerDNSSEC responding with SERVFAIL upon IN A query for a CNAME"
</p></li><li class="listitem"><p>
<a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/325" target="_top">ticket 325</a>: "CNAME working strange!"
</p></li><li class="listitem"><p>
<a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/376" target="_top">ticket 376</a>: "Unable to create long TXT records"
</p></li><li class="listitem"><p>
<a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/412" target="_top">ticket 412</a>: "--without-lua doesn't disable lua"
</p></li><li class="listitem"><p>
<a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/415" target="_top">ticket 415</a>: "Signing thread died during AXFR of signed domain"
</p></li><li class="listitem"><p>
<a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/422" target="_top">ticket 422</a>: "ecdsa256 keys bug"
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.3. Authoritative Server version 2.9.22.6"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-auth-2-9-22-6"></a>3.3. Authoritative Server version 2.9.22.6</h3></div></div></div><p>
The improvements to the master/slave engine in 2.9.22.5 contained one serious bug that can cause crashes
on busy setups. 2.9.22.6 fixes this crash.
</p></div><div class="sect2" title="3.4. Authoritative Server version 2.9.22.5"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-auth-2-9-22-5"></a>3.4. Authoritative Server version 2.9.22.5</h3></div></div></div><p>
2.9.22.5 is an interim release for those not yet ready to make the jump to 3.0, but do need a more
recent version of the Authoritative Server. It also contains the patch from <a class="xref" href="powerdns-advisory-2012-01.html" title="12. PowerDNS Security Advisory 2012-01: PowerDNS Authoritative Server can be caused to generate a traffic loop">Section 12, “PowerDNS Security Advisory 2012-01: PowerDNS Authoritative Server can be caused to generate a traffic loop”</a>
</p><p>
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Improved performance of master/slave engine, especially when hosting tens or hundreds of thousands of slave zones.
Code in commits <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1657" target="_top">1657</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1658" target="_top">1658</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1661" target="_top">1661</a> (which also brings multi-master support), <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1662" target="_top">1662</a> (non-standard ports for masters),
<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1664" target="_top">1664</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1665" target="_top">1665</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1666" target="_top">1666</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1667" target="_top">1667</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1672" target="_top">1672</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1673" target="_top">1673</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2063" target="_top">2063</a>).
</p></li><li class="listitem"><p>
Compilation fixes for more modern compilers (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1660" target="_top">commit 1660</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1694" target="_top">commit 1694</a>)
</p></li><li class="listitem"><p>
Don't crash on communication error with pdns_control (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2015" target="_top">commit 2015</a>).
</p></li><li class="listitem"><p>
Packet cache fixes for UltraSPARC (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1663" target="_top">commit 1663</a>)
</p></li><li class="listitem"><p>
Fix crashes in the BIND backend (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1693" target="_top">commit 1693</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1692" target="_top">commit 1692</a>)
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.5. PowerDNS Authoritative Server 3.0.1"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-auth-3-0-1"></a>3.5. PowerDNS Authoritative Server 3.0.1</h3></div></div></div><p>
</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Warning"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Warning]" src="warning.png" /></td><th align="left">Warning</th></tr><tr><td align="left" valign="top"><p>The DNSSEC implementation of PowerDNS Authoritative Server 3.0 and 3.0.1 contains many issues regarding
CNAMES, wildcards and (in)secure delegations. If you use any of these, and you use DNSSEC you MUST upgrade to 3.1 or beyond!</p></td></tr></table></div><p>
3.0.1 consists of 3.0, plus the patch from <a class="xref" href="powerdns-advisory-2012-01.html" title="12. PowerDNS Security Advisory 2012-01: PowerDNS Authoritative Server can be caused to generate a traffic loop">Section 12, “PowerDNS Security Advisory 2012-01: PowerDNS Authoritative Server can be caused to generate a traffic loop”</a>
</p></div><div class="sect2" title="3.6. PowerDNS Authoritative Server 3.0"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-auth-3-0"></a>3.6. PowerDNS Authoritative Server 3.0</h3></div></div></div><p>
</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Warning"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Warning]" src="warning.png" /></td><th align="left">Warning</th></tr><tr><td align="left" valign="top"><p>Version 3.0 of the PowerDNS Authoritative Server is a major upgrade.
Please refer to <a class="xref" href="upgrades.html#from2.9to3.0" title="1. From PowerDNS Authoritative Server 2.9.x to 3.0">Section 1, “From PowerDNS Authoritative Server 2.9.x to 3.0”</a> for important information on
correct and stable operation, as well as notes on performance and memory use.</p></td></tr></table></div><p>
</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Warning"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Warning]" src="warning.png" /></td><th align="left">Warning</th></tr><tr><td align="left" valign="top"><p>The DNSSEC implementation of PowerDNS Authoritative Server 3.0 and 3.0.1 contains many issues regarding
CNAMES, wildcards and (in)secure delegations. If you use any of these, and you use DNSSEC you MUST upgrade to 3.1 or beyond!</p></td></tr></table></div><p>
</p><p>
Known issues as of RC3 include:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Not all new features are fully documented yet</p></li></ul></div><p>
</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Note"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Note]" src="note.png" /></td><th align="left">Note</th></tr><tr><td align="left" valign="top"><p>Released on the 22nd of July 2011</p><p>RC1 released on the 4th of April 2011</p><p>RC2 released on the 19th of April 2011</p><p>RC3 released on the 19th of July 2011</p></td></tr></table></div><p>
Version 3.0 of the PowerDNS Authoritative Server brings a number of important features, as
well as over two years of accumulated bug fixing.
</p><p>
The largest news in 3.0 is of course the advent of DNSSEC. Not only does PowerDNS now (finally)
support DNSSEC, we think that our support of this important protocol is among the easiest to use available.
In addition, all important algorithms are supported.
</p><p>
Complete detail can be found in <a class="xref" href="powerdnssec-auth.html" title="Chapter 12. Serving authoritative DNSSEC data">Chapter 12, <i>Serving authoritative DNSSEC data</i></a>. The goal of 'PowerDNSSEC' is to allow
existing PowerDNS installations to start serving DNSSEC with as little hassle as possible,
while maintaining performance and achieving high levels of security.
</p><p>
Tutorials and examples of how to use DNSSEC in PowerDNS can be found linked from <a class="ulink" href="http://powerdnssec.org" target="_top">http://powerdnssec.org</a>.
</p><p>
PowerDNS Authoritative Server 3.0 development has been made possible by the financial and moral support of:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><a class="ulink" href="http://www.afnic.fr/" target="_top">AFNIC, the French registry</a></p></li><li class="listitem"><p><a class="ulink" href="http://www.ipcom.at/en/dns/rcodezero_anycast/" target="_top">IPCom's RcodeZero Anycast DNS</a>, a subsidiary of NIC.AT, the Austrian registry</p></li><li class="listitem"><p><a class="ulink" href="http://www.sidn.nl/" target="_top">SIDN, the Dutch registry</a></p></li><li class="listitem"><p>.. (awaiting details) ..</p></li></ul></div><p>
</p><p>
This release has received exceptional levels of community support, and we'd like to thank the following people
in addition to those mentioned explicitly below:
Peter Koch (DENIC), Olaf Kolkman (NLNetLabs), Wouter Wijngaards (NLNetLabs), Marco Davids (SIDN), Markus Travaille (SIDN),
Leen Besselink, Antoin Verschuren (SIDN), Olafur Guðmundsson (IETF), Dan Kaminsky (Recursion Ventures), Roy Arends (Nominet),
Miek Gieben (SIDN), Stephane Bortzmeyer (AFNIC), Michael Braunoeder (nic.at), Peter van Dijk, Maik Zumstrull,
Jose Arthur Benetasso Villanova (Locaweb), Stefan Schmidt, Roland van Rijswijk (Surfnet), Paul Bakker (Brainspark/Fox-IT),
Mathew Hennessy, Johannes Kuehrer (Austrian World4You GmbH), Marc van de Geijn (bHosted.nl), Stefan Arentz and
Martin van Hensbergen (Fox-IT), Christof Meerwald, Detlef Peeters, Jack Lloyd, Frank Altpeter, Fredrik Danerklint, Vasiliy G Tolstov,
Brielle Bruns, Evan Hunt, Ralf van der Enden, Marc Laros, Serge
Belyshev, Christian Hofstaedtler, Charlie Smurthwaite, Nikolaos
Milas, ..
</p><p>
Changes between RC3 and final:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Slight tweak to the pipebackend to ease DNSSEC operations (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2239" target="_top">commit 2239</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2247" target="_top">commit 2247</a>). Also fix pipebackend support in pdnssec tool (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2244" target="_top">commit 2244</a>).
</p></li><li class="listitem"><p>
Upgrade the experimental native Lua backend to the latest version from Fredrik Danerklint (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2240" target="_top">commit 2240</a>) and include this backend in the .deb packages (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2242" target="_top">commit 2242</a>)
</p></li><li class="listitem"><p>
Remove IPv6 dependency, it was only possible to run master/slave operations on a server with at least one IPv6 address. Some very old virtualized setups
turned out to have no IPv6 at all. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2246" target="_top">commit 2246</a>.
</p></li></ul></div><p>
</p><p>
Changes between RC2 and RC3:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
PowerDNS Authoritative Server could not be configured to use an IPv6 based resolving backend. Solved in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2191" target="_top">commit 2191</a>.
</p></li><li class="listitem"><p>
LDAP backend reconfigured the timezone (TZ) setting of the daemon, leading to confusing logfile entries. Fixed by
Christian Hofstaedtler in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2913" target="_top">commit 2913</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/313" target="_top">ticket 313</a>.
</p></li><li class="listitem"><p>
Non-DNSSEC capable backends could crash on DNSSEC queries. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2194" target="_top">commit 2194</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2196" target="_top">commit 2196</a> (thanks to Charlie Smurthwaite) closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/360" target="_top">ticket 360</a>.
</p></li><li class="listitem"><p>
Errors looking up a UID or GID were reported confusingly ('Success'), fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2195" target="_top">commit 2195</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/359" target="_top">ticket 359</a>.
</p></li><li class="listitem"><p>
Fix compilation against older MySQL, client libraries (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2198" target="_top">commit 2198</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2199" target="_top">commit 2199</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2204" target="_top">commit 2204</a>), especially for older RHEL/CentOS. Also addresses
the failure to look in lib64 directory for PostgreSQL.
</p></li><li class="listitem"><p>
Sqlite3 needs write access not just to its database file, but also to the directory it is in. If this wasn't the case,
no useful error message was provided. Improvement in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2202" target="_top">commit 2202</a>.
</p></li><li class="listitem"><p>
Update of MongoDB backend (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2203" target="_top">commit 2203</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2212" target="_top">commit 2212</a>).
</p></li><li class="listitem"><p>
'pdnssec hash-zone-record' emitted an inverted warning about narrow NSEC3 hashes. Spotted by Jan-Piet Mens, fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2205" target="_top">commit 2205</a>.
</p></li><li class="listitem"><p>
PowerDNS can fill out default fields for SOA records, but neglected to do so if the SOA record was matched by an incoming ANY question.
Spotted by Marc Laros & others. Fixes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/357" target="_top">ticket 357</a>, code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2206" target="_top">commit 2206</a>.
</p></li><li class="listitem"><p>
PowerDNS would mistreat binary data in TXT records. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2207" target="_top">commit 2207</a>. Again spotted by Jan-Piet Mens. Closes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/356" target="_top">ticket 356</a>.
</p></li><li class="listitem"><p>
Add experimental Lua backend by our star contributor Fredrik Danerklint. <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2208" target="_top">commit 2208</a>.
</p></li><li class="listitem"><p>
Christoph Meerwald discovered our RRSIG freshness checking checked more than the intended RRSIG (on the SOA record). Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2209" target="_top">commit 2209</a>.
</p></li><li class="listitem"><p>
Christoph Meerwald discovered we got confused by TSIG signed EDNS-adorned queries, since we expected the EDNS OPT pseudorecord to be
the very last record. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2214" target="_top">commit 2214</a>.
</p></li><li class="listitem"><p>
Christoph Meerwald discovered that when using SOA outgoing editing we would sign and THEN edit. This was not productive. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2215" target="_top">commit 2215</a>.
</p></li><li class="listitem"><p>
Add missing-but-documented pdnssec command 'disable-dnssec'. Spotted by Craig Whitmore. Plus fixed misleading --help output. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2216" target="_top">commit 2216</a>.
</p></li><li class="listitem"><p>
By popular demand, a tweak which makes an overloaded database no longer restart PowerDNS but to drop queries until the database is available again.
Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2217" target="_top">commit 2217</a>, lightly tested. Enable by setting 'overload-queue-length=100' (for example).
</p></li><li class="listitem"><p>
By suggestion of Miek Gieben of SIDN, add SOA-EDIT mode 'EPOCH' which sets the SOA serial number to the 'UNIX time'. Implemented in
<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2218" target="_top">commit 2218</a>.
</p></li><li class="listitem"><p>
Added some US export control & ECCN to documentation, needed because of DNSSEC content. Update in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2219" target="_top">commit 2219</a>.
</p></li><li class="listitem"><p>
Fix up various spelling mistakes and badly formatted messages (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2220" target="_top">commit 2220</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2221" target="_top">commit 2221</a>) by Maik Zumstrull and 'anonymous'.
</p></li><li class="listitem"><p>
After a lot of thought, we now handle CNAMEs to names outside our knowledge ('bailiwick') exactly as in BIND 9.8.0, even though
our way was standards compliant too. It confused things. Update in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2222" target="_top">commit 2222</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2224" target="_top">commit 2224</a>.
</p></li><li class="listitem"><p>
Tweak sqlite3 library location detection for newer Ubuntu versions. Change in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2223" target="_top">commit 2223</a>.
</p></li><li class="listitem"><p>
DNSSEC SQL schema improvements allowing for the use of constraints and foreign keys in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2225" target="_top">commit 2225</a>, by Gerald Gruenberg, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/371" target="_top">ticket 371</a>.
</p></li><li class="listitem"><p>
Add support for EDNS option 'edns-subnet', based on draft-vandergaast-edns-client-subnet (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2226" target="_top">commit 2226</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2228" target="_top">commit 2228</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2229" target="_top">commit 2229</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2230" target="_top">commit 2230</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2231" target="_top">commit 2231</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2233" target="_top">commit 2233</a>).
</p></li><li class="listitem"><p>
Silence SIGCHLD warning from Perl when used to power 'pipe' backends (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2232" target="_top">commit 2232</a>).
</p></li><li class="listitem"><p>
Add experimental support, off by default, for
draft-edns-subnet. See <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2233" target="_top">commit 2233</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2239" target="_top">commit 2239</a> for details how to use
this feature.
</p></li><li class="listitem"><p>
PostgreSQL and LDAP backends can now deal with a restart of
their respective servers. Many thanks to Peter van Dijk for
debugging and Nikolaos Milas for supplying a reproduction
path of the problem (& much nagging). Fixes in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2233" target="_top">commit 2233</a> and
<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2235" target="_top">commit 2235</a>.
</p></li><li class="listitem"><p>
Jan-Piet Mens discovered that records inserted by Lua on zone retrieval did not get correct 'ordername' and 'auth' fields for DNSSEC.
Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2174" target="_top">commit 2174</a>.
</p></li><li class="listitem"><p>
Silenced various relevant and less relevant compilation warnings (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2175" target="_top">commit 2175</a>). Thanks to Serge Belyshev for pointing out the error
in our ways.
</p></li><li class="listitem"><p>
Steve Bauer discovered we would cache empty recursive answers in some cases. Addressed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2176" target="_top">commit 2176</a>.
</p></li><li class="listitem"><p>
James Cloos reported that 'pdnssec check-zone' tripped over SRV records. Fixed this, and added check-zone to the regression tests.
Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2177" target="_top">commit 2177</a>.
</p></li><li class="listitem"><p>
DNSSEC regression tests were added in commits <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2178" target="_top">2178</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2179" target="_top">2179</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2182" target="_top">2182</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2186" target="_top">2186</a> We test against the fine tools from NLNetLabs.
</p></li><li class="listitem"><p>
Secure DNSSEC delegations to ourselves picked wrong zone to serve the DS record from. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2180" target="_top">commit 2180</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2181" target="_top">commit 2181</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2183" target="_top">commit 2183</a>.
reported by Niek Willems of InterNLnet.
</p></li><li class="listitem"><p>
Stef Van Dessel suggested we made our RPMs state explicitly that they need glibc 2.4 on Linux. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2184" target="_top">commit 2184</a>.
</p></li><li class="listitem"><p>
John Leach discovered our MySQL based backends would wait for ages on a failing MySQL server.
The patch merged in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2189" target="_top">commit 2189</a> reduces the timeout significantly, which is especially useful with haproxy and mysqlproxy.
</p></li><li class="listitem"><p>
<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2190" target="_top">commit 2190</a> fixes a crash reported by Marc Laros when using a non-DNSSEC capable backend. Should also improve non-DNSSEC performance.
</p></li></ul></div><p>
</p><p>
Changes between RC1 and RC2:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Zone2sql sent out the wrong 'COMMIT' statement in sqlite mode. In addition, in this mode, zone2sql would not emit statements
to update the domains table unless the 'slave' setting was chosen. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2167" target="_top">commit 2167</a>.
</p></li><li class="listitem"><p>
We dropped the Authoritative Answer flag on an out-of-bailiwick CNAME referral, which was unnecessary. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2170" target="_top">commit 2170</a>.
</p></li><li class="listitem"><p>
Kees Monshouwer discovered that we failed to detect the location of PostgreSQL on RHEL/CentOS. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2144" target="_top">commit 2144</a>. In addition,
<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2162" target="_top">commit 2162</a> eases detection of MySQL on RHEL/CentOS 64 bits systems.
</p></li><li class="listitem"><p>
Marc Laros re-reported an old bug in the internally used 'pdns' backend where details of the SOA record were not filled out correctly.
Resolved in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2145" target="_top">commit 2145</a>.
</p></li><li class="listitem"><p>
Jan-Piet Mens found that our TSIG signed SOA zone freshness check was signed incorrectly. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2147" target="_top">commit 2147</a>. Improved error
messages that helped debug this issue in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2148" target="_top">commit 2148</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2149" target="_top">commit 2149</a>.
</p></li><li class="listitem"><p>
Jan-Piet Mens helped debug an issue where some servers were "almost always" unable to transfer a TSIG signed zone correctly.
Turns out that the TSIG signing code used an internal timestamp and not the remote timestamp. Because of good NTP synchronization
this quite often was not a problem. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2159" target="_top">commit 2159</a>.
</p></li><li class="listitem"><p>
Thor Spruyt of Telenet discovered that the PowerDNS code would try to emit DNS answers over TCP of over 65535 bytes long, which failed.
We now truncate such answers properly. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2150" target="_top">commit 2150</a>.
</p></li><li class="listitem"><p>
The Slave engine now reuses an existing database connection, removing the need to create a new database connection every minute (and worse, log about it).
Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2153" target="_top">commit 2153</a>.
</p></li><li class="listitem"><p>
Fix a potential Year 2106 bug in the TSIG signing code. Because we care (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2156" target="_top">commit 2156</a>).
</p></li><li class="listitem"><p>
Added experimental support for the 'DANE' TLSA record which is used to authenticate SSL certificates via DNSSEC. <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2161" target="_top">commit 2161</a>.
</p></li><li class="listitem"><p>
Added experimental support for the MongoDB 'NoSQL' backend, contributed by Fredrik Danerklint in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2162" target="_top">commit 2162</a>.
</p></li></ul></div><p>
</p><p>
On to the release notes. Next to DNSSEC, other major new features include:
</p><p>
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
TSIG for authorizing and authenticating AXFR requests & incoming zone transfers (Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2024" target="_top">2024</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2025" target="_top">2025</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2033" target="_top">2033</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2034" target="_top">2034</a>).
This allows for retrieving TSIG protected content, as well as serving it.
</p></li><li class="listitem"><p>
Per zone also-notify.
</p></li><li class="listitem"><p>
MyDNS compatible backend, allowing for 'instantaneous' migration from this authoritative nameserver. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1418" target="_top">commit 1418</a>, contributed
by Jonathan Oddy.
</p></li><li class="listitem"><p>
PowerDNS can now slave zones over IPv6 and notify IPv6 remotes of updates. Already. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2009" target="_top">commit 2009</a> and beyond.
</p></li><li class="listitem"><p>
Lua based incoming zone editing, allowing masters or signing slaves to add information to the zone they will (re-)serve. Implemented
in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2065" target="_top">commit 2065</a>. To enable, use LUA-AXFR-SCRIPT zone metadata setting.
</p></li><li class="listitem"><p>
Native Oracle backend with full DNSSEC support. Contributed by Maik Zumstrull, then at the Steinbuch
Centre for Computing at the Karlsruhe Institute of Technology.
</p></li><li class="listitem"><p>
"Also-notify" support, implemented by Aki Tuomi in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1400" target="_top">commit 1400</a>. Support for Generic SQL backends and
for the BIND backend. Further code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1360" target="_top">commit 1360</a>.
</p></li><li class="listitem"><p>
Support for binding to thousands of IP addresses, code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1443" target="_top">commit 1443</a>.
</p></li><li class="listitem"><p>
Generic MySQL backend now supports stored procedures. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2084" target="_top">commit 2084</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/231" target="_top">ticket 231</a>.
</p></li><li class="listitem"><p>
Generic ODBC backend compiles again, and is reported to work for some users that need it. Code contributed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/309" target="_top">ticket 309</a>,
author unknown.
</p></li><li class="listitem"><p>
Massively parallel slaving infrastructure, able to check the freshness of thousands of remote
zones per second, plus perform many incoming zone transfers simultaneously. Sponsored by Tyler Hall,
code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1449" target="_top">1449</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1500" target="_top">1500</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1859" target="_top">1859</a>
</p></li><li class="listitem"><p>
Core DNS logic replaced completely to deal with the brave new world of DNSSEC.
</p></li></ul></div><p>
Bugs fixed:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
sqlite2 and sqlite3 backends used MySQL-style escaping, leading to SQL
errors in some cases. Discovered by Sten Spans. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1342" target="_top">commit 1342</a>.
</p></li><li class="listitem"><p>
Internal webserver no longer prints '1e2%'. Bug rediscovered by Jeff Sipek. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1342" target="_top">commit 1342</a>.
</p></li><li class="listitem"><p>
PowerDNS would refuse to serve domain names with spaces in them, or otherwise non-printable characters. Addressed in
<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2081" target="_top">commit 2081</a>.
</p></li><li class="listitem"><p>
PowerDNS can now serve escaped labels, as described by RFC 4343. Data should be present in backends
in that escaped form. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2089" target="_top">commit 2089</a>.
</p></li><li class="listitem"><p>
In some cases, we would include duplicate CNAMEs. In addition, we would hand out
a full root-referral when not configured to in some cases (ticket <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/223" target="_top">223</a>). Discovered by Andreas Jakum, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1344" target="_top">commit 1344</a>.
</p></li><li class="listitem"><p>
Shane Kerr discovered we would corrupt DNS transaction IDs from the packet cache on big endian systems.
Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1346" target="_top">commit 1346</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/222" target="_top">ticket 222</a>.
</p></li><li class="listitem"><p>
PowerDNS did not use RFC 1982 serial arithmetic, leading to a SOA serial number of 1 to be regarded as older than 4400000000, when in fact
it is 'newer'. Issue (re-)discovered by Jan-Piet Mens.
</p></li><li class="listitem"><p>
BIND backend got confused of a zone's file name changed after a configuration reload.
Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1347" target="_top">commit 1347</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/228" target="_top">ticket 228</a>.
</p></li><li class="listitem"><p>
When restarted by the Guardian, PowerDNS will perform a full multi-threaded cache cleanup, which
took a long time and could crash. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1364" target="_top">commit 1364</a>.
</p></li><li class="listitem"><p>
Under artificial circumstances, PowerDNS would never clean its packet cache. Found by Marcus Goller, fix in
<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1399" target="_top">commit 1399</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1408" target="_top">commit 1408</a>. This update also retunes the cleanup frequency.
</p></li><li class="listitem"><p>
Packetcache would cache things it should not have been caching. Fixes in commits <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1407" target="_top">1407</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1488" target="_top">1488</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1869" target="_top">1869</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1880" target="_top">1880</a>
</p></li><li class="listitem"><p>
When processing incoming notifications, the BIND backend was case-sensitive, and would disregard
notifications in the wrong case. Discovered by 'Dolphin', fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1420" target="_top">commit 1420</a>.
</p></li><li class="listitem"><p>
The init.d script did not mention the 'reload' command. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1463" target="_top">commit 1463</a>, closes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/233" target="_top">ticket 233</a>.
</p></li><li class="listitem"><p>
Generic SQL Backends would sometimes emit obscure error messages. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2049" target="_top">commit 2049</a>.
</p></li><li class="listitem"><p>
PowerDNS would be confused by embedded NULs in domain names, and would also
mess up the escaping of some characters. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1468" target="_top">commit 1468</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1469" target="_top">commit 1469</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1478" target="_top">commit 1478</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1480" target="_top">commit 1480</a>,
</p></li><li class="listitem"><p>
SOA queries for the name of a delegation point were not referred. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1466" target="_top">commit 1466</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/224" target="_top">ticket 224</a>.
In addition, queries for AAAA for a CNAMEd record pointing to a name with no AAAA would deliver
a direct SOA, without the CNAME in between. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1542" target="_top">commit 1542</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1607" target="_top">commit 1607</a>.
Also, wildcard CNAMEs pointing to a record without the type requested suffered from the same issue, fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1543" target="_top">commit 1543</a>.
</p></li><li class="listitem"><p>
On processing an incoming AXFR, once an MX or SRV record had been seen, all future fields
got a 'priority' entry as well. This had no operational impact, but looked messy. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1437" target="_top">commit 1437</a>.
</p></li><li class="listitem"><p>
Aki Tuomi discovered that the BIND zone file parser would misrepresent 'something IN MX 15 @'. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1621" target="_top">commit 1621</a>.
</p></li><li class="listitem"><p>
Marco Davids discovered the BIND zone file parser would trip over really long lines. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1624" target="_top">commit 1624</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1625" target="_top">commit 1625</a>.
</p></li><li class="listitem"><p>
Thomas Mieslinger discovered that our webserver would only be started after dropping privileges,
which could cause problems. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1629" target="_top">commit 1629</a>.
</p></li><li class="listitem"><p>
Zone2sql did quite often not do exactly what was required, which users fixed by editing the SQL output.
Revamped in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2032" target="_top">commit 2032</a>.
</p></li><li class="listitem"><p>
An Ubuntu user discovered in Launchpad bug 600479 that restarting database threads
cost a lot of memory. Normally this is rare, except in case of problems. Addressed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1676" target="_top">commit 1676</a>.
</p></li><li class="listitem"><p>
BIND backend could crash under (very) high load with very large numbers of zones (hundreds of thousands).
Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1690" target="_top">commit 1690</a>.
</p></li><li class="listitem"><p>
Miek Gieben and Marco Davids spotted that PowerDNS would answer the version.bind query in the IN class too.
Bug reported via twitter! Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1709" target="_top">commit 1709</a>.
</p></li><li class="listitem"><p>
Marcus Lauer and the OpenDNSSEC project discovered that outgoing notifications did not carry the 'aa' flag.
Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1746" target="_top">commit 1746</a>.
</p></li><li class="listitem"><p>
Debugging PowerDNS, or backgrounding it, could cause crashes. Fixed by Anders Kaseorg in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1747" target="_top">commit 1747</a>.
</p></li><li class="listitem"><p>
Fixed a bug that could cause crashes on launching thousands of backend connections. Never observed to occur,
but who knows. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1792" target="_top">commit 1792</a>.
</p></li><li class="listitem"><p>
Under some circumstances, large answers could be truncated in mid-record. While technically legal,
this upset a number of resolver implementations (including the PowerDNS Recursor!). Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1830" target="_top">commit 1830</a>, re-closes
<a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/200" target="_top">ticket 200</a>.
</p></li><li class="listitem"><p>
Jan Piet Mens and Florian Weimer discovered we had problems dealing with escaped labels and escaped TXT
fields. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2000" target="_top">commit 2000</a>.
</p></li><li class="listitem"><p>
After 2.2 billion queries, statistics would wrap oddly. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2019" target="_top">commit 2019</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/327" target="_top">ticket 327</a>.
</p></li></ul></div><p>
Improvements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Long TXT records are now split into 255-byte components automatically. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1340" target="_top">commit 1340</a>, reported by Darren Gamble
in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/188" target="_top">ticket 188</a>.
</p></li><li class="listitem"><p>
When receiving large numbers of notifications, PowerDNS would check these synchronously, leading to a slowdown
for other services. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2058" target="_top">commit 2058</a>, problem diagnosed by Richard Poole of Heart Internet.
</p></li><li class="listitem"><p>
Fixed compilation on newer compilers and newer versions of Boost.
Changes in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1345" target="_top">1345</a> (closes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/227" target="_top">ticket 227</a>), <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1391" target="_top">1391</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1394" target="_top">1394</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1425" target="_top">1425</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1427" target="_top">1427</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1428" target="_top">1428</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1429" target="_top">1429</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1440" target="_top">1440</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1653" target="_top">1653</a>, thanks to Ruben Kerkhof and others.
</p></li><li class="listitem"><p>
Moved Generic PostgreSQL backend over to the newer E'' style escapes. <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2094" target="_top">commit 2094</a>.
</p></li><li class="listitem"><p>
Compilation fixes for Mac OS X 10.5.7 in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1389" target="_top">commit 1389</a>, thanks to Tobias Markmann.
</p></li><li class="listitem"><p>
We can now bind to scoped IPv6 addresses, lack spotted by Darren Gamble. Part of the fix is in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2018" target="_top">commit 2018</a>.
</p></li><li class="listitem"><p>
Built-in query cache can now also cache queries which lead to multiple answers. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/2069" target="_top">commit 2069</a>.
</p></li><li class="listitem"><p>
Prodded on by Jan Piet Mens, we now support 'unknown types' (which look like TYPE65534).
</p></li><li class="listitem"><p>
Add 'slave-renotify' to retransmit notifies for slaved zones, which is helpful when acting as a 'signing slave'
for a hidden master. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1950" target="_top">commit 1950</a>.
</p></li><li class="listitem"><p>
No longer let zone2sql and zone2ldap import BIND 'hint' zones. <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1998" target="_top">commit 1998</a>.
</p></li><li class="listitem"><p>
Allow for timestamps to explicitly be specified in (s)econds. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1398" target="_top">commit 1398</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/250" target="_top">ticket 250</a>.
</p></li><li class="listitem"><p>
Zones with URL and MBOXFW records can be transferred over AXFR, code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1464" target="_top">commit 1464</a>.
</p></li><li class="listitem"><p>
Maik Zumstrull cleaned up the BIND Backend makefile, plus taught our init.d script to read /etc/default/pdns.
Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1601" target="_top">commit 1601</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1602" target="_top">commit 1602</a>.
</p></li><li class="listitem"><p>
Generic SQL backends now support multiple masters in the domains table. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1857" target="_top">commit 1857</a>. Additionally,
masters can also have :port numbers. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1858" target="_top">commit 1858</a>.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.7. Recursor version 3.3.1"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-recursor-3-3-1"></a>3.7. Recursor version 3.3.1 </h3></div></div></div><p>
</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Warning"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Warning]" src="warning.png" /></td><th align="left">Warning</th></tr><tr><td align="left" valign="top"><p>
Unreleased
</p></td></tr></table></div><p>
</p><p>
Version 3.3.1 contains a small number of important fixes, adds some memory usage statistics, but no new features.
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Discovered by John J and Robin J, the PowerDNS Recursor did not process packets that were truncated in mid-record, and also did not act
on the 'truncated' (TC) flag in that case. This broke a very small number of domains, most of them served by very old versions of the
PowerDNS Authoritative Server. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1740" target="_top">commit 1740</a>.
</p></li><li class="listitem"><p>
PowerDNS emitted a harmless, but irritating, error message on receiving certain very short packets. Discovered by Winfried A and John J, fix
in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1729" target="_top">commit 1729</a>.
</p></li><li class="listitem"><p>
PowerDNS could crash on startup if configured to provide service on malformed IPv6 addresses on FreeBSD, or in case when the FreeBSD kernel
was compiled without any form of IPv6 support. Debugged by Bryan Seitz, fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1727" target="_top">commit 1727</a>.
</p></li><li class="listitem"><p>
Add max-mthread-stack metric to debug rare crashes. Could be used to save memory on constrained systems. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1745" target="_top">commit 1745</a>.
</p></li><li class="listitem"><p>
Add cache-bytes and packetcache-bytes metrics to measure our 'pre-malloc' memory utilization. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1750" target="_top">commit 1750</a>.
</p></li></ul></div></div><div class="sect2" title="3.8. Recursor version 3.3"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-recursor-3-3"></a>3.8. Recursor version 3.3 </h3></div></div></div><p>
</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Warning"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Warning]" src="warning.png" /></td><th align="left">Warning</th></tr><tr><td align="left" valign="top"><p>
Released on the 22nd of September 2010.
</p></td></tr></table></div><p>
</p><p>
Version 3.3 fixes a number of small but persistent issues, rounds off our IPv6 %link-level support and adds
an important feature for many users of the Lua scripts.
</p><p>
In addition, scalability on Solaris 10 is improved.
</p><p>
Bug fixes:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
'dist-recursor' script was not compatible with pure POSIX /bin/sh, discovered by Simon Kirby. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1545" target="_top">commit 1545</a>.
</p></li><li class="listitem"><p>
Simon Bedford, Brad Dameron and Laurient Papier discovered relatively high TCP/IP loads could cause TCP/IP service to shut down over time.
Addressed in commits <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1546" target="_top">1546</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1640" target="_top">1640</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1652" target="_top">1652</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1685" target="_top">1685</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1698" target="_top">1698</a>. Additional information provided by Zwane Mwaikambo, Nicholas Miell and Jeff Roberson.
Testing by Christian Hofstaedtler and Michael Renner.
</p></li><li class="listitem"><p>
The PowerDNS Recursor could not read the 'root zone' (this is something else than the root hints) because of an unquoted TXT record.
This has now been addressed, allowing operators to hardcode the root zone. This can improve security if the root zone used is kept up to date.
Change in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1547" target="_top">commit 1547</a>.
</p></li><li class="listitem"><p>
A return of an old bug, when a domain gets new nameservers, but the old nameservers continue to contain a copy of the domain, PowerDNS could get 'stuck' with the old servers.
Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1548" target="_top">commit 1548</a>.
</p></li><li class="listitem"><p>
Discovered & reported by Alexander Gall of SWITCH, the Recursor used to try to resolve 'AXFR' records over UDP. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1619" target="_top">commit 1619</a>.
</p></li><li class="listitem"><p>
The Recursor embedded authoritative server messed up parsing a record like '@ IN MX 15 @'. Spotted by Aki Tuomi, fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1621" target="_top">commit 1621</a>.
</p></li><li class="listitem"><p>
The Recursor embedded authoritative server messed up parsing really really long lines. Spotted by Marco Davids, fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1624" target="_top">commit 1624</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1625" target="_top">commit 1625</a>.
</p></li><li class="listitem"><p>
Packet cache was not DNS class correct. Spotted by "Robin", fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1688" target="_top">commit 1688</a>.
</p></li><li class="listitem"><p>
The packet cache would cache some NXDOMAINs for too long. Solving this bug exposed an underlying oddity where the initial NXDOMAIN response
had an overly long (untruncated) TTL, whereas all the next ones would be ok. Solved in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1679" target="_top">commit 1679</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/281" target="_top">ticket 281</a>. Especially important for RBL operators.
Fixed after some nagging by Alex Broens (thanks).
</p></li></ul></div><p>
</p><p>
Improvements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
The priming of the root now uses more IPv6 addresses. Change in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1550" target="_top">commit 1550</a>, closes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/287" target="_top">ticket 287</a>. Also, the IPv6 address of I.ROOT-SERVERS.NET was added in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1650" target="_top">commit 1650</a>.
</p></li><li class="listitem"><p>
The <code class="function">rec_control dump-cache</code> command now also dumps the 'negative query' cache. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1713" target="_top">commit 1713</a>.
</p></li><li class="listitem"><p>
PowerDNS Recursor can now bind to fe80 IPv6 space with '%eth0' link selection. Suggested by Darren Gamble, implemented with help from Niels Bakker. Change in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1620" target="_top">commit 1620</a>.
</p></li><li class="listitem"><p>
Solaris on x86 has a long standing bug in port_getn(), which we now work around. Spotted by 'Dirk' and 'AS'. Solution suggested by the Apache runtime library,
update in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1622" target="_top">commit 1622</a>.
</p></li><li class="listitem"><p>
New runtime statistic: 'tcp-clients' which lists the number of currently active TCP/IP clients. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1623" target="_top">commit 1623</a>.
</p></li><li class="listitem"><p>
Deal better with UltraDNS style CNAME redirects containing SOA records. Spotted by Andy Fletcher from UKDedicated in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/303" target="_top">ticket 303</a>, fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1628" target="_top">commit 1628</a>.
</p></li><li class="listitem"><p>
The packet cache, which has 'ready to use' packets containing answers, now artificially ages the ready to use packets. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1630" target="_top">commit 1630</a>.
</p></li><li class="listitem"><p>
Lua scripts can now indicate that certain queries will have 'variable' answers, which means that the packet cache will not touch these answers.
This is great for overriding some domains for some users, but not all of them. Use setvariable() in Lua to indicate such domains. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1636" target="_top">commit 1636</a>.
</p></li><li class="listitem"><p>
Add query statistic called 'dont-outqueries', plus add IPv6 address :: and IPv4 address 0.0.0.0 to the default "dont-query" set,
preventing the Recursor from talking to itself. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1637" target="_top">commit 1637</a>.
</p></li><li class="listitem"><p>
Work around a gcc 4.1 bug, still in wide use on common platforms. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1653" target="_top">commit 1653</a>.
</p></li><li class="listitem"><p>
Add 'ARCHFLAGS' to PowerDNS Recursor Makefile, easing 64 bit compilation on mainly 32 bit platforms (and vice versa).
</p></li><li class="listitem"><p>
Under rare circumstances, querying the Recursor for statistics under very high load could lead to a crash (although this has never been observed). Bad code removed &
good code unified in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1675" target="_top">commit 1675</a>.
</p></li><li class="listitem"><p>
Spotted by Jeff Sipek, the rec_control manpage did not list the new get-all command. <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1677" target="_top">commit 1677</a>.
</p></li><li class="listitem"><p>
On some platforms, it may be better to have PowerDNS itself distribute queries over threads (instead of leaving it up to the kernel).
This experimental feature can be enabled with the 'pdns-distributes-queries' setting. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1678" target="_top">commit 1678</a> and beyond. Speeds up Solaris measurably.
</p></li><li class="listitem"><p>
Cache cleaning code was cleaned up, unified and expanded to cover the 'negative cache', which used to be cleaned rather bluntly. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1702" target="_top">commit 1702</a>, further tweaks in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1712" target="_top">commit 1712</a>,
spotted by Darren Gamble, Imre Gergely and Christian Kovacic.
</p></li></ul></div><p>
</p><p>
Changes between RC1, RC2 and RC3.
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
RC2: Fixed linking on RHEL5/CentOS5, which both ship with a gcc compiler that claims to support atomic operations, but doesn't. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1714" target="_top">commit 1714</a>. Spotted by 'Bas' and Imre Gergely.
</p></li><li class="listitem"><p>
RC2: Negative query cache was configured to grow too large, and was not cleaned efficiently. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1712" target="_top">commit 1712</a>, spotted by Imre Gergely.
</p></li><li class="listitem"><p>
RC3: Root failed to be renewed automatically, relied on fallback to make this happen. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1716" target="_top">commit 1716</a>, spotted by Detlef Peeters.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.9. Recursor version 3.2"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-recursor-3-2"></a>3.9. Recursor version 3.2</h3></div></div></div><p>
</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Warning"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Warning]" src="warning.png" /></td><th align="left">Warning</th></tr><tr><td align="left" valign="top"><p>
Released on the 7th of March 2010.
</p></td></tr></table></div><p>
</p><p>
</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Warning"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Warning]" src="warning.png" /></td><th align="left">Warning</th></tr><tr><td align="left" valign="top"><p>
Lua scripts from version 3.1.7.* are fully compatible with version 3.2. However, scripts written for development snapshot releases, are NOT.
Please see <a class="xref" href="recursor-scripting.html" title="7. Scripting">Section 7, “Scripting”</a> for details!
</p></td></tr></table></div><p>
</p><p>
The 3.2 release is the first major release of the PowerDNS Recursor in a long time. Partly this is because 3.1.7.* functioned very well,
and delivered satisfying performance, partly this is because in order to really move forward, some heavy lifting had to be done.
</p><p>
As always, we are grateful for the large PowerDNS community that is actively involved in improving the quality of our software, be it by submitting
patches, by testing development versions of our software or helping debug interesting issues. We specifically want to thank Stefan Schmidt and Florian Weimer,
who both over the years have helped tremendously in keeping PowerDNS fast, stable and secure.
</p><p>
This version of the PowerDNS Recursor contains a rather novel form of lock-free multithreading, a situation that comes close to the old '--fork' trick,
but allows the Recursor to fully utilize multiple CPUs, while delivering unified statistics and operational control.
</p><p>
In effect, this delivers the best of both worlds: near linear scaling, with almost no administrative overhead.
</p><p>
Compared to 'regular multithreading', whereby threads cooperate more closely, more memory is used, since each thread maintains its own DNS cache.
However, given the economics, and the relatively limited total amount of memory needed for high performance, this price is well worth it.
</p><p>
In practical numbers, over 40,000 queries/second sustained performance has now been measured by a third party, with a 100.0% packet response rate. This means that the needs
of around 400,000 residential connections can now be met by a single commodity server.
</p><p>
In addition to the above, the PowerDNS Recursor is now providing resolver service for many more Internet users than ever before. This has brought with it
24/7 Service Level Agreements, and 24/7 operational monitoring by networking personnel at some of the largest telecommunications companies in the world.
</p><p>
In order to facilitate such operation, more statistics are now provided that allow the visual verification of proper PowerDNS Recursor operation. As an example of this
there are now graphs that plot how many queries were dropped by the operating system because of a CPU overload, plus statistics that can be monitored to determine
if the PowerDNS deployment is under a spoofing attack.
</p><p>
All in all, this is a large and important PowerDNS Release, paving the way for further innovation.
</p><p>
</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Note"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Note]" src="note.png" /></td><th align="left">Note</th></tr><tr><td align="left" valign="top"><p>
This release removes support for the 'fork' multi-processor option. In addition, the default is now to spawn two threads. This has been done
in such a way that total memory usage will remain identical, so each thread will use half of the allocated maximum number of cache entries.
</p></td></tr></table></div><p>
Changes between RC2 and -release:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
'Make install' when an existing configuration file contained a 'fork' statement has been fixed. Spotted by Darren Gamble, code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1534" target="_top">commit 1534</a>.
</p></li><li class="listitem"><p>
Reloading a non-existent allow-from-file caused the control thread to stop working. Spotted by Imre Gergely, code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1532" target="_top">commit 1532</a>.
</p></li><li class="listitem"><p>
Parser got confused by reading en empty line in auth-forward-zones. Spotted by Imre Gergely, code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1533" target="_top">commit 1533</a>.
</p></li><li class="listitem"><p>
David Gavarret discovered undocumented and not-working settings to set the owner, group and access modes of the control socket. Code by Aki Tuomi
and documentation in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1535" target="_top">commit 1535</a>. Fixup in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1536" target="_top">commit 1536</a> for FreeBSD as found by Ralf van der Enden.
</p></li><li class="listitem"><p>
Tiny improvement possibly solving an issue on Solaris 10's completion port event multiplexer (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1537" target="_top">commit 1537</a>).
</p></li></ul></div><p>
Changes between RC1 and RC2:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Compilation on Solaris 10 has been fixed (various patchlevels had different issues), code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1522" target="_top">commit 1522</a>.
</p></li><li class="listitem"><p>
Compatibility with CentOS4/RHEL4 has been restored, the gcc and glibc versions shipped with this distribution contain a Thread Local Storage bug
which we now work around. Thanks to Darren Gamble and Imre Gergely for debugging this issue, code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1527" target="_top">commit 1527</a>.
</p></li><li class="listitem"><p>
A failed setuid operation, because of misconfiguration, would result in a crash instead of an error message. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1523" target="_top">commit 1523</a>.
</p></li><li class="listitem"><p>
Imre Gergely discovered that PowerDNS was doing spurious root repriming when invalidating nssets. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1531" target="_top">commit 1531</a>.
</p></li><li class="listitem"><p>
Imre Gergely discovered our rrd graphs had not been changed for the new multithreaded world, and did not allow scaling beyond 200% cpu use. In addition,
CPU usage graphs did not add up correctly. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1524" target="_top">commit 1524</a>.
</p></li><li class="listitem"><p>
Andreas Jakum discovered the description of 'max-packetcache-entries' and 'forward-zones-recurse' was wrong in the output of '--help' and '--config'.
In addition, some stray backup files made it into the RC1 release. Addressed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1529" target="_top">commit 1529</a>.
</p></li></ul></div><p>
Full release notes follow, including some overlap with the incremental release notes above.
Improvements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Multithreading, allowing near linear scaling to multiple CPUs or cores. Configured using 'threads=' (many commits).
This also deprecates the '--fork' option.
</p></li><li class="listitem"><p>
Added ability to read a configuration item of a running PowerDNS Recursor using 'rec_control get-parameter' (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1243" target="_top">commit 1243</a>), suggested by Wouter de Jong.
</p></li><li class="listitem"><p>
Added ability to read all statistics in one go of a running PowerDNS Recursor using 'rec_control get-all' (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1496" target="_top">commit 1496</a>), suggested by Michael Renner.
</p></li><li class="listitem"><p>
Speedups in packet generation (Commits <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1258" target="_top">1258</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1259" target="_top">1259</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1262" target="_top">1262</a>)
</p></li><li class="listitem"><p>
TCP deferred accept() filter is turned on again for slight DoS protection. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1414" target="_top">commit 1414</a>.
</p></li><li class="listitem"><p>
PowerDNS Recursor can now do TCP/IP queries to remote IPv6 addresses (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1412" target="_top">commit 1412</a>).
</p></li><li class="listitem"><p>
Solaris 9 '/dev/poll' support added, Solaris 8 now deprecated. Changes in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1421" target="_top">commit 1421</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1422" target="_top">commit 1422</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1424" target="_top">commit 1424</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1413" target="_top">commit 1413</a>.
</p></li><li class="listitem"><p>
Lua functions can now also see the address _to_ which a question was sent, using getlocaladdress(). Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1309" target="_top">commit 1309</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1315" target="_top">commit 1315</a>.
</p></li><li class="listitem"><p>
Maximum cache sizes now default to a sensible value. Suggested by Roel van der Made, implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1354" target="_top">commit 1354</a>.
</p></li><li class="listitem"><p>
Domains can now be forwarded to IPv6 addresses too, using either ::1 syntax or [::1]:25. Thanks to Wijnand Modderman for discovering this issue, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1349" target="_top">commit 1349</a>.
</p></li><li class="listitem"><p>
Lua scripts can now load libraries at runtime, for example to calculate md5 hashes. Code by Winfried Angele in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1405" target="_top">commit 1405</a>.
</p></li><li class="listitem"><p>
Periodic statistics output now includes average queries per second, as well as packet cache numbers (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1493" target="_top">commit 1493</a>).
</p></li><li class="listitem"><p>
New metrics are available for graphing, plus added to the default graphs (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1495" target="_top">commit 1495</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1498" target="_top">commit 1498</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1503" target="_top">commit 1503</a>)
</p></li><li class="listitem"><p>
Fix errors/crashes on more recent versions of Solaris 10, where the ports functions could return ENOENT under some circumstances. Reported and debugged by
Jan Gyselinck, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1372" target="_top">commit 1372</a>.
</p></li></ul></div><p>
New features:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Add pdnslog() function for Lua scripts, so errors or other messages can be logged properly.
</p></li><li class="listitem"><p>
New settings to set the owner, group and access modes of the control socket (socket-owner, socket-group, socket-mode). Code by Aki Tuomi
and documentation in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1535" target="_top">commit 1535</a>. Fixup in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1536" target="_top">commit 1536</a> for FreeBSD as found by Ralf van der Enden.
</p></li><li class="listitem"><p>
rec_control now accepts a --timeout parameter, which can be useful when reloading huge Lua scripts. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1366" target="_top">commit 1366</a>.
</p></li><li class="listitem"><p>
Domains can now be forwarded with the 'recursion-desired' bit on or off, using either <span class="command"><strong>forward-zones-recurse</strong></span> or by prefixing
the name of a zone with a '+' in <span class="command"><strong>forward-zones-file</strong></span>. Feature suggested by Darren Gamble, implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1451" target="_top">commit 1451</a>.
</p></li><li class="listitem"><p>
Access control lists can now be reloaded at runtime (implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1457" target="_top">commit 1457</a>).
</p></li><li class="listitem"><p>
PowerDNS Recursor can now use a pool of query-local-addresses to further increase resilience against spoofing. Suggested by Ad Spelt, implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1426" target="_top">commit 1426</a>.
</p></li><li class="listitem"><p>
PowerDNS Recursor now also has a packet cache, greatly speeding up operations. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1426" target="_top">commit 1426</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1433" target="_top">commit 1433</a> and further.
</p></li><li class="listitem"><p>
Cache can be limited in how long it maximally stores records, for BIND compatibility (TTL limiting), by setting <span class="command"><strong>max-cache-ttl</strong></span>.Idea by Winfried Angele, implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1438" target="_top">commit 1438</a>.
</p></li><li class="listitem"><p>
Cache cleaning turned out to be scanning more of the cache than necessary for cache maintenance. In
addition, far more frequent but smaller cache cleanups improve responsiveness. Thanks to Winfried Angele for
discovering this issue. (commits <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1501" target="_top">1501</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1507" target="_top">1507</a>)
</p></li><li class="listitem"><p>
Performance graphs enhanced with separate CPU load and cache effectiveness plots, plus
display of various overload situations (commits <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1503" target="_top">1503</a>)
</p></li></ul></div><p>
Compiler/Operating system/Library updates:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
PowerDNS Recursor can now compile against newer versions of Boost (verified up to and including 1.42.0). Reported & fixed by Darix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1274" target="_top">commit 1274</a>. Further fixes in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1275" target="_top">commit 1275</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1276" target="_top">commit 1276</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1277" target="_top">commit 1277</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1283" target="_top">commit 1283</a>.
</p></li><li class="listitem"><p>
Fix compatibility with newer versions of GCC (closes ticket <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/227" target="_top">ticket 227</a>, spotted by Ruben Kerkhof, code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1345" target="_top">commit 1345</a>, more fixes in commit <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1394" target="_top">1394</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1416" target="_top">1416</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1440" target="_top">1440</a>).
</p></li><li class="listitem"><p>
Rrdtool update graph is now compatible with FreeBSD out of the box. Thanks to Bryan Seitz (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1517" target="_top">commit 1517</a>).
</p></li><li class="listitem"><p>
Fix up Makefile for older versions of Make (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1229" target="_top">commit 1229</a>).
</p></li><li class="listitem"><p>
Solaris compilation improvements (out of the box, no handwork needed).
</p></li><li class="listitem"><p>
Solaris 9 MTasker compilation fixes, as suggested by John Levon. Changes in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1431" target="_top">commit 1431</a>.
</p></li></ul></div><p>
Bug fixes:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Under rare circumstances, the recursor could crash on 64 bit Linux systems running glibc 2.7, as found in Debian Lenny.
These circumstances became a lot less rare for the 3.2 release. Discovered by Andreas Jakum and debugged by #powerdns, fix in
<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1519" target="_top">commit 1519</a>.
</p></li><li class="listitem"><p>
Imre Gergely discovered that PowerDNS was doing spurious root repriming when invalidating nssets. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1531" target="_top">commit 1531</a>.
</p></li><li class="listitem"><p>
Configuration parser is now resistant against trailing tabs and other whitespace (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1242" target="_top">commit 1242</a>)
</p></li><li class="listitem"><p>
Fix typo in a Lua error message. Close <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/210" target="_top">ticket 210</a>, as reported by Stefan Schmidt (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1319" target="_top">commit 1319</a>).
</p></li><li class="listitem"><p>
Profiled-build instructions were broken, discovered & fixes suggested by Stefan Schmidt. <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/239" target="_top">ticket 239</a>, fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1462" target="_top">commit 1462</a>.
</p></li><li class="listitem"><p>
Fix up duplicate SOA from a remote authoritative server from showing up in our output (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1475" target="_top">commit 1475</a>).
</p></li><li class="listitem"><p>
All security fixes from 3.1.7.2 are included.
</p></li><li class="listitem"><p>
Under highly exceptional circumstances on FreeBSD the PowerDNS Recursor could crash because of a TCP/IP error.
Reported and fixed by Andrei Poelov in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/192" target="_top">ticket 192</a>, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1280" target="_top">commit 1280</a>.
</p></li><li class="listitem"><p>
PowerDNS Recursor can be a root-server again. Error spotted by the ever vigilant Darren Gamble (ticket <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/229" target="_top">229</a>), fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1458" target="_top">commit 1458</a>.
</p></li><li class="listitem"><p>
Rare TCP/IP errors no longer lead to PowerDNS Recursor logging errors or becoming confused. Debugged by Josh Berry of Plusnet PLC. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1457" target="_top">commit 1457</a>.
</p></li><li class="listitem"><p>
Do not hammer parent servers in case child zones are misconfigured, requery at most once every 10 seconds. Reported & investigated by
Stefan Schmidt and Andreas Jakum, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1265" target="_top">commit 1265</a>.
</p></li><li class="listitem"><p>
Properly process answers from remote authoritative servers that send error answers without including the original question (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1329" target="_top">commit 1329</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1327" target="_top">commit 1327</a>).
</p></li><li class="listitem"><p>
No longer spontaneously turn on 'export-etc-hosts' after reloading zones. Discovered by Paul Cairney, reported in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/225" target="_top">ticket 225</a>, addressed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1348" target="_top">commit 1348</a>.
</p></li><li class="listitem"><p>
Very abrupt server failure of large numbers of high-volume authoritative servers could trigger an out of memory situation. Addressed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1505" target="_top">commit 1505</a>.
</p></li><li class="listitem"><p>
Make timeouts for queries to remote authoritative servers configurable with millisecond granularity. In addition, the old code turned out to consider the timeout
expired when the integral number of seconds since 1970 increased by 1 - which *on average* is after 500ms. This might have caused spurious timeouts! New default
timeout is 1500ms. See <span class="command"><strong>network-timeout</strong></span> setting for more details.
Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1402" target="_top">commit 1402</a>.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.10. Recursor version 3.1.7.2"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-recursor-3-1-7-2"></a>3.10. Recursor version 3.1.7.2</h3></div></div></div><p>
</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Warning"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Warning]" src="warning.png" /></td><th align="left">Warning</th></tr><tr><td align="left" valign="top"><p>
Released on the 6th of January 2010.
</p></td></tr></table></div><p>
</p><p>
This release consist of a number of vital security updates. These updates address issues
that can in all likelihood lead to a full system compromise. In addition, it is possible for
third parties to pollute your cache with dangerous data, exposing your users to possible harm.
</p><p>
This version has been well tested, and at the time of this release is already powering millions
of internet connections, and should therefore be a risk-free upgrade from 3.1.7.1 or any earlier
version of the PowerDNS Recursor.
</p><p>
All known versions of the PowerDNS Recursor are impacted to a greater or lesser extent, so an immediate update is advised.
</p><p>
These vulnerabilities were discovered by a third party that can't yet be named,
but who we thank for their contribution to a more secure PowerDNS Recursor.
</p><p>
For more information, see <a class="xref" href="powerdns-advisory-2010-01.html" title="10. PowerDNS Security Advisory 2010-01: PowerDNS Recursor up to and including 3.1.7.1 can be brought down and probably exploited">Section 10, “PowerDNS Security Advisory 2010-01: PowerDNS Recursor up to and including 3.1.7.1 can be brought down and probably exploited”</a> and <a class="xref" href="powerdns-advisory-2010-02.html" title="11. PowerDNS Security Advisory 2010-02: PowerDNS Recursor up to and including 3.1.7.1 can be spoofed into accepting bogus data">Section 11, “PowerDNS Security Advisory 2010-02: PowerDNS Recursor up to and including 3.1.7.1 can be spoofed into accepting bogus data”</a>.
</p></div><div class="sect2" title="3.11. Recursor version 3.1.7.1"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-recursor-3-1-7-1"></a>3.11. Recursor version 3.1.7.1</h3></div></div></div><p>
</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Warning"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Warning]" src="warning.png" /></td><th align="left">Warning</th></tr><tr><td align="left" valign="top"><p>
Released on the 2nd of August 2009.
</p></td></tr></table></div><p>
</p><p>
This release consists entirely of fixes for tiny bugs that have been reported over the past year. In
addition, compatibility has been restored with the latest versions of the gcc compiler and the 'boost' libraries.
</p><p>
No features have been added, but some debugging code that very slightly impacted performance (and polluted the
console when operating in the foreground) has been removed.
</p><p>
FreeBSD users may want to upgrade because of a very remote chance of 3.1.7 and previous crashing once every few years.
For other operators not currently experiencing problems, there is no reason to upgrade.
</p><p>
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Improved error messages when parsing zones for authoritative serving (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1235" target="_top">commit 1235</a>).
</p></li><li class="listitem"><p>
Better resilience against whitespace in configuration (changesets <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1237" target="_top">1237</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1240" target="_top">1240</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1242" target="_top">1242</a>)
</p></li><li class="listitem"><p>
Slight performance increase (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1378" target="_top">commit 1378</a>)
</p></li><li class="listitem"><p>
Fix rare case where timeouts were not being reported to the right query-thread (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1260" target="_top">commit 1260</a>)
</p></li><li class="listitem"><p>
Fix compilation against newer versions of the Boost C++ libraries (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1381" target="_top">commit 1381</a>)
</p></li><li class="listitem"><p>
Close very rare issue with TCP/IP close reporting ECONNRESET on FreeBSD. Reported by Andrei Poelov in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/192" target="_top">ticket 192</a>.
</p></li><li class="listitem"><p>
Silence debugging output (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1286" target="_top">commit 1286</a>).
</p></li><li class="listitem"><p>
Fix compilation against newer versions of gcc (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1384" target="_top">commit 1384</a>)
</p></li><li class="listitem"><p>
No longer set export-etc-hosts to 'on' on reload-zones. Discovered by Paul Cairney, closes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/225" target="_top">ticket 225</a>.
</p></li><li class="listitem"><p>
Sane default for the maximum cache size in the Recursor, suggested by Roel van der Made (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1354" target="_top">commit 1354</a>).
</p></li><li class="listitem"><p>
No longer exit because of the changed behaviour of the Solaris 'completion ports' in more recent versions of Solaris. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1372" target="_top">commit 1372</a>, reported by Jan Gyselinck.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.12. Authoritative Server version 2.9.22"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-auth-2-9-22"></a>3.12. Authoritative Server version 2.9.22</h3></div></div></div><p>
</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Warning"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Warning]" src="warning.png" /></td><th align="left">Warning</th></tr><tr><td align="left" valign="top"><p>
Released on the 27th of January 2009.
</p></td></tr></table></div><p>
</p><p>
This is a huge release, spanning almost 20 months of development. Besides fixing a lot of bugs, of note is the addition of the so called 'Notification Proxy',
which allows PowerDNS to function as a master server behind a firewall, plus the huge performance improvement of the internal caches.
</p><p>
This work has been made possible by UPC Broadband and Directi, respectively.
</p><p>
Finally, the release candidates of this version have been tested & improved by Jorn Ekkelenkamp, Ton van Rosmalen, Jeff Sipek, Tyler Hall, Christof Meerwald and
Stefan Schmidt.
</p><p>
Fixed between rc1 and rc2, but not an issue in 2.9.21.
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
<span class="command"><strong>pdns_control ccounts</strong></span> again outputs proper cache statistics. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1304" target="_top">commit 1304</a>.
</p></li><li class="listitem"><p>
Negative query caching was reinstated, leading to 6 times fewer backend queries than rc1 on the Express.powerdns.com servers.
</p></li><li class="listitem"><p>
Packetcache no longer needlessly parses outgoing packets before sending them.
</p></li><li class="listitem"><p>
Fancy records work again. This work has been sponsored by ISP Services. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1302" target="_top">commit 1302</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1299" target="_top">commit 1299</a>.
</p></li></ul></div><p>
</p><p>
New features:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
<span class="command"><strong>pdns_control</strong></span> can now also work over TCP/IP. Sponsored by Directi. Commits <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1246" target="_top">1246</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1251" target="_top">1251</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1254" target="_top">1254</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1255" target="_top">1255</a>.
</p></li><li class="listitem"><p>
Implemented a notification proxy, see <a class="xref" href="tools.html#nproxy" title="1. Notification proxy (nproxy)">Section 1, “Notification proxy (nproxy)”</a>. This work was sponsored by UPC Broadband. Implemented in commits <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1075" target="_top">1075</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1077" target="_top">1077</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1082" target="_top">1082</a>,
<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1083" target="_top">1083</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1085" target="_top">1085</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1086" target="_top">1086</a>.
</p></li><li class="listitem"><p>
IXFR queries are now supported in the sense that we treat them as AXFR queries, silencing warnings in other nameservers. Suggested in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/131" target="_top">ticket 131</a>.
</p></li><li class="listitem"><p>
The PIPE backend has been extended by David Apgar to allow the reporting of errors using the 'FAIL' command, plus
support for responses with whitespace. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1114" target="_top">commit 1114</a>.
</p></li><li class="listitem"><p>
PowerDNS Authoritative server now parses incoming EDNS options, like maximum allowed packet size. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1123" target="_top">commit 1123</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1281" target="_top">commit 1281</a>.
</p></li><li class="listitem"><p>
Added support for DHCID, IPSECKEY and KX records, thanks Norbert Sendetzky for the hint. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1144" target="_top">commit 1144</a>.
</p></li><li class="listitem"><p>
Norbert Sendetzky has has added support for all record types supported by PowerDNS to the LDAPBackend. Furthermore, the detection
of OpenLDAP in autoconf has been improved. Finally, debian has supplied some fixes to PowerLDAP. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1152" target="_top">commit 1152</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1153" target="_top">commit 1153</a>.
</p></li><li class="listitem"><p>
Implemented EDNS NSID option for retrieving the nameserver ID out of band. Defaults to hostname, can be specified using the
<span class="command"><strong>server-id</strong></span> setting. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1232" target="_top">commit 1232</a>.
</p></li><li class="listitem"><p>
Implemented experimental EDNS PING for enhanced forgery resilience. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1232" target="_top">commit 1232</a>.
</p></li></ul></div><p>
</p><p>
Performance:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Improve packet generation performance, in some cases by 25%. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1258" target="_top">1258</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1259" target="_top">1259</a>.
</p></li><li class="listitem"><p>
Improved access list checking performance. <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1261" target="_top">commit 1261</a>.
</p></li><li class="listitem"><p>
PowerDNS Authoritative caches were completely redone, and are now based on the same cache that is in the resolver. This work has been sponsored
by Directi. In large benchmarks, PowerDNS performance has improved by an order of magnitude or more. This new version allows for near-instantaneous
cache purging, plus very rapid purging based on suffix. Purge commands can also be batched. This work is partially based on an innovative
reverse-string comparison function authored by Aki Tuomi.
</p></li><li class="listitem"><p>
Installations which run with very high cache hitrates can now benefit from multiple CPUs by setting <span class="command"><strong>receiver-threads</strong></span> to the number
of desired CPUs to utilize in cache operations. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1316" target="_top">commit 1316</a>.
</p></li><li class="listitem"><p>
BIND backend speedups in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1108" target="_top">commit 1108</a>, measured at around a 20% improvement, possibly more on very large setups.
</p></li></ul></div><p>
</p><p>
Bugs fixed:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Tyler Hall discovered the PowerDNS configuration file parser had problems with trailing tabs. This turned out to be a wider problem in PowerDNS.
Buggy code replaced by a library call in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1237" target="_top">commit 1237</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1240" target="_top">commit 1240</a>.
</p></li><li class="listitem"><p>
David Apgar of Yahoo discovered that our 'guardian' method of restarting PowerDNS in case of problems was not fool proof, and submitted a fix.
A variation of this fix can be found in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1323" target="_top">commit 1323</a>. Also reported by Directi.
</p></li><li class="listitem"><p>
Connection reset by peer events in the TCP nameserver no longer lead to the cycling of database connections. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1241" target="_top">commit 1241</a>.
</p></li><li class="listitem"><p>
FreeBSD compilation with Generic PostgreSQL backend was fixed. Reported by Wouter de Jong of WideXS, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1305" target="_top">commit 1305</a>, closes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/95" target="_top">ticket 95</a>.
</p></li><li class="listitem"><p>
Webserver no longer prints '1e2%'. Finally closes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/26" target="_top">ticket 26</a>. Much friendly nagging for over 3 years by Jeff Sipek, code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1303" target="_top">commit 1303</a>.
</p></li><li class="listitem"><p>
PowerDNS used to ignore certain queries it could not answer. These queries are no longer ignored, but get a SERVFAIL response. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1239" target="_top">commit 1239</a>.
</p></li><li class="listitem"><p>
Fix subtle CNAME and wildcard interactions reported by 'zzyzz', implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1147" target="_top">commit 1147</a>.
</p></li><li class="listitem"><p>
The generic backends did not honour the <span class="command"><strong>default-ttl</strong></span> setting. Spotted and implemented by Matti Hiljanen.
</p></li><li class="listitem"><p>
Matti Hiljanen discovered that the OpenDBX backend did not fill out the SOA ttl value properly. Matti also improved the SQL statements
for better compatibility. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1181" target="_top">commit 1181</a>.
</p></li><li class="listitem"><p>
Treat invalid WWW requests better. Spotted by Maikel Verheijen, implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1092" target="_top">commit 1092</a>.
</p></li><li class="listitem"><p>
Documentation errors and typos, spotted by Marco Davids (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1097" target="_top">commit 1097</a>) and Rejo Zengers (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1119" target="_top">commit 1119</a>)
</p></li><li class="listitem"><p>
Properly fill out the 'recursion available'-flag. Spotted by Augie Schwer in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/167" target="_top">ticket 167</a>.
</p></li><li class="listitem"><p>
Several memory leaks on bad data in the database or other errors have been fixed. Addressed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1078" target="_top">1078</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1079" target="_top">1079</a>.
</p></li><li class="listitem"><p>
In contravention to the documentation, the domain type as specified in the database ('MASTER', 'SLAVE' or 'NATIVE') was interpreted
case sensitively. <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1084" target="_top">1084</a>.
</p></li><li class="listitem"><p>
BIND backend could crash on processing information about slave zones to be checked. Spotted by Stefan Schmidt, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1089" target="_top">1089</a>.
</p></li><li class="listitem"><p>
Jelte Jansen of Stichting NLNetLabs discovered PowerDNS in BIND mode couldn't operate as a root-server! Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1057" target="_top">1057</a>.
</p></li><li class="listitem"><p>
'DPS' discovered there was a rare opportunity for PowerDNS to lock up waiting for new data. Addressed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1076" target="_top">1076</a>.
</p></li><li class="listitem"><p>
Make singlethreaded mode more resilient against errors. <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1272" target="_top">commit 1272</a>.
</p></li><li class="listitem"><p>
DNSSEC records were part of 2.9.21, but were not actually hooked up. Please note that while PowerDNS can serve most DNSSEC records,
it does not do DNSSEC processing. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1046" target="_top">1046</a>.
</p></li><li class="listitem"><p>
Shawn Starr migrated all his domains to PowerDNS in one evening, from an installation that had been used since BIND4.
In doing so, he found 3 bugs in as many hours. An <span class="command"><strong>IN</strong></span> statement in the BIND <code class="filename">named.conf</code>
with a zone with a trailing dot was misparsed, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1233" target="_top">commit 1233</a>. Secondly, the zone file parser tripped over a line consisting of nothing
but comments in the wrong place. Finally '$ORIGIN .' was misparsed. Last two issues fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1234" target="_top">commit 1234</a>.
</p></li><li class="listitem"><p>
Our statistics counters did not wrap correctly after the 2.15 billion mark. Spotted by Stefan Schmidt, reported in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/179" target="_top">ticket 179</a>, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1284" target="_top">commit 1284</a>.
</p></li><li class="listitem"><p>
Bindbackend could sometimes generate very strange error messages while processing a malformed zone file. Sometimes such error messages
could cause a crash (reported on HP-UX). Addressed by <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1279" target="_top">commit 1279</a>. This could not be triggered remotely. Closes ticket <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/203" target="_top">ticket 203</a>.
</p></li><li class="listitem"><p>
Pipe backend did not clean up killed coprocesses. Found and fixed by Daniel Drown
</p></li><li class="listitem"><p>
Installations with tens of thousands of slave domains would never complete the cycle to check the freshness of all zones
as each incoming notification disrupted this cycle. Addressed in cooperation with Tyler Hall of EditDNS.
</p></li></ul></div><p>
</p><p>
Improvements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Zone parser improvements mean $TTL and $INCLUDES now work a lot better. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1056" target="_top">1056</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1062" target="_top">1062</a>.
</p></li><li class="listitem"><p>
No longer report temporary recvfrom errors, which used to spam the log on many systems. Addressed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1320" target="_top">commit 1320</a>.
</p></li><li class="listitem"><p>
Direct queries for 'fancy records' would lead to errors, such queries now fail early. Spotted by Jorn Ekkelenkamp, implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1051" target="_top">1051</a>.
</p></li><li class="listitem"><p>
Fix typo in geobackend, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/157" target="_top">ticket 157</a>, implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1090" target="_top">1090</a>.
</p></li><li class="listitem"><p>
Initial work on TSIG support - not done yet. Spurred on by Marco Davids.
</p></li><li class="listitem"><p>
Embarrassingly, the 'master' configuration setting was not documented in the list of all settings!
</p></li><li class="listitem"><p>
Norbert has updated OpenDBX so that SQLite reads and writes no longer deadlock, plus compilation fixes on Solaris, plus the addition
of autoserials to backends that support triggers. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1154" target="_top">commit 1154</a>.
</p></li><li class="listitem"><p>
Random generator is now based on AES, improving the security of certain proxy operations. This is the same random generator that is in
the recursor. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1256" target="_top">commit 1256</a>.
</p></li><li class="listitem"><p>
Documentation for 'supermaster' mode was improved due to popular demand.
</p></li><li class="listitem"><p>
When binding to a UDP port failed, supply a more precise error message (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1245" target="_top">commit 1245</a>)
</p></li><li class="listitem"><p>
The zone parser error messages were vastly improved, partially inspired by Shawn's cowboy migration. Code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1235" target="_top">commit 1235</a>.
</p></li><li class="listitem"><p>
Labels are compressed more efficiently (case-insensitively), leading to smaller packets. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1156" target="_top">commit 1156</a>.
</p></li><li class="listitem"><p>
Fix handling of TCP timeouts to not cause a reload of the backends. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1092" target="_top">commit 1092</a>.
</p></li><li class="listitem"><p>
TCP Receiver no longer spams the log with common network errors. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1306" target="_top">commit 1306</a>.
</p></li><li class="listitem"><p>
Move from select() to poll()-based multiplexing, allowing PowerDNS to listen on more than 1024 sockets simultaneously.
One big PowerDNS user needs this. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1072" target="_top">1072</a>.
</p></li><li class="listitem"><p>
Zone2sql now reads source files in performance enhancing inode order. Additionally, zone2sql no longer dies on a missing zone file if
<span class="command"><strong>--on-error-resume-next</strong></span> was specified. Finally, statistics of zone2sql conversion have been improved. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1055" target="_top">1055</a>.
</p></li><li class="listitem"><p>
Address issues found by more recent g++ versions. Spotted and/or fixed by Jorn Ekkelenkamp (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1051" target="_top">commit 1051</a>), Marcus Rueckert (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1094" target="_top">commit 1094</a>), Norbert Sendetzky (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1107" target="_top">commit 1107</a>),
Serge Belyshev (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1171" target="_top">commit 1171</a>).
</p></li><li class="listitem"><p>
The Intel C Compiler implements certain things differently, causing the master/slave communicator to malfunction. Spotted by Marcus Rueckert, implemented
in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1052" target="_top">1052</a>, plus fallout in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1105" target="_top">1105</a>.
</p></li><li class="listitem"><p>
PowerDNS can now be compiled with Boost 1.37.0.
</p></li><li class="listitem"><p>
Andre Lorbach of Adiscon discovered the Microsoft Windows 2003 nameserver
adds out of zone data to zone transfers, which we need to ignore, instead of
rejecting the entire zone. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1048" target="_top">1048</a>.
</p></li><li class="listitem"><p>
PowerDNS now skips remote master servers which consistently generate timeout messages, improving the master checking cycle time tremendously.
Developed in cooperation with Tyler Hall. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1278" target="_top">commit 1278</a>.
</p></li><li class="listitem"><p>
When binding to a UDP port failed, supply a more precise error message (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1245" target="_top">commit 1245</a>)
</p></li><li class="listitem"><p>
<span class="command"><strong>dnsreplay</strong></span> now waits for the final answers to arrive, making it possible to process even small pcap files and
get meaningful statistics. <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1268" target="_top">commit 1268</a>.
</p></li><li class="listitem"><p>
<span class="command"><strong>dnsreplay</strong></span> has a more sane default timeout now, which can be configured too. Suggested by Augie Schwer in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/163" target="_top">ticket 163</a>, implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1287" target="_top">commit 1287</a>.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.13. Authoritative Server version 2.9.21.2"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-auth-2-9-21-2"></a>3.13. Authoritative Server version 2.9.21.2</h3></div></div></div><p>
Released on the 18th of November 2008.
</p><p>
This release consists of a single patch to PowerDNS Authoritative Server version 2.9.21.1.
In some configurations, notably with configuration option 'distributor-threads=1', the PowerDNS Authoritative Server
crashes easily in some error conditions.
</p><p>
All users are urged to upgrade. Even though PowerDNS restarts itself on encountering such error conditions, and even
though most PowerDNS configurations do not run in single threaded mode, an upgrade is recommended.
</p><p>
More detail can be found in <a class="xref" href="powerdns-advisory-2008-03.html" title="9. PowerDNS Security Advisory 2008-02: Some PowerDNS Configurations can be forced to restart remotely">Section 9, “PowerDNS Security Advisory 2008-02: Some PowerDNS Configurations can be forced to restart remotely”</a>.
</p></div><div class="sect2" title="3.14. Authoritative Server version 2.9.21.1"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-auth-2-9-21-1"></a>3.14. Authoritative Server version 2.9.21.1</h3></div></div></div><p>
Released on the 6th of August 2008.
</p><p>
This release consists of a single patch to PowerDNS Authoritative Server version 2.9.21.
Brian J. Dowling of Simplicity Communications has discovered a security implication of
the previous PowerDNS behaviour to drop queries it considers malformed. We are grateful that
Brian notified us quickly about this problem.
</p><p>
This issue has been assigned CVE-2008-3337. The single patch is in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1239" target="_top">commit 1239</a>. More detail can be found in
<a class="xref" href="powerdns-advisory-2008-02.html" title="8. PowerDNS Security Advisory 2008-02: By not responding to certain queries, domains become easier to spoof">Section 8, “PowerDNS Security Advisory 2008-02: By not responding to certain queries, domains become easier to spoof”</a>.
</p><p>
The implication is that while the PowerDNS Authoritative server itself does not face a security risk because
of dropping these malformed queries, other resolving nameservers run a higher risk of accepting spoofed
answers for domains being hosted by PowerDNS Authoritative Servers before 2.9.21.1.
</p><p>
While the dropping of queries does not aid sophisticated spoofing attempts, it does facilitate simpler attacks.
</p><p>
It may be good to know that several large sites already run with this patch applied, as it has been in the
public code base for some weeks already.
</p></div><div class="sect2" title="3.15. Recursor version 3.1.7"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-recursor-3-1-7"></a>3.15. Recursor version 3.1.7</h3></div></div></div><p>
Released the 25th of June 2008.
</p><p>
This version contains powerful scripting abilities, allowing operators to modify DNS responses in many
interesting ways. Among other things, these abilities can be used to filter out malware domains, to perform
load balancing, to comply with legal and other requirements and finally, to implement 'NXDOMAIN' redirection.
</p><p>
It is hoped that the addition of Lua scripting will enable responsible DNS modification for those that need it.
</p><p>
For more details about the Lua scripting, which can be modified, loaded and unloaded at runtime, see <a class="xref" href="recursor-scripting.html" title="7. Scripting">Section 7, “Scripting”</a>.
Many thanks are due to the #lua irc channel, for excellent near-realtime Lua support. In addition, a number of PowerDNS users have been
enthousiastically testing prereleases of the scripting support, and have found and solved many issues.
</p><p>
In addition, 3.1.7 fixes a number of bugs:
</p><p>
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
In 3.1.5 and 3.1.6, an authoritative server could continue to renew its authority, even though a domain had been delegated
to other servers in the meantime.
</p><p>
In the rare cases where this happened, and the old servers were not shut down, the observed effect is that users were fed outdated data.
</p><p>
Bug spotted and analysed by Darren Gamble, fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1182" target="_top">commit 1182</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1183" target="_top">commit 1183</a>.
</p></li><li class="listitem"><p>
Thanks to long time PowerDNS contributor Stefan Arentz, for the first time, Mac OS X 10.5 users can compile and run the PowerDNS Recursor!
Patch in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1185" target="_top">commit 1185</a>.
</p></li><li class="listitem"><p>
Sten Spans spotted that for outgoing TCP/IP queries, the <span class="command"><strong>query-local-address</strong></span> setting was not honored. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1190" target="_top">commit 1190</a>.
</p></li><li class="listitem"><p>
<span class="command"><strong>rec_control wipe-cache</strong></span> now also wipes domains from the negative cache, hurrying up the expiry
of negatively cached records. Suggested by Simon Kirby, implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1204" target="_top">commit 1204</a>.
</p></li><li class="listitem"><p>
When a forwarder server is configured for a domain, using the <span class="command"><strong>forward-zones</strong></span> setting, this server IP address was
filtered using the <span class="command"><strong>dont-query</strong></span> setting, which is generally not what is desired: the server to which queries are
forwarded will often live in private IP space, and the operator should be trusted to know what he is doing. Reported and argued by Simon
Kirby, fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1211" target="_top">commit 1211</a>.
</p></li><li class="listitem"><p>
Marcus Rueckert of OpenSUSE reported that very recent gcc versions emitted a (correct) warning on an overly complicated line
in syncres.cc, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1189" target="_top">commit 1189</a>.
</p></li><li class="listitem"><p>
Stefan Schmidt discovered that the netmask matching code, used by the new Lua scripts, but also by all other parts of PowerDNS, had problems
with explicit '/32' matches. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1205" target="_top">commit 1205</a>.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.16. Recursor version 3.1.6"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-recursor-3-1-6"></a>3.16. Recursor version 3.1.6</h3></div></div></div><p>
Released on the 1st of May 2008.
</p><p>
This version fixes two important problems, each on its own important enough to justify a quick upgrade.
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Version 3.1.5 had problems resolving several slightly misconfigured domains, including for a time 'juniper.net'. Nameserver timeouts were not being
processed correctly, leading PowerDNS to not update the internal clock, which in turn meant
that any queries immediately following an error would time out as well. Because of retries, this would usually not be a problem except on very busy servers,
for domains with different nameservers at different levels of the DNS-hierarchy, like 'juniper.net'.
</p><p>
This issue was fixed rapidly because of the help of <a class="ulink" href="http://www.xs4all.nl" target="_top">XS4ALL</a> (Eric Veldhuyzen, Kai Storbeck),
Brad Dameron and Kees Monshouwer. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1178" target="_top">commit 1178</a>.
</p></li><li class="listitem"><p>
The new high-quality random generator was not used for all random numbers, especially in source port selection. This means that 3.1.5 is still
a lot more secure than 3.1.4 was, and its algorithms more secure than most other nameservers, but it also means 3.1.5 is not as secure as it could be.
A quick upgrade is recommended. Discovered by Thomas Biege of Novell (SUSE), fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1179" target="_top">commit 1179</a>.
</p></li></ul></div></div><div class="sect2" title="3.17. Recursor version 3.1.5"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-recursor-3-1-5"></a>3.17. Recursor version 3.1.5</h3></div></div></div><p>
Released on the 31st of March 2008.
</p><p>
Much like 3.1.4, this release does not add a lot of major features. Instead, performance has been improved significantly (estimated at around 20%), and many rare
and not so rare issues were addressed. Multi-part TXT records now work as expected - the only significant functional bug found in 15 months. One of the oldest
feature requests was fulfilled: version 3.1.5 can finally forward queries for designated domains to multiple servers, on differing port numbers if needed.
Previously only one forwarder address was supported. This lack held back a number of migrations to PowerDNS.
</p><p>
We would like to thank Amit Klein of Trusteer for bringing a serious
vulnerability to our attention which would enable a smart attacker to
'spoof' previous versions of the PowerDNS Recursor into accepting possibly
malicious data.
</p><p>
Details can be found on <a class="ulink" href="http://www.trusteer.com/docs/powerdnsrecursor.html" target="_top">this Trusteer page</a>.
</p><p>
It is recommended that all users of the PowerDNS Recursor upgrade to 3.1.5
as soon as practicable, while we simultaneously note that busy servers are
less susceptible to the attack, but not immune.
</p><p>
The PowerDNS Security Advisory can be found in <a class="xref" href="powerdns-advisory-2008-01.html" title="7. PowerDNS Security Advisory 2008-01: System random generator can be predicted, leading to the potential to 'spoof' PowerDNS Recursor">Section 7, “PowerDNS Security Advisory 2008-01: System random generator can be predicted, leading to the potential to 'spoof' PowerDNS Recursor”</a>.
</p><p>
This version can properly benefit from all IPv4 and IPv6 addresses in use at the root-servers as of early February 2008. In order to implement this,
changes were made to how the Recursor deals internally with A and AAAA queries for nameservers, see below for more details.
</p><p>
Additionally, newer releases of the G++ compiler required some fixes (see <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/173" target="_top">ticket 173</a>).
</p><p>
This release was made possible by the help of Wichert Akkerman, Winfried Angele, Arnoud Bakker (Fox-IT), Niels Bakker (no relation!),
Leo Baltus (Nederlandse Publieke Omroep), Marco Davids (SIDN), David Gavarret (Neuf Cegetel), Peter Gervai, Marcus Goller (UPC),
Matti Hiljanen (Saunalahti/Elisa), Ruben Kerkhof,
Alex Kiernan, Amit Klein (Trusteer), Kenneth Marshall (Rice University), Thomas Rietz, Marcus Rueckert (OpenSUSE), Augie Schwer (Sonix), Sten Spans (Bit), Stefan Schmidt (Freenet),
Kai Storbeck (xs4all),
Alex Trull, Andrew Turnbull (No Wires) and Aaron Thompson, and many more who filed bugs anonymously, or who we forgot to mention.
</p><p>
Security related issues:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Amit Klein has informed us that System random generator output can be predicted based on its past behaviour, allowing a smart attacker to 'spoof'
our nameserver. Full details in <a class="xref" href="powerdns-advisory-2008-01.html" title="7. PowerDNS Security Advisory 2008-01: System random generator can be predicted, leading to the potential to 'spoof' PowerDNS Recursor">Section 7, “PowerDNS Security Advisory 2008-01: System random generator can be predicted, leading to the potential to 'spoof' PowerDNS Recursor”</a>.
</p></li><li class="listitem"><p>
The Recursor will by default no longer query private-space nameservers. This closes a slight security risk and simultaneously
improves performance and stability. For more information, see <span class="command"><strong>dont-query</strong></span> in <a class="xref" href="built-in-recursor.html#recursor-settings" title="1. pdns_recursor settings">Section 1, “pdns_recursor settings”</a>.
Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/923" target="_top">commit 923</a>.
</p></li><li class="listitem"><p>
Applied fix for <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/110" target="_top">ticket 110</a> ('PowerDNS should change directory to '/' in chroot), implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/944" target="_top">commit 944</a>.
</p></li></ul></div><p>
</p><p>
Performance:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
The DNS packet writing and parsing infrastructure performance was improved in several ways, see commits
<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/925" target="_top">925</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/926" target="_top">926</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/928" target="_top">928</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/931" target="_top">931</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1021" target="_top">1021</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1050" target="_top">1050</a>.
</p></li><li class="listitem"><p>
Remove multithreading overhead from the Recursor (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/999" target="_top">commit 999</a>).
</p></li></ul></div><p>
</p><p>
Bug fixes:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Built-in authoritative server now properly derives the TTL from the SOA record if not specified. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1165" target="_top">commit 1165</a>.
Additionally, even when TTL was specified for the built-in authoritative server, it was ignored. Reported by Stefan Schmidt,
closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/147" target="_top">ticket 147</a>.
</p></li><li class="listitem"><p>
Empty TXT record components can now be served. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1166" target="_top">commit 1166</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/178" target="_top">ticket 178</a>. Spotted by Matti Hiljanen.
</p></li><li class="listitem"><p>
The Recursor would not properly override old data with new, sometimes serving old and new data concurrently. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1137" target="_top">commit 1137</a>.
</p></li><li class="listitem"><p>
SOA records with embedded carriage-return characters are now parsed correctly. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1167" target="_top">commit 1167</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/162" target="_top">ticket 162</a>.
</p></li><li class="listitem"><p>
Some routing conditions could cause UDP connected sockets to generate an error which PowerDNS did not deal with properly, leading
to a leaked file descriptor. As these run out over time, the recursor could crash. This would also happen for IPv6 queries
on a host with no IPv6 connectivity. Thanks to Kai of xs4all and Wichert Akkerman for
reporting this issue. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1133" target="_top">commit 1133</a>.
</p></li><li class="listitem"><p>
Empty unknown record types can now be stored without generating a scary error (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1129" target="_top">commit 1129</a>)
</p></li><li class="listitem"><p>
Applied fix for <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/111" target="_top">ticket 111</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/112" target="_top">ticket 112</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/153" target="_top">ticket 153</a> - large (multipart) TXT records are now retrieved
and served properly. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/996" target="_top">commit 996</a>.
</p></li><li class="listitem"><p>
Solaris compilation instructions in Recursor documentation were wrong, leading to an instant crash on startup.
Luckily nobody reads the documentation, except for Marcus Goller who found the error. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1124" target="_top">commit 1124</a>.
</p></li><li class="listitem"><p>
On Solaris, finally fix the issue where queries get distributed strangely over CPUs, or not get distributed at all.
Much debugging and analysing performed by Alex Kiernan, who also supplied fixes. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1091" target="_top">commit 1091</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1093" target="_top">commit 1093</a>.
</p></li><li class="listitem"><p>
Various fixes for modern G++ versions, most spotted by Marcus Rueckert (commits <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/964" target="_top">964</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/965" target="_top">965</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1028" target="_top">1028</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1052" target="_top">1052</a>), and
Ruben Kerkhof (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1136" target="_top">commit 1136</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/175" target="_top">ticket 175</a>).
</p></li><li class="listitem"><p>
Recursor would not properly clean up pidfile and control socket, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/120" target="_top">ticket 120</a>, code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/988" target="_top">commit 988</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1098" target="_top">commit 1098</a> (part of fix by Matti Hiljanen, spotted by Leo Baltus)
</p></li><li class="listitem"><p>
Recursor can now serve multi-line records from its limited authoritative server (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1014" target="_top">commit 1014</a>).
</p></li><li class="listitem"><p>
When parsing zones, the 'm' time specification stands for minutes, not months! Closing Debian bug 406462 (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1026" target="_top">commit 1026</a>)
</p></li><li class="listitem"><p>
Authoritative zone parser did not support '@' in the content of records. Spotted by Marco Davids, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1030" target="_top">commit 1030</a>.
</p></li><li class="listitem"><p>
Authoritative zone parser could be confused by trailing TABs on record lines (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1062" target="_top">commit 1062</a>).
</p></li><li class="listitem"><p>
EINTR error code could block entire server if received at the wrong time. Spotted by Arnoud Bakker, fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1059" target="_top">commit 1059</a>.
</p></li><li class="listitem"><p>
Fix crash on NetBSD on Alpha CPUs, might improve startup behaviour on empty caches on other architectures as well (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1061" target="_top">commit 1061</a>).
</p></li><li class="listitem"><p>
Outbound TCP queries were being performed sub-optimally because of an interaction with the 'MPlexer'. Fixes in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1115" target="_top">commit 1115</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1116" target="_top">commit 1116</a>.
</p></li></ul></div><p>
</p><p>
New features:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Implemented <span class="command"><strong>rec_control</strong></span> command <span class="command"><strong>get uptime</strong></span>, as suggested by Niels Bakker (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/935" target="_top">commit 935</a>). Added
to default rrdtool scripts in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/940" target="_top">commit 940</a>.
</p></li><li class="listitem"><p>
The Recursor Authoritative component, meant for having the Recursor serve some zones authoritatively, now supports $INCLUDE and
$GENERATE. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/951" target="_top">commit 951</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/952" target="_top">commit 952</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/967" target="_top">commit 967</a> (discovered by Thomas Rietz),
</p></li><li class="listitem"><p>
Implemented <span class="command"><strong>forward-zones-file</strong></span> option in order to support larger amounts of zones which should
be forwarded to another nameserver (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/963" target="_top">commit 963</a>).
</p></li><li class="listitem"><p>
Both <span class="command"><strong>forward-zones</strong></span> and <span class="command"><strong>forward-zones-file</strong></span> can now specify multiple forwarders per domain,
implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1168" target="_top">commit 1168</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/81" target="_top">ticket 81</a>. Additionally, both these settings can also specify non-standard port numbers, as suggested in ticket
<a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/122" target="_top">ticket 122</a>. Patch authored by Aaron Thompson, with additional work by Augie Schwer.
</p></li><li class="listitem"><p>
Sten Spans contributed <span class="command"><strong>allow-from-file</strong></span>, implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1150" target="_top">commit 1150</a>. This feature allows the Recursor to read
access rules from a (large) file.
</p></li></ul></div><p>
</p><p>
General improvements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Ruben Kerkhof fixed up weird permission bits as well as our SGML documentation code in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/936" target="_top">commit 936</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/937" target="_top">commit 937</a>.
</p></li><li class="listitem"><p>
Full IPv6 parity. If configured to use IPv6 for outgoing queries (using <span class="command"><strong>query-local-address6=::0</strong></span> for example), IPv6 and IPv4
addresses are finally treated 100% identically, instead of 'mostly'. This feature is implemented using 'ANY' queries to find A and AAAA addresses
in one query, which is a new approach. Treat with caution.
</p></li><li class="listitem"><p>
Now perform EDNS0 root refreshing queries, so as to benefit from all returned addresses. Relevant since early February 2008 when the root-servers
started to respond with IPv6 addresses, which made the default non-EDNS0 maximum packet length reply no longer contain all records. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1130" target="_top">commit 1130</a>.
Thanks to dns-operations AT mail.oarc.isc.org for quick suggestions on how to deal with this change.
</p></li><li class="listitem"><p>
<span class="command"><strong>rec_control</strong></span> now has a timeout in case the Recursor does not respond. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/945" target="_top">commit 945</a>.
</p></li><li class="listitem"><p>
(Error) messages are now logged with saner priorities (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/955" target="_top">commit 955</a>).
</p></li><li class="listitem"><p>
Outbound query IP interface stemmed from 1997 (!) and was in dire need of a cleanup (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1117" target="_top">commit 1117</a>).
</p></li><li class="listitem"><p>
L.ROOT-SERVERS.NET moved (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1118" target="_top">commit 1118</a>).
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.18. PowerDNS Authoritative Server version 2.9.21"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-9-21"></a>3.18. PowerDNS Authoritative Server version 2.9.21</h3></div></div></div><p>
Released the 21st of April 2007.
</p><p>
This is the first release the PowerDNS Authoritative Server since the Recursor was split off to a separate product, and also marks the transfer
of the new technology developed specifically for the recursor, back to the authoritative server.
</p><p>
This move has reduced the amount of code of the Authoritative server by over 2000 lines, while improving the quality
of the program enormously.
</p><p>
However, since so much has been changed, care should be taken when deploying 2.9.21.
</p><p>
To signify the magnitude of the underlying improvements, the next release of the PowerDNS Authoritative Server will be called 3.0.
</p><p>
This release would not have been possible without large amounts of help and support from the PowerDNS Community. We specifically want to thank
Massimo Bandinelli of Italy's <a class="ulink" href="http://register.it" target="_top">Register.it</a>, <a class="ulink" href="http://aaldering-ict.nl" target="_top">Dave Aaldering of Aaldering ICT</a>,
<a class="ulink" href="http://true.nl" target="_top">True BV</a>, <a class="ulink" href="http://www.xs4all.nl" target="_top">XS4ALL</a>, Daniel Bilik of <a class="ulink" href="http://www.neosystem.cz" target="_top">Neosystem</a>,
<a class="ulink" href="http://www.easydns.com" target="_top">EasyDNS</a>, <a class="ulink" href="http://www.siemens.com" target="_top">Heinrich Ruthensteiner</a> of Siemens,
<a class="ulink" href="http://schwer.us" target="_top">Augie Schwer</a>, <a class="ulink" href="http://www.wikipedia.org" target="_top">Mark Bergsma</a>, <a class="ulink" href="http://www.forfun.net" target="_top">Marco Davids</a>,
<a class="ulink" href="http://www.opensuse.org" target="_top">Marcus Rueckert of OpenSUSE</a>, Andre Muraro of <a class="ulink" href="http://www.locaweb.com.br" target="_top">Locaweb</a>,
Antony Lesuisse, <a class="ulink" href="http://www.linuxnetworks.de" target="_top">Norbert Sendetzky</a>, <a class="ulink" href="http://www.aruba.it" target="_top">Marco Chiavacci</a>, Christoph Haas,
Ralf van der Enden and Ruben Kerkhof.
</p><p>
Security issues:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
The previous packet parsing and generating code contained no known bugs, but was however very lengthy and overly complex, and might have had
security problems. The new code is 'inherently safe' because it relies on bounds-checking C++ constructs. Therefore, a move to 2.9.21 is highly
recommended.
</p></li><li class="listitem"><p>
Pre-2.9.21, communication between master and server nameservers was not checked as rigidly as possible, possibly allowing third parties to disrupt
but not modify such communications.
</p></li></ul></div><p>
</p><p>
</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Warning"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Warning]" src="warning.png" /></td><th align="left">Warning</th></tr><tr><td align="left" valign="top"><p>
The 'bind1' legacy version of our BIND backend has been dropped! There should be no need to rely on this old version anymore, as the main BIND backend
has been very well tested recently.
</p></td></tr></table></div><p>
</p><p>
Bugs:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Multi-part TXT records weren't supported. This has been fixed, and regression tests have been added. Code in commits <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1016" target="_top">1016</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/996" target="_top">996</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/994" target="_top">994</a>.
</p></li><li class="listitem"><p>
Email addresses with embedded dots in SOA records were not parsed correctly, nor were other embedded dots. Noted by 'Bastiaan', fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1026" target="_top">commit 1026</a>.
</p></li><li class="listitem"><p>
BIND backend treated the 'm' TTL modifier as 'months' and not 'minutes'. Closes Debian bug 406462. Addressed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1026" target="_top">commit 1026</a>.
</p></li><li class="listitem"><p>
Our snapshots were built against a static version of PostgreSQL that was incompatible with many Linux distributions, leading to instant
crashes on startup. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1022" target="_top">1022</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1023" target="_top">1023</a>.
</p></li><li class="listitem"><p>
CNAME referrals to child zones gave improper responses. Noted by Augie Schwer in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/123" target="_top">ticket 123</a>, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/992" target="_top">commit 992</a>.
</p></li><li class="listitem"><p>
When passing a port number with the <span class="command"><strong>recursor</strong></span> setting, this would sometimes generate errors during additional processing. Switched off
overly helpful additional processing for recursive queries to remove this problem. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1031" target="_top">commit 1031</a>, spotted by Ralf van der Enden.
</p></li><li class="listitem"><p>
NS to a nameserver with the name of the zone itself generated problems. Spotted by Augie Schwer, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/947" target="_top">commit 947</a>.
</p></li><li class="listitem"><p>
Multi-line records in the BIND backend were not always parsed correctly. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1014" target="_top">commit 1014</a>.
</p></li><li class="listitem"><p>
The LOC-record had problems operating outside of the eastern hemisphere of the northern part of the world! Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1011" target="_top">commit 1011</a>.
</p></li><li class="listitem"><p>
Backends were compiled without multithreading preprocessor flags. As far as we can determine, this would only cause problems for the BIND backend,
but we cannot rule out this caused instability in other backends. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1001" target="_top">commit 1001</a>.
</p></li><li class="listitem"><p>
The BIND backend was highly unstable under reloads, and leaked memory and file descriptors.
Thanks to Mark Bergsma and Massimo Bandinelli for respectively pointing this out to us and testing
large amounts of patches to fix the problem. The fixes have resulted in better performance, less code, and a remarkable simplification
of this backend. Commits <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1039" target="_top">1039</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1034" target="_top">1034</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1035" target="_top">1035</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1006" target="_top">1006</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/999" target="_top">999</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/905" target="_top">905</a> and previous.
</p></li><li class="listitem"><p>
BIND backend gave convincing NXDOMAINs on unloaded zones in some cases. Spotted and fixed by Daniel Bilik in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/984" target="_top">commit 984</a>.
</p></li><li class="listitem"><p>
SOA records in zone transfers sometimes contained the wrong SOA TTL. Spotted by Christian Kuehn, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/902" target="_top">commit 902</a>.
</p></li><li class="listitem"><p>
PowerDNS could get confused by very high SOA serial numbers. Spotted and fixed by Dan Bilik, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/626" target="_top">commit 626</a>.
</p></li><li class="listitem"><p>
Some versions of FreeBSD perform very strict checks on socket address sizes passed to 'connect', which could lead to problems retrieving zones over AXFR.
Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/891" target="_top">commit 891</a>.
</p></li><li class="listitem"><p>
Some versions of FreeBSD perform very strict checks on IPv6 socket addresses, leading to problems. Discovered by Sten Spans, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/885" target="_top">commit 885</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/886" target="_top">commit 886</a>.
</p></li><li class="listitem"><p>
IXFR requests were not logged properly. Noted by Ralf van der Enden, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/990" target="_top">commit 990</a>.
</p></li><li class="listitem"><p>
Some NAPTR records needed an additional space character to encode correctly. Spotted by Heinrich Ruthensteiner, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1029" target="_top">commit 1029</a>.
</p></li><li class="listitem"><p>
Many bugs in the TCP nameserver, leading to a PowerDNS process that did not respond to TCP queries over time. Many fixes provided by
Dan Bilik, other problems were fixed by rewriting our TCP handling code. Commits <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/982" target="_top">982</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/980" target="_top">980</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/950" target="_top">950</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/924" target="_top">924</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/889" target="_top">889</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/874" target="_top">874</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/869" target="_top">869</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/685" target="_top">685</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/684" target="_top">684</a>.
</p></li><li class="listitem"><p>
Fix crashes on the ARM processor due to alignment errors. Thanks to Sjoerd Simons. Closes Debian bug 397031.
</p></li><li class="listitem"><p>
Missing data in generic SQL backends would sometimes lead to faked SOA serial data. Spotted by Leander Lakkas from True. Fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/866" target="_top">commit 866</a>.
</p></li><li class="listitem"><p>
When receiving two quick notifications in succession, the packet cache would sometimes "process" the second one, leading PowerDNS to ignore it. Spotted by
Dan Bilik, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/686" target="_top">commit 686</a>.
</p></li><li class="listitem"><p>
Geobackend (by Mark Bergsma) did not properly override the getSOA method, breaking non-overlay operation of this fine backend. The geobackend now also
skips '.hidden' configuration files, and now properly disregards empty configuration files. Additionally, the overlapping abilities were improved. Details
available in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/876" target="_top">commit 876</a>, by Mark.
</p></li></ul></div><p>
</p><p>
Features:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Thanks to <a class="ulink" href="http://www.easydns.com" target="_top">EasyDNS</a>, PowerDNS now supports multiple masters per domain. For configuration
details, see <a class="xref" href="slave.html" title="2. Slave operation">Section 2, “Slave operation”</a>. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1018" target="_top">commit 1018</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1017" target="_top">commit 1017</a>.
</p></li><li class="listitem"><p>
Thanks to <a class="ulink" href="http://www.easydns.com" target="_top">EasyDNS</a>, PowerDNS now supports the KEY record type, as well the SPF record. In <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/976" target="_top">commit 976</a>.
</p></li><li class="listitem"><p>
Added support for CERT, SSHFP, DNSKEY, DS, NSEC, RRSIG record types, as part of the move to the new DNS parsing/generating code.
</p></li><li class="listitem"><p>
Support for the AFSDB record type, as requested by 'Bastian'. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/978" target="_top">commit 978</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/129" target="_top">ticket 129</a>.
</p></li><li class="listitem"><p>
Support for the MR record type. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/941" target="_top">commit 941</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1019" target="_top">commit 1019</a>.
</p></li><li class="listitem"><p>
Gsqlite3 backend was added by Antony Lesuisse in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/942" target="_top">commit 942</a>;
</p></li><li class="listitem"><p>
Added the ability to send out light-weight root-referrals that save bandwidth yet still placate mediocre resolver implementations. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/912" target="_top">commit 912</a>,
enable with 'root-referral=lean'.
</p></li></ul></div><p>
</p><p>
Improvements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Miscellaneous OpenDBX and LDAP backend improvements by Norbert Sendetzky. Applied in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/977" target="_top">commit 977</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1040" target="_top">commit 1040</a>.
</p></li><li class="listitem"><p>
SGML source of the documentation was cleaned up by Ruben Kerkhof in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/936" target="_top">commit 936</a>.
</p></li><li class="listitem"><p>
Speedups in core DNS label processing code. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/928" target="_top">commit 928</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/654" target="_top">commit 654</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1020" target="_top">commit 1020</a>.
</p></li><li class="listitem"><p>
When communicating with master servers and encountering errors, more useful details are logged. Reported by Stefan Arentz in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/137" target="_top">ticket 137</a>, closed by <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1015" target="_top">commit 1015</a>.
</p></li><li class="listitem"><p>
Database errors are now logged with more details. Addressed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1004" target="_top">commit 1004</a>.
</p></li><li class="listitem"><p>
pdns_control problems are now logged more verbosely. Change in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/910" target="_top">commit 910</a>.
</p></li><li class="listitem"><p>
Erroneous address configuration was logged unclearly. Spotted by River Tarnell, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/888" target="_top">commit 888</a>.
</p></li><li class="listitem"><p>
Example configuration shipped with PowerDNS was very old. Noted by Leen Besselink, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/946" target="_top">commit 946</a>.
</p></li><li class="listitem"><p>
PowerDNS neglected to chdir to the root when chrooted. This closes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/110" target="_top">ticket 110</a>, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/944" target="_top">commit 944</a>.
</p></li><li class="listitem"><p>
Microsoft resolver had problems with responses we generated for CNAMEs pointing out of our bailiwick. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/983" target="_top">commit 983</a> and expedited by Locaweb.com.br.
</p></li><li class="listitem"><p>
Built-in webserver logs errors more verbosely. Closes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/82" target="_top">ticket 82</a>, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/991" target="_top">commit 991</a>.
</p></li><li class="listitem"><p>
Queries containing '@' no longer flood the logs. Addressed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1014" target="_top">commit 1014</a>.
</p></li><li class="listitem"><p>
The build process now looks for PostgreSQL in more places. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/998" target="_top">commit 998</a>, closes <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/90" target="_top">ticket 90</a>.
</p></li><li class="listitem"><p>
Speedups in the BIND backend now mean large installations enjoy startup times up to 30 times faster than with the original BIND nameserver. Many thanks
to Massimo Bandinelli.
</p></li><li class="listitem"><p>
BIND backend now offers full support for query logging, implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1026" target="_top">commit 1026</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1029" target="_top">commit 1029</a>.
</p></li><li class="listitem"><p>
BIND backend named.conf parsing is now fully case-insensitive for domain names. This closes Debian bug 406461, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1027" target="_top">commit 1027</a>.
</p></li><li class="listitem"><p>
IPv6 and IPv4 address parsing routines have been replaced, which should result in prettier output in some cases. <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/962" target="_top">commit 962</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1012" target="_top">commit 1012</a> and others.
</p></li><li class="listitem"><p>
5 new regression tests have been added to insure old bugs do not return.
</p></li><li class="listitem"><p>
Fix small issues with very modern compilers and BOOST snapshots. Noted by Marcus Rueckert, addressed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/954" target="_top">commit 954</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/964" target="_top">commit 964</a> <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/965" target="_top">commit 965</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/1003" target="_top">commit 1003</a>.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.19. Recursor version 3.1.4"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-recursor-3-1-4"></a>3.19. Recursor version 3.1.4</h3></div></div></div><p>
Released the 13th of November 2006.
</p><p>
This release contains almost no new features, but consists mostly of minor and major bug fixes. It also addresses two major security issues, which makes
this release a highly recommended upgrade.
</p><p>
Security issues:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Large TCP questions followed by garbage could cause the recursor to crash. This critical security issue has been assigned CVE-2006-4251, and is fixed in
<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/915" target="_top">commit 915</a>. More information can be found in <a class="xref" href="powerdns-advisory-2006-01.html" title="5. PowerDNS Security Advisory 2006-01: Malformed TCP queries can lead to a buffer overflow which might be exploitable">Section 5, “PowerDNS Security Advisory 2006-01: Malformed TCP queries can lead to a buffer overflow which might be exploitable”</a>.
</p></li><li class="listitem"><p>
CNAME loops with zero second TTLs could cause crashes in some conditions. These loops could be constructed by malicious parties,
making this issue a potential denial of service attack. This security issue has been assigned CVE-2006-4252 and is fixed by <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/919" target="_top">commit 919</a>.
More information can be found in <a class="xref" href="powerdns-advisory-2006-02.html" title="6. PowerDNS Security Advisory 2006-02: Zero second CNAME TTLs can make PowerDNS exhaust allocated stack space, and crash">Section 6, “PowerDNS Security Advisory 2006-02: Zero second CNAME TTLs can make PowerDNS exhaust allocated stack space, and crash”</a>. Many thanks to David Gavarret for helping pin down this problem.
</p></li></ul></div><p>
</p><p>
Bugs:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
On certain error conditions, PowerDNS would neglect to close a socket, which might therefore eventually run out. Spotted by Stefan Schmidt, fixed in commits <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/892" target="_top">892</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/897" target="_top">897</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/899" target="_top">899</a>.
</p></li><li class="listitem"><p>
Some nameservers (including PowerDNS in rare circumstances) emit a SOA record in the authority section. The recursor mistakenly interpreted this as an
authoritative "NXRRSET". Spotted by Bryan Seitz, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/893" target="_top">commit 893</a>.
</p></li><li class="listitem"><p>
In some circumstances, PowerDNS could end up with a useless (not working, or no longer working) set of nameserver records for a domain. This release contains logic
to invalidate such broken NSSETs, without overloading authoritative servers. This problem had previously been spotted by Bryan Seitz, 'Cerb' and Darren Gamble.
Invalidations of NSSETs can be plotted using the "nsset-invalidations" metric, available through <span class="command"><strong>rec_control get</strong></span>.
Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/896" target="_top">commit 896</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/901" target="_top">commit 901</a>.
</p></li><li class="listitem"><p>
PowerDNS could crash while dumping the cache using <span class="command"><strong>rec_control dump-cache</strong></span>. Reported by Wouter of WideXS and Stefan Schmidt and many others, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/900" target="_top">commit 900</a>.
</p></li><li class="listitem"><p>
Under rare circumstances (depleted TCP buffers), PowerDNS might send out incomplete questions to remote servers. Additionally, on big-endian systems (non-Intel and non-AMD
generally), sending out large TCP answers questions would not work at all, and possibly crash. Brought to our attention by David Gavarret, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/903" target="_top">commit 903</a>.
</p></li><li class="listitem"><p>
The recursor contained the potential for a dead-lock processing an invalid domain name. It is not known how this might be triggered,
but it has been observed by 'Cerb' on #powerdns. Several dead-locks where PowerDNS consumed all CPU, but did not answer questions,
have been reported in the past few months. These might be fixed by <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/904" target="_top">commit 904</a>.
</p></li><li class="listitem"><p>
IPv6 'allow-from' matching had problems with the least significant bits, sometimes allowing disallowed addresses, but mostly disallowing allowed addresses. Spotted by Wouter
from WideXS, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/916" target="_top">commit 916</a>.
</p></li></ul></div><p>
Improvements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
PowerDNS has support to drop answers from so called 'delegation only' zones. A statistic ("dlg-only-drops") is now available to plot how often this happens. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/890" target="_top">commit 890</a>.
</p></li><li class="listitem"><p>
Hint-file parameter was mistakenly named "hints-file" in the documentation. Spotted by my Marco Davids, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/898" target="_top">commit 898</a>.
</p></li><li class="listitem"><p>
<span class="command"><strong>rec_control quit</strong></span> should be near instantaneous now, as it no longer meticulously cleans up memory before exiting. Problem spotted by Darren Gamble, fixed in
<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/914" target="_top">commit 914</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/84" target="_top">ticket 84</a>.
</p></li><li class="listitem"><p>
init.d script no longer refers to the Recursor as the Authoritative Server. Spotted by Wouter of WideXS, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/913" target="_top">commit 913</a>.
</p></li><li class="listitem"><p>
A potentially serious warning for users of the GNU C Library version 2.5 was fixed. Spotted by Marcus Rueckert, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/920" target="_top">commit 920</a>.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.20. Recursor version 3.1.3"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-recursor-3-1-3"></a>3.20. Recursor version 3.1.3</h3></div></div></div><p>
Released the 12th of September 2006.
</p><p>
Compared to 3.1.2, this release again consists of a number of mostly minor bug fixes, and some slight improvements.
</p><p>
Many thanks are again due to Darren Gamble who together with his team has discovered many misconfigured domains that do work
with some other name servers. DNS has long been tolerant of misconfigurations, PowerDNS intends to uphold that tradition. Almost all of
the domains found by Darren now work as well in PowerDNS as in other name server implementations.
</p><p>
Thanks to some recent migrations, this release, or something very close to it, is powering over 40 million internet connections that
we know of. We appreciate hearing about successful as well as unsuccessful migrations, please feel free to notify pdns.bd@powerdns.com of your
experiences, good or bad.
</p><p>
Bug-fixes:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
The MThread default stack size was too small, which led to problems, mostly on 64-bit platforms. This stack size is now configurable
using the <span class="command"><strong>stack-size</strong></span> setting should our estimate be off. Discovered by Darren Gamble, Sten Spans and a number of others.
Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/868" target="_top">commit 868</a>.
</p></li><li class="listitem"><p>
Plug a small memory leak discovered by Kai and Darren Gamble, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/870" target="_top">commit 870</a>.
</p></li><li class="listitem"><p>
Switch from the excellent nedmalloc to dlmalloc, based on advice by the nedmalloc author. Nedmalloc is optimised for multithreaded
operation, whereas the PowerDNS recursor is single threaded. The version of nedmalloc shipped contained a number of possible bugs,
which are probably resolved by moving to dlmalloc. Some reported crashes on hitting 2G of allocated memory on 64 bit systems might
be solved by this switch, which should also increase performance. See <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/873" target="_top">commit 873</a> for details.
</p></li></ul></div><p>
</p><p>
Improvements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
The cache is now explicitly aware of the difference between authoritative and unauthoritative data, allowing it to deal
with some domains that have different data in the parent zone than in the authoritative zone. Patch in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/867" target="_top">commit 867</a>.
</p></li><li class="listitem"><p>
No longer try to parse DNS updates as if they were queries. Discovered and fixed by Jan Gyselinck, fix in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/871" target="_top">commit 871</a>.
</p></li><li class="listitem"><p>
Rebalance logging priorities for less log cluttering and add IP address to a remote server error message.
Noticed and fixed by Jan Gyselinck (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/877" target="_top">commit 877</a>).
</p></li><li class="listitem"><p>
Add <span class="command"><strong>logging-facility</strong></span> setting, allowing syslog to send PowerDNS logging to a separate file. Added in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/871" target="_top">commit 871</a>.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.21. Recursor version 3.1.2"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-recursor-3-1-2"></a>3.21. Recursor version 3.1.2</h3></div></div></div><p>
Released Monday 26th of June 2006.
</p><p>
Compared to 3.1.1, this release consists almost exclusively of bug-fixes and speedups. A quick update is recommended, as some of the bugs
impact operators of authoritative zones on the internet. This version has been tested by some of the largest internet providers on the planet,
and is expected to perform well for everybody.
</p><p>
Many thanks are due to Darren Gamble, Stefan Schmidt and Bryan Seitz who all provided excellent feedback based on their large-scale
tests of the recursor.
</p><p>
Bug-fixes:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Internal authoritative server did not differentiate between 'NXDOMAIN' and 'NXRRSET', in other words, it would answer
'no such host' when an AAAA query came in for a domain that did exist, but did not have an AAAA record. This only affects
users with <span class="command"><strong>auth-zones</strong></span> configured. Discovered by Bryan Seitz, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/848" target="_top">commit 848</a>.
</p></li><li class="listitem"><p>
ANY queries for hosts where nothing was present in the cache would not work. This did not cause real problems as ANY queries are
not reliable (by design) for anything other than debugging, but did slow down the nameserver and cause unnecessary load on remote
nameservers. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/854" target="_top">commit 854</a>.
</p></li><li class="listitem"><p>
When exceeding the configured maximum amount of TCP sessions, TCP support would break and the nameserver would waste CPU trying to accept TCP
connections on UDP ports. Noted by Bryan Seitz, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/849" target="_top">commit 849</a>.
</p></li><li class="listitem"><p>
DNS queries come in two flavours: recursion desired and non-recursion desired. The latter is not very useful for a recursor, but is
sometimes (erroneously) used by monitoring software or load balancers to detect nameserver availability. A non-rd query would not only not recurse,
but also not query authoritative zones, which is confusing. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/847" target="_top">commit 847</a>.
</p></li><li class="listitem"><p>
Non-standard DNS TCP queries, that did occur however, could drive the recursor to 100% CPU usage for extended periods of time. This did not disrupt service
immediately, but does waste a lot of CPU, possibly exhausting resources. Discovered by Bryan Seitz, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/858" target="_top">commit 858</a>, which is post-3.1.2-rc1.
</p></li><li class="listitem"><p>
The PowerDNS recursor did not honour the rare but standardised 'ANY' query class (normally 'ANY' refers to the query type, not class), upsetting the Wildfire
Jabber server. Discovered and debugged by Daniel Nauck, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/859" target="_top">commit 859</a>, which is post-3.1.2-rc1.
</p></li><li class="listitem"><p>
Everybody's favorite, when starting up under high load, a bogus line of statistics was sometimes logged. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/851" target="_top">commit 851</a>.
</p></li><li class="listitem"><p>
Remove some spurious debugging output on dropping a packet by an unauthorized host. Discovered by Kai. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/854" target="_top">commit 854</a>.
</p></li></ul></div><p>
</p><p>
Improvements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Misconfigured domains, with a broken nameserver in the parent zone, should now work better. Changes motivated and suggested by
Darren Gamble. This makes PowerDNS more compliant with RFC 2181 by making it prefer authoritative data over non-authoritative data.
Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/856" target="_top">commit 856</a>.
</p></li><li class="listitem"><p>
PowerDNS can now listen on multiple ports, using the <span class="command"><strong>local-address</strong></span> setting. Added in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/845" target="_top">commit 845</a>.
</p></li><li class="listitem"><p>
A number of speedups which should have a noticeable impact, implemented in commits <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/850" target="_top">850</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/852" target="_top">852</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/853" target="_top">853</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/855" target="_top">855</a>
</p></li><li class="listitem"><p>
The recursor now works around an issue with the Linux kernel 2.6.8, as shipped by Debian. Fixed by Christof Meerwald in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/860" target="_top">commit 860</a>, which is post 3.1.2-rc1.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.22. Recursor version 3.1.1"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-recursor-3-1-1"></a>3.22. Recursor version 3.1.1</h3></div></div></div><p>
</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Warning"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Warning]" src="warning.png" /></td><th align="left">Warning</th></tr><tr><td align="left" valign="top"><p>
3.1.1 is identical to 3.1 except for a bug in the packet chaining code which would mainly manifest itself for IPv6 enabled Konqueror
users with very fast connections to their PowerDNS installation. However, all 3.1 users are urged to upgrade to 3.1.1.
Many thanks to Alessandro Bono for his quick aid in solving this problem.
</p></td></tr></table></div><p>
</p><p>
Released on the 23rd of May 2006. Many thanks are due to the operators of some of the largest internet access providers in the world,
each having many millions of customers, who have tested the various 3.1 pre-releases for suitability. They have uncovered and helped
fix bugs that could impact us all, but are only (quickly) noticeable with such vast amounts of DNS traffic.
</p><p>
After version 3.0.1 has proved to hold up very well under tremendous loads, 3.1 adds important new features:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Ability to serve authoritative data from 'BIND' style zone files (using <span class="command"><strong>auth-zones</strong></span> statement).
</p></li><li class="listitem"><p>
Ability to forward domains so configured to external servers (using <span class="command"><strong>forward-zones</strong></span>).
</p></li><li class="listitem"><p>
Possibility of 'serving' the contents of <code class="filename">/etc/hosts</code> over DNS, which is very well
suited to simple domestic router/DNS setups. Enabled using <span class="command"><strong>export-etc-hosts</strong></span>.
</p></li><li class="listitem"><p>
As recommended by recent standards documents, the PowerDNS recursor is now authoritative for RFC-1918 private IP space
zones by default (suggested by Paul Vixie).
</p></li><li class="listitem"><p>
Full outgoing IPv6 support (off by default) with IPv6 servers getting equal treatment with IPv4, nameserver
addresses are chosen based on average response speed, irrespective of protocol.
</p></li><li class="listitem"><p>
Initial Windows support, including running as a service ('NET START "POWERDNS RECURSOR"'). <span class="command"><strong>rec_channel</strong></span> is still missing,
the rest should work. Performance appears to be below that of the UNIX versions, this situation is expected to improve.
</p></li></ul></div><p>
</p><p>
Bug fixes:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
No longer send out SRV and MX record priorities as zero on big-endian platforms (UltraSPARC). Discovered by Eric Sproul, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/773" target="_top">commit 773</a>.
</p></li><li class="listitem"><p>
SRV records need additional processing, especially in an Active Directory setting. Reported by Kenneth Marshall, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/774" target="_top">commit 774</a>.
</p></li><li class="listitem"><p>
The root-records were not being refreshed, which could lead to problems under inconceivable conditions. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/780" target="_top">commit 780</a>.
</p></li><li class="listitem"><p>
Fix resolving domain names for nameservers with multiple IP addresses, with one of these addresses being lame. Other nameserver implementations
were also unable to resolve these domains, so not a big bug. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/780" target="_top">commit 780</a>.
</p></li><li class="listitem"><p>
For a period of 5 minutes after expiring a negative cache entry, the domain would not be re-cached negatively, leading to a lot of duplicate
outgoing queries for this short period. This fix has raised the average cache hit rate of the recursor by a few percent. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/783" target="_top">commit 783</a>.
</p></li><li class="listitem"><p>
Query throttling was not aggressive enough and not all sorts of queries were throttled. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/786" target="_top">commit 786</a>.
</p></li><li class="listitem"><p>
Fix possible crash during startup when parsing empty configuration lines (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/807" target="_top">commit 807</a>).
</p></li><li class="listitem"><p>
Fix possible crash when the first query after wiping a cache entry was for the just deleted entry. Rare in production servers. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/820" target="_top">commit 820</a>.
</p></li><li class="listitem"><p>
Recursor would send out differing TTLs when receiving a misconfigured, standards violating, RRSET with different TTLs. Implement fix as mandated by
RFC 2181, paragraph 5.2. Reported by Stephen Harker (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/819" target="_top">commit 819</a>).
</p></li><li class="listitem"><p>
The <span class="command"><strong>top-remotes</strong></span> would list remotes more than once, once per source port. Discovered by Jorn Ekkelenkamp, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/827" target="_top">commit 827</a>, which is post 3.1-pre1.
</p></li><li class="listitem"><p>
Default <span class="command"><strong>allow-from</strong></span> allowed queries from fe80::/16, corrected to fe80::/10. Spotted by Niels Bakker, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/829" target="_top">commit 829</a>, which is post 3.1-pre1.
</p></li><li class="listitem"><p>
While PowerDNS blocks failing queries quickly, multiple packets could briefly be in flight for the same domain and nameserver. This situation is now
explicitly detected and queries are chained to identical queries already in flight. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/833" target="_top">commit 833</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/834" target="_top">commit 834</a>, post 3.1-pre1.
</p></li></ul></div><p>
</p><p>
Improvements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
ANY queries are now implemented as in other nameserver implementations, leading to a decrease in outgoing queries. The RFCs are not very
clear on desired behaviour, what is implemented now saves bandwidth and CPU and brings us in line with existing practice. Previously
ANY queries were not cached by the PowerDNS recursor. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/784" target="_top">commit 784</a>.
</p></li><li class="listitem"><p>
<span class="command"><strong>rec_control</strong></span> was very sparse in its error reporting, and user unfriendly as well. Reported by Erik Bos, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/818" target="_top">commit 818</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/820" target="_top">commit 820</a>.
</p></li><li class="listitem"><p>
IPv6 addresses were printed in a non-standard way, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/788" target="_top">commit 788</a>.
</p></li><li class="listitem"><p>
TTLs of records are now capped at two weeks, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/820" target="_top">commit 820</a>.
</p></li><li class="listitem"><p>
<span class="command"><strong>allow-from</strong></span> IPv4 netmasks now automatically work for IP4-to-IPv6 mapper IPv4 addresses, which appear when running on the wildcard
<span class="command"><strong>::</strong></span> IPv6 address. Lack of feature noted by Marcus 'darix' Rueckert. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/826" target="_top">commit 826</a>, which is post 3.1-pre1.
</p></li><li class="listitem"><p>
Errors before daemonizing are now also sent to syslog. Suggested by Marcus 'darix' Rueckert. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/825" target="_top">commit 825</a>, which is post 3.1-pre1.
</p></li><li class="listitem"><p>
When launching without any form of configured network connectivity, all root-servers would be cached as 'down' for some time. Detect this special case
and treat it as a resource-constraint, which is not accounted against specific nameservers. Spotted by Seth Arnold, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/835" target="_top">commit 835</a>, which is post 3.1-pre1.
</p></li><li class="listitem"><p>
The recursor now does not allow authoritative servers to keep supplying its own NS records into perpetuity, which causes problems
when a domain is redelegated but the old authoritative servers are not updated to this effect. Noticed and explained at length by Darren
Gamble of Shaw Communications, addressed by <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/837" target="_top">commit 837</a>, which is post 3.1-pre2.
</p></li><li class="listitem"><p>
Some operators may want to follow RFC 2181 paragraph 5.2 and 5.4. This harms performance and does not solve any real problem,
but does make PowerDNS more compliant. If you want this, enable <span class="command"><strong>auth-can-lower-ttl</strong></span>. Implemented in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/838" target="_top">commit 838</a>, which is
post 3.1-pre2.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.23. Recursor version 3.0.1"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-recursor-3-0-1"></a>3.23. Recursor version 3.0.1</h3></div></div></div><p>
Released 25th of April 2006, <a class="ulink" href="http://www.powerdns.com/en/downloads.aspx" target="_top">download</a>.
</p><p>
This release consists of nothing but tiny fixes to 3.0, including one with security implications. An upgrade is highly recommended.
</p><p>
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Compilation used both <code class="filename">cc</code> and <code class="filename">gcc</code>, leading to the possibility of compiling with different compiler versions (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/766" target="_top">commit 766</a>).
</p></li><li class="listitem"><p>
<span class="command"><strong>rec_control</strong></span> would leave files named <code class="filename">lsockXXXXXX</code> around in the configured socket-dir. Operators
may wish to remove these files from their socket-dir (often <code class="filename">/var/run</code>), quite a few might have accumulated already (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/767" target="_top">commit 767</a>).
</p></li><li class="listitem"><p>
Certain malformed packets could crash the recursor. As far as we can determine these packets could only lead to a crash,
but as always, there are no guarantees. A quick upgrade is highly recommended (commits <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/760" target="_top">760</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/761" target="_top">761</a>). Reported by David Gavarret.
</p></li><li class="listitem"><p>
Recursor would not distinguish between NXDOMAIN and NXRRSET (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/756" target="_top">commit 756</a>). Reported and debugged by Jorn Ekkelenkamp.
</p></li><li class="listitem"><p>
Some error messages and trace logging statements were improved (commits <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/756" target="_top">756</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/758" target="_top">758</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/759" target="_top">759</a>).
</p></li><li class="listitem"><p>
stderr was closed during daemonizing, but not dupped to /dev/null, leading to slight chance of odd behaviour on reporting errors (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/757" target="_top">commit 757</a>)
</p></li></ul></div><p>
Operating system specific fixes:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
The stock Debian sarge Linux kernel, 2.6.8, claims to support epoll but fails at runtime. The epoll self-testing code has been improved,
and PowerDNS will fall back to a select based multiplexer if needed (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/758" target="_top">commit 758</a>) Reported by Michiel van Es.
</p></li><li class="listitem"><p>
Solaris 8 compilation and runtime issues were addressed. See the README for details (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/765" target="_top">commit 765</a>). Reported by Juergen Georgi and Kenneth Marshall.
</p></li><li class="listitem"><p>
Solaris 10 x86_64 compilation issues were addressed (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/755" target="_top">commit 755</a>). Reported and debugged by Eric Sproul.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.24. Recursor version 3.0"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-recursor-3-0"></a>3.24. Recursor version 3.0</h3></div></div></div><p>
Released 20th of April 2006, <a class="ulink" href="http://www.powerdns.com/en/downloads.aspx" target="_top">download</a>.
</p><p>
This is the first separate release of the PowerDNS Recursor. There are many reasons for this, one of the most important ones is that
previously we could only do a release when both the recursor and the authoritative nameserver were fully tested and in good shape. The split
allows us to release new versions when each part is ready.
</p><p>
Now for the real news. This version of the PowerDNS recursor powers the network access of over two million internet connections. Two large
access providers have been running pre-releases of 3.0 for the past few weeks and results are good. Furthermore, the various pre-releases
have been tested nearly non-stop with DNS traffic replayed at 3000 queries/second.
</p><p>
As expected, the 2 million households shook out some very rare bugs. But even a rare bug happens once in a while when there are this many users.
</p><p>
We consider this version of the PowerDNS recursor to be the most advanced resolver publicly available. Given current levels of spam, phishing
and other forms of internet crime we think no recursor should offer less than the best in spoofing protection. We urge all
operators of resolvers without proper spoofing countermeasures to consider PowerDNS, as it is a Better Internet Nameserver Daemon.
</p><p>
A good article on DNS spoofing can be found <a class="ulink" href="http://www.securesphere.net/download/papers/dnsspoof.htm" target="_top">here</a>. Some
more information, based on a previous version of PowerDNS, can be found on the
<a class="ulink" href="http://blog.netherlabs.nl/articles/2006/04/14/holy-cow-1-3-million-additional-ip-addresses-served-by-powerdns" target="_top">PowerDNS development blog</a>.
</p><p>
</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Warning"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Warning]" src="warning.png" /></td><th align="left">Warning</th></tr><tr><td align="left" valign="top"><p>
Because of recent DNS based denial of service attacks, running an open recursor has become a security risk. Therefore, unless configured otherwise
this version of PowerDNS will only listen on localhost, which means it does not resolve for hosts on your network.
To fix, configure the <span class="command"><strong>local-address</strong></span> setting with all addresses you want to listen on. Additionally, by default
service is restricted to RFC 1918 private IP addresses. Use <span class="command"><strong>allow-from</strong></span> to selectively open up the recursor
for your own network. See <a class="xref" href="built-in-recursor.html#recursor-settings" title="1. pdns_recursor settings">Section 1, “pdns_recursor settings”</a> for details.
</p></td></tr></table></div><p>
</p><p>
Important new features of the PowerDNS recursor 3.0:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Best spoofing protection and detection we know of. Not only is spoofing made harder by using a new network address for each query,
PowerDNS detects when an attempt is made to spoof it, and temporarily ignores the data. For details, see <a class="xref" href="recursor-details.html#anti-spoofing" title="5.1. Anti-spoofing">Section 5.1, “Anti-spoofing”</a>.
</p></li><li class="listitem"><p>
First nameserver to benefit from epoll/kqueue/Solaris completion ports event reporting framework, for stellar performance.
</p></li><li class="listitem"><p>
Best statistics of any recursing nameserver we know of, see <a class="xref" href="recursor-stats.html" title="6. Statistics">Section 6, “Statistics”</a>.
</p></li><li class="listitem"><p>
Last-recently-used based cache cleanup algorithm, keeping the 'best' records in memory
</p></li><li class="listitem"><p>
First class Solaris support, built on a 'try and buy' Sun CoolThreads T 2000.
</p></li><li class="listitem"><p>
Full IPv6 support, implemented natively.
</p></li><li class="listitem"><p>
Access filtering, both for IPv4 and IPv6.
</p></li><li class="listitem"><p>
Experimental SMP support for nearly double performance. See <a class="xref" href="recursor-performance.html" title="4. PowerDNS Recursor performance">Section 4, “PowerDNS Recursor performance”</a>.
</p></li></ul></div><p>
</p><p>
Many people helped package and test this release. Jorn Ekkelenkamp of ISP-Services helped find the '8000 SOAs' bug and spotted
many other oddities and <a class="ulink" href="http://www.xs4all.nl" target="_top">XS4ALL</a> internet funded a lot of the recent development.
Joaquín M López Muñoz of the boost::multi_index_container was again of great help.
</p></div><div class="sect2" title="3.25. Version 2.9.20"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-9-20"></a>3.25. Version 2.9.20</h3></div></div></div><p>
Released the 15th of March 2006
</p><p>
Besides adding OpenDBX, this release is mostly about fixing problems and speeding up the recursor. This release has been made possible by
<a class="ulink" href="http://www.xs4all.nl" target="_top">XS4ALL</a> and <a class="ulink" href="http://true.nl" target="_top">True</a>. Thanks!
</p><p>
Furthermore, we are very grateful for the help of Andrew Pinski, who hacks on gcc, and of Joaquín M López Muñoz, the
author of <a class="ulink" href="http://www.boost.org/libs/multi_index/doc/index.html" target="_top">boost::multi_index_container</a>. Without their
near-realtime help this release would've been delayed a lot. Thanks!
</p><p>
Bugs fixed in the recursor:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Possible stability issues in the recursor on encountering errors (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/532" target="_top">commit 532</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/533" target="_top">commit 533</a>)
</p></li><li class="listitem"><p>
Memory leaks in recursor fixed (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/534" target="_top">commit 534</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/572" target="_top">commit 572</a>). In a test 800 million real life DNS packets have been sent to the
recursor, representing several days of traffic from a major ISP, memory use was high (500MB), but stable.
</p></li><li class="listitem"><p>
Prune all data in PowerDNS - previously per-nameserver and per-query performance
statistics were kept around forever (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/535" target="_top">commit 535</a>)
</p></li><li class="listitem"><p>
IPv6 additional processing was broken. Reported by Lionel Elie Mamane, who also provided a fix. The problem
was fixed differently in the end. <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/562" target="_top">commit 562</a>.
</p></li><li class="listitem"><p>
pdns_recursor did not shuffle answers since 2.9.19, leading to problems sending mail to the Hotmail servers.
Reported in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/54" target="_top">ticket 54</a>, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/567" target="_top">commit 567</a>.
</p></li><li class="listitem"><p>
If a single nameserver had multiple IP addresses listed, PowerDNS would only use one of them. Noted by
Mark Martin, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/570" target="_top">commit 570</a>, who depends on a domain with 4 nameserver IP addresses of which 2 are broken.
</p></li></ul></div><p>
Improvements to the recursor:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Commits <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/535" target="_top">535</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/540" target="_top">540</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/541" target="_top">541</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/542" target="_top">542</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/543" target="_top">543</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/544" target="_top">544</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/545" target="_top">545</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/547" target="_top">547</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/548" target="_top">548</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/574" target="_top">574</a> all speed up the recursor by a large factor,
without altering the DNS algorithm.
</p></li><li class="listitem"><p>
Move recursor to the incredible boost::multi_index_container (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/580" target="_top">commit 580</a>). This brings a huge improvement
in cache pruning times.
</p></li><li class="listitem"><p>
<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/549" target="_top">commit 549</a> and <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/550" target="_top">commit 550</a> work around gcc bug <a class="ulink" href="http://gcc.gnu.org/bugzilla/show_bug.cgi?id=24704" target="_top">24704</a>
if requested, which speeds up the recursor a lot, but involves a dirty hack. Enable with
<span class="command"><strong>./configure --enable-gcc-skip-locking</strong></span>. No guarantees!
</p></li></ul></div><p>
Bugs fixed in the authoritative nameserver:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
PowerDNS would no longer allow a '/' in domain names, fixed by <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/537" target="_top">commit 537</a>, reported in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/48" target="_top">ticket 48</a>.
</p></li><li class="listitem"><p>
Parameters to <span class="command"><strong>pdns_control notify-host</strong></span> were not checked, leading to
possible crashes. Reported in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/24" target="_top">ticket 24</a>, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/565" target="_top">commit 565</a>.
</p></li><li class="listitem"><p>
On some compilers, processing of NAPTR records could cause the server to crash. Reported by Bernd Froemel
in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/29" target="_top">ticket 29</a>, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/538" target="_top">commit 538</a>.
</p></li><li class="listitem"><p>
Backend errors could make the whole nameserver exit under some circumstances, notably using the LDAP backend. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/583" target="_top">commit 583</a>, reported in
<a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/62" target="_top">ticket 62</a>.
</p></li><li class="listitem"><p>
Referrals were subtly broken by recent CNAME/Wildcard improvements, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/539" target="_top">commit 539</a>. Fix and other
improvements sponsored by <a class="ulink" href="http://true.nl" target="_top">True</a>.
</p></li><li class="listitem"><p>
PowerDNS would try to insert records it has no knowledge about in slave zones, which did not work. Reported
in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/60" target="_top">ticket 60</a>, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/566" target="_top">commit 566</a>. A superior fix would be to implement the relevant unknown record standard.
</p></li></ul></div><p>
Improvements to the authoritative nameserver:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Pipebackend did not properly propagate the ABI version to its children, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/546" target="_top">commit 546</a>, reported by
kickdaddy@gmail.com in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/45" target="_top">ticket 45</a>.
</p></li><li class="listitem"><p>
<a class="ulink" href="http://www.linuxnetworks.de/pdnsodbx/index.html" target="_top">OpenDBX</a> backend added
(<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/559" target="_top">commit 559</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/560" target="_top">commit 560</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/561" target="_top">commit 561</a>) by Norbert Sendetzky. From the website:
<span class="quote">“<span class="quote">
The OpenDBX backend enables it to fetch DNS information from every DBMS supported by the OpenDBX library
and combines the power of one of the best DNS server implementations with the flexibility of the OpenDBX
library.
</span>”</span>
OpenDBX adds some other features like database failover. Thanks Norbert!
</p></li><li class="listitem"><p>
LDAP fixes as reported in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/37" target="_top">ticket 37</a>, fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/558" target="_top">commit 558</a>, which make <span class="command"><strong>pdns_control notify</strong></span>
work.
</p></li><li class="listitem"><p>
Arjo Hooimeijer added support for soa-refresh-default, soa-retry-default,
soa-expire-default, which were previously hardcoded. <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/563" target="_top">commit 563</a> and fallout in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/573" target="_top">commit 573</a> (thanks to Wolfram Schlich).
</p></li></ul></div><p>
Miscellaneous:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Fixes for g++ 4.1. Compiling with 4.1 realizes notable speedups. <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/568" target="_top">commit 568</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/569" target="_top">commit 569</a>.
</p></li><li class="listitem"><p>
PowerDNS now reports if it is running in 32 or 64 bit mode, useful for bi-arch users that need
to know if they are benefitting from <a class="ulink" href="http://www.amd.com" target="_top">AMD's great processor</a>. <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/571" target="_top">commit 571</a>.
</p></li><li class="listitem"><p>
<span class="command"><strong>dnsscope</strong></span> compiles again, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/551" target="_top">commit 551</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/564" target="_top">commit 564</a> (FreeBSD 64-bit time_t).
</p></li><li class="listitem"><p>
<span class="command"><strong>dnsreplay_mindex</strong></span> compiles again, fixed by <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/572" target="_top">commit 572</a>. Its performance, and the performance of the recursor
was improved by <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/559" target="_top">commit 559</a>.
</p></li><li class="listitem"><p>
Build scripts were added, mostly for internal use but we know some PowerDNS users build their
own packages too. <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/553" target="_top">commit 553</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/554" target="_top">commit 554</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/555" target="_top">commit 555</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/556" target="_top">commit 556</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/557" target="_top">commit 557</a>.
</p></li><li class="listitem"><p>
<code class="filename">bootstrap</code> script was not included in release. Thanks to Stefan Arentz for noticing. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/574" target="_top">commit 574</a>.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.26. Version 2.9.19"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-9-19"></a>3.26. Version 2.9.19</h3></div></div></div><p>
Released 29th of October 2005.
</p><p>
As with other recent releases, the usage of PowerDNS appears to have skyrocketed. Informal, though strict, measurements show
that PowerDNS now powers around 50% of all German domains, and somewhere in the order of 10-15% of the rest of the world. Furthermore,
DNS is set to take a central role in connecting Voice over IP providers, with PowerDNS offering a very good feature set for these ENUM
deployments. PowerDNS is already powering the E164.info ENUM zone and also acts as the backend for a major VoIP provisioning platform.
</p><p>
Included in this release is the now complete packet parsing/generating, record parsing/generating infrastructure. Furthermore,
this framework is used by the recursor, hopefully making it very fast, memory efficient and robust. Many records are now processed
using a single line of code. This has made the recursor a lot stricter in packet parsing, you will see some error messages
which did not appear before. Rest assured however that these only happen for queries which have no valid answer in any case.
</p><p>
Furthermore, support for DNSSEC records is available in the new infrastructure, although is should be emphasised that there is more
to DNSSEC than parsing records. There is no real support for DNSSEC (yet).
</p><p>
Additionally, the BIND Backend has been replaced by what was up to now known as the 'Bind2Backend'. Initial benchmarking appears
to show that this backend is faster, uses less memory and has shorter startup times. The code is also shorter.
</p><p>
This release fixes a number of embarrassing bugs and is a recommended upgrade.
</p><p>
Thanks are due to <a class="ulink" href="http://www.xs4all.nl" target="_top">XS4ALL</a> who are supporting continuing development of PowerDNS,
the fruits of which can be found in this release already. Furthermore, a remarkable number of people have helped report bugs,
validate solutions or have submitted entire patches. Many thanks!
</p><p>
Improvements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
dnsreplay now has a help message and has received further massive updates, making the code substantially faster. It turns out that dnsreplay
is often 'heavier' than the PowerDNS process being benchmarked.
</p></li><li class="listitem"><p>
PowerDNS recursor no longer prints out its queries by default as most recursor deployments have too much traffic
for this to be useful.
</p></li><li class="listitem"><p>
PowerDNS recursor is now able to read its root-hints from disk, which is useful to operate with
alternate roots, like the <a class="ulink" href="http://www.orsn.org" target="_top">Open Root Server Network</a>. See
<a class="xref" href="built-in-recursor.html" title="Chapter 17. PowerDNS Recursor: a high performance resolving nameserver">Chapter 17, <i>PowerDNS Recursor: a high performance resolving nameserver</i></a>.
</p></li><li class="listitem"><p>
PowerDNS can now send out old-fashioned root-referrals when queried for domains for which it is not authoritative. Wastes some bandwidth
but may solve incoming query floods if domains are delegated to you for which you are not authoritative, but which are queried by broken
recursors.
</p></li><li class="listitem"><p>
PowerDNS now prints out a warning when running with legacy LinuxThreads implementation instead of the high performance NPTL
library, see <a class="xref" href="nptl.html" title="2. Native Posix Thread Library vs LinuxThreads">Section 2, “Native Posix Thread Library vs LinuxThreads”</a>. <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/455" target="_top">commit 455</a>.
</p></li><li class="listitem"><p>
A lot of superfluous calls to gettimeofday() have been removed, making PowerDNS and especially the recursor faster. Suggested by Kai.
</p></li><li class="listitem"><p>
SPF records are now supported natively. <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/472" target="_top">commit 472</a>, closing <a class="ulink" href="http://wiki.powerdns.com/projects/trac/ticket/22" target="_top">ticket 22</a>.
</p></li><li class="listitem"><p>
Improved IPv6 'bound to' messages. Thanks to Niels Bakker, Wichert Akkerman and Gerty de Wolf for suggestions.
</p></li><li class="listitem"><p>
Separate graphs can now be made of IPv6 queries and answers. <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/485" target="_top">commit 485</a>.
</p></li><li class="listitem"><p>
Out of zone additional processing is now on by default to better comply with standards. <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/487" target="_top">commit 487</a>.
</p></li><li class="listitem"><p>
Regression tests have been expanded to deal with more record types (SRV, NAPTR, TXT, duplicate SRV).
</p></li><li class="listitem"><p>
Improved query-logging in Bindbackend, which can be used for debugging purposes.
</p></li><li class="listitem"><p>
Dropped libpcap dependency, making compilation easier
</p></li><li class="listitem"><p>
pdns_control now has a help message.
</p></li><li class="listitem"><p>
Add RRSIG, DNSKEY, DS and NSEC records for DNSSEC-bis to new parser infrastructure.
</p></li><li class="listitem"><p>
Recursor now honours EDNS0 allowing it to send out larger answers.
</p></li></ul></div><p>
</p><p>
Bugs fixed:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Domain name validation has been made a lot stricter - it turns out PostgreSQL was interpreting some (corrupt) domain names
as unicode. Tested and suggested by Register.com (<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/451" target="_top">commit 451</a>).
</p></li><li class="listitem"><p>
LDAP backend did not compile (commits <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/452" target="_top">452</a>, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/453" target="_top">453</a>) due to partially applied patch (Norbert Sendetzky)
</p></li><li class="listitem"><p>
Incoming zone transfers work reliably again. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/460" target="_top">commit 460</a> and beyond. And <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/523" target="_top">commit 523</a> - closing Debian bug 330184.
</p></li><li class="listitem"><p>
Recent g++ versions exposed a mistake in the PowerDNS recursor cache pruning code, causing random crashes. Fixed in <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/465" target="_top">commit 465</a>. Reported by
several Red Hat users.
</p></li><li class="listitem"><p>
PowerDNS recursor, and MTasker in general, did not work on Solaris. Patch by Juergen Ilse, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/471" target="_top">commit 471</a>. Also moved most of PowerDNS over to
uint32_t style typedefs, which eases compilation problems on Solaris, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/477" target="_top">commit 477</a>.
</p></li><li class="listitem"><p>
Bindbackend2 did not properly search its include path for $INCLUDE statements. Noted by Mark Bergsma, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/474" target="_top">commit 474</a>.
</p></li><li class="listitem"><p>
Bindbackend did not notice changed zones, this problem has been fixed by the move to Bind2.
</p></li><li class="listitem"><p>
Pipebackend did not clean up, leading to an additional pipe backend per AXFR or pdns_control reload. Discovered by Marc Jauvin, fixed by <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/525" target="_top">commit 525</a>.
</p></li><li class="listitem"><p>
Bindbackend (both old and current versions) did not honour 'include' statements in <code class="filename">named.conf</code>
on <span class="command"><strong>pdns_control rediscover</strong></span>. Noted by Marc Jauvin, fixed by <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/526" target="_top">commit 526</a>.
</p></li><li class="listitem"><p>
Zone transfers were sometimes shuffled, which wastes useless time, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/478" target="_top">commit 478</a>.
</p></li><li class="listitem"><p>
CNAMEs and Wildcards now work as in Bind, fixing many complaints, <a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/487" target="_top">commit 487</a>.
</p></li><li class="listitem"><p>
NAPTR records were compressed, which would work, but was in violation of the RFC, commit 493.
</p></li><li class="listitem"><p>
NAPTR records were not always parsed correctly from BIND zone files, fixed, commit 494.
</p></li><li class="listitem"><p>
Geobackend needed additional include statement to compile on more recent Linux distributions, commit 496.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.27. Version 2.9.18"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-9-18"></a>3.27. Version 2.9.18</h3></div></div></div><p>
Released on the 16th of July 2005.
</p><p>
The '8 million domains' release, which also marks the battle readiness of the PowerDNS Recursor. The latest improvements have been made possible
by financial support and contributions by <a class="ulink" href="http://register.com" target="_top">Register.com</a> and
<a class="ulink" href="http://www.xs4all.nl/" target="_top">XS4ALL</a>. Thanks!
</p><p>
This release brings a number of new features (vastly improved recursor, Generic Oracle Support, DNS analysis and replay tools, and more)
but also has a new build dependency, the <a class="ulink" href="http://www.boost.org" target="_top">Boost library</a> (version 1.31 or higher).
</p><p>
Currently several big ISPs are evaluating the PowerDNS recursor for their resolving needs, some of them have switched already.
In the course of testing, over 350 million actual queries have been recorded and replayed, the answers turn out to be satisfactorily.
</p><p>
This testing has verified that the pdns recursor, as shipped in this release, can stand up to heavy duty ISP loads
(over 20000 queries/second) and in fact does so better than major other nameservers, giving more complete answers and being faster to boot.
</p><p>
We invite ISPs who note recursor problems to record their problematic traffic and replay it using the tools described in
<a class="xref" href="analysis.html" title="Chapter 25. Tools to analyse DNS traffic">Chapter 25, <i>Tools to analyse DNS traffic</i></a> to discover if PowerDNS does a better job, and to let us know the results.
</p><p>
Additionally, the bind2backend is almost ready to replace the stock bind backend. If you run with Bind zones, you are cordially invited
to substitute 'launch=bind2' for 'launch=bind'. This will happen automatically in 2.9.19!
</p><p>
In other news, the entire Wikipedia constellation now runs on PowerDNS using the Geo Backend! Thanks to Mark Bergsma
for keeping us updated.
</p><p>
There are two bugs with security implications, which only apply to installations running with the LDAP backend, or installations providing recursion
to a limited range of IP addresses. If any of these apply to you, an upgrade is highly advised:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
The LDAP backend did not properly escape all queries, allowing it to fail and not answer questions. We have not investigated further risks involved,
but we advise LDAP users to update as quickly as possible (Norbert Sendetzky, Jan de Groot)
</p></li><li class="listitem"><p>
Questions from clients denied recursion could blank out answers to clients who are allowed recursion services, temporarily. Reported by Wilco Baan.
This would've made it possible for outsiders to blank out a domain temporarily to your users. Luckily PowerDNS would send out SERVFAIL or Refused, and
not a denial of a domain's existence.
</p></li></ul></div><p>
</p><p>
General bugs fixed:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
TCP authoritative server would not relaunch a backend after failure (reported by Norbert Sendetzky)
</p></li><li class="listitem"><p>
Fix backend restarting logic (reported, and fix suggested by Norbert Sendetzky)
</p></li><li class="listitem"><p>
Launching identical backends multiple times, with different settings, did not work. Reported by Mario Manno.
</p></li><li class="listitem"><p>
Master/slave queries did not honour the <span class="command"><strong>query-local-address</strong></span> setting. Spotted by David Levy of Register.com.
The fix also randomises the local port used, slightly improving security.
</p></li></ul></div><p>
</p><p>
Compilation fixes:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Fix compile on Solaris, they define 'PC' for some reason. Reported by Eric Yiu.
</p></li><li class="listitem"><p>
PowerDNS recursor would not compile on FreeBSD due to Linux specific defines, as reported in cvstrac ticket 26 (Ralf van der Enden)
</p></li><li class="listitem"><p>
Several 64 bits issues have been fixed, especially in the Logging subsystem.
</p></li><li class="listitem"><p>
SSQLite would fail to compile on recent Debian systems (Matthijs Möhlmann)
</p></li><li class="listitem"><p>
Generic MySQL would not compile on 64-bit platforms.
</p></li></ul></div><p>
</p><p>
Improvements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
PowerDNS now reports stray command line arguments, like when running '--local-port 5300' instead of '--local-port=5300'. Reported by Christian Welzel.
</p></li><li class="listitem"><p>
We now warn against erroneous logging-facility specification, ie specifying an unknown facility.
</p></li><li class="listitem"><p>
<span class="command"><strong>--version</strong></span> now outputs gcc version used, so we can tell people 2.95 is no longer supported.
</p></li><li class="listitem"><p>
Extended regression tests, moved them to the new 'sdig' tool (see below).
</p></li><li class="listitem"><p>
Bind2backend is now blazingly fast, and highly memory efficient to boot. As a special bonus it can read gzipped zones directly. The '.NET' zone
is hosted using 401MB of memory, the same size as the zone on disk.
</p></li><li class="listitem"><p>
The Pipe Backend has been improved such that it can send out different answers based on the IP address the question was received ON. See
<a class="xref" href="backends-detail.html#pipebackend-protocol" title="1.1. PipeBackend protocol">Section 1.1, “PipeBackend protocol”</a> for how this changed the Pipe Backend protocol. Note that you need to set
<span class="command"><strong>pipebackend-abi-version</strong></span> to benefit from this change, existing clients are not affected. Change and documentation contributed
by Marc Jauvin of Register4Less.
</p></li><li class="listitem"><p>
LDAP backend has been updated (Norbert Sendetzky).
</p></li></ul></div><p>
</p><p>
Recursor improvements and fixes.
See <a class="xref" href="recursion.html" title="Chapter 16. Recursion">Chapter 16, <i>Recursion</i></a> for details. The changes below mean that all of the caveats listed for the recursor have now been addressed.
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
After half an hour of uptime, the entire cache would be pruned for each packet, which is a tad slow. It now appears
the pdns recursor is among the fastest around.
</p></li><li class="listitem"><p>
Under high loads, or when unlucky, some query mthreads would get 'stuck', and show up in the statistics as eternally running queries.
</p></li><li class="listitem"><p>
Lots of redundant gettimeofday() and time() calls were removed, which has resulted in a measurable speedup.
</p></li><li class="listitem"><p>
pdns_recursor can now listen on several addresses simultaneously.
</p></li><li class="listitem"><p>
Now supports setuid and setgid operation to allow running as a less privileged user (Bram Vandoren).
</p></li><li class="listitem"><p>
Return code of pdns_recursor binary did not make sense (Matthijs Möhlmann and Thomas Hood)
</p></li><li class="listitem"><p>
Timeouts and errors are now split out in statistics.
</p></li><li class="listitem"><p>
Many people reported broken statistics, it turned out that no statistics were being reported if there had been no questions to base them on.
We now log a message to that effect.
</p></li><li class="listitem"><p>
Add <span class="command"><strong>query-local-address</strong></span> support, which allows the recursor to send questions from a specific IP address. Useful
for anycast setups.
</p></li><li class="listitem"><p>
Add outgoing TCP query support and proper truncated answer support. Needed for Worldnic Denial of Service protection, which
sends out truncated packets to force clients to connect over TCP, which prevents spoofing.
</p></li><li class="listitem"><p>
Properly truncate our own answers.
</p></li><li class="listitem"><p>
Improve our TCP answers by using writev, which is slightly friendlier to the network.
</p></li><li class="listitem"><p>
On FreeBSD, TCP errors could cause the recursor to exit suddenly due to a SIGPIPE signal.
</p></li><li class="listitem"><p>
Maximum number of simultaneous client TCP connections can now be limited with the <span class="command"><strong>max-tcp-clients</strong></span> setting.
</p></li><li class="listitem"><p>
Add aggressive timeouts for TCP clients to make sure resources are not wasted. Defaults to two seconds, can be
configured with the <span class="command"><strong>client-tcp-timeout</strong></span> setting.
</p></li></ul></div><p>
</p><p>
Backend fixes:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
SQLite backend would not slave properly (Darron Broad)
</p></li><li class="listitem"><p>
Generic MySQL would not compile on 64-bit platforms.
</p></li></ul></div><p>
</p><p>
New technology:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Added the new DNS parser logic, called MOADNSParser. Completely modular, every memory access checked.
</p></li><li class="listitem"><p>
'sdig', a simple dig work-alike with 'canonical' output, which is used for the regression tests. Based on the new DNS parser logic.
</p></li><li class="listitem"><p>
<span class="command"><strong>dnswasher</strong></span>, <span class="command"><strong>dnsreplay</strong></span> and <span class="command"><strong>dnsscope</strong></span>, all DNS analysis tools.
See <a class="xref" href="analysis.html" title="Chapter 25. Tools to analyse DNS traffic">Chapter 25, <i>Tools to analyse DNS traffic</i></a>
for more details.
</p></li><li class="listitem"><p>
Generic Oracle Backend, sponsored by Register.COM. See <a class="xref" href="generic-mypgsql-backends.html#goracle" title="3.3. Oracle specifics">Section 3.3, “Oracle specifics”</a>.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.28. Version 2.9.17"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-9-17"></a>3.28. Version 2.9.17</h3></div></div></div><p>
See <a class="ulink" href="http://wiki.powerdns.com/trac/timeline" target="_top">the new timeline</a> for progress reports.
</p><p>
The 'million domains' release - PowerDNS has now firmly established itself as a major player with the
unofficial count (ie, guesswork) now at over two million PowerDNS domains! Also, the GeoBackend has been tested
by a big website and may soon see wider deployment. Thanks to Mark Bergsma for spreading the word!
</p><p>
It is also a release with lots of changes and fixes. Take care when deploying!
</p><p>
Security issues:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
PowerDNS could be temporarily DoSed using a random stream of bytes. Reported cause of this has been fixed.
</p></li></ul></div><p>
</p><p>
Enhancements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Reported version can be changed, or removed - see the "version-string" setting.
</p></li><li class="listitem"><p>
Duplicate MX records are now no longer considered duplicate if their priorities differ. Some people need this feature for
spam filtering.
</p></li></ul></div><p>
</p><p>
Bug fixes:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
NAPTR records can now be slaved, patch by Lorens Kockum.
</p></li><li class="listitem"><p>
GMySQL now works on Solaris
</p></li><li class="listitem"><p>
PowerDNS could be confused by questions with a %-sign in them - fixing cvstrac ticket #16 (reported by dilinger at voxel.net)
</p></li><li class="listitem"><p>
An authentication bug in the webserver was possibly fixed, please report if you were suffering from this. Being unable
to authenticate to the webserver was what you would've noticed.
</p></li><li class="listitem"><p>
Fix for cvstrac ticket #2, PowerDNS could lose sync when sending out a very large number of notifications. Excellent bug report
by Martin Hoffman, who also improved our original bugfix.
</p></li><li class="listitem"><p>
Fix the oldest PowerDNS bug in existence - under some circumstances, PowerDNS would log to syslog one character at a time.
This was cvstrac ticket #4
</p></li><li class="listitem"><p>
HINFO records can now be slaved, fixing cvstrac ticket #8.
</p></li><li class="listitem"><p>
pdns_recursor could block under some circumstances, especially in case of corrupt UDP packets. Reported by Wichert Akkerman. Fix by
Christopher Meer. This was cvstrac ticket #13.
</p></li><li class="listitem"><p>
Large SOA serial numbers would sometimes be logged as a signed integer, leading to negative numbers in the log.
</p></li><li class="listitem"><p>
PowerDNS now fully supports 32 bit SOA serial numbers (thanks to Mark Bergsma), closing cvstrac ticket #5.
</p></li><li class="listitem"><p>
pdns_recursor --local-address help text was wrong.
</p></li><li class="listitem"><p>
Very devious bug - PowerDNS did not clear its cache before sending out update notifications, leading slaves
to conclude there was no update to AXFR. Excellent debugging by mkuchar at wproduction.cz.
</p></li><li class="listitem"><p>
Probably fixed cvstrac ticket #26, which caused pdns_recursor to fail on recent FreeBSD 5.3 systems. Please check,
I have no such system to test on.
</p></li><li class="listitem"><p>
Geobackend did not get built for Debian.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.29. Version 2.9.16"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-9-16"></a>3.29. Version 2.9.16</h3></div></div></div><p>
The 'it must still be Friday somewhere' release. Massive number of fixes, portability improvements and
the new Geobackend by Mark Bergsma & friends.
</p><p>
New:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
The Geobackend which makes it possible to send different answers to different IP ranges. Initial documentation
can be found in pdns/modules/geobackend/README.
</p></li><li class="listitem"><p>
qgen query generation tool. Nearly completely undocumented and hard to build too, it requires Boost. But very
spiffy. Use <span class="command"><strong>cd pdns; make qgen</strong></span> to build it.
</p></li></ul></div><p>
</p><p>
Bugfixes:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
The most reported bug ever was fixed. Zone2sql required the inclusion of unistd.h, except on Debian unstable.
</p></li><li class="listitem"><p>
PowerDNS tried to listen on its control "pipe" which does not work. Probably harmless, but might have caused some
oddities.
</p></li><li class="listitem"><p>
The Packet Cache did not always set its TTL immediately, causing some packets to be inserted, even when running
with the cache disabled (Mark Bergsma).
</p></li><li class="listitem"><p>
Valgrind found some uninitialized reads, causing bogus values in the priority field when it was not needed.
</p></li><li class="listitem"><p>
Valgrind found a bug in MTasker where we used delete instead of delete[].
</p></li><li class="listitem"><p>
SOA serials and other parameters are unsigned.
This means that very large SOA serial numbers would be messed up (Michel Stol, Stefano Straus)
</p></li><li class="listitem"><p>
PowerDNS left its controlsocket around after exit and reported confusing errors if a socket was
already in use.
</p></li><li class="listitem"><p>
The recursor proxy did not work on big endian systems like SPARC and some MIPS processors (Remco Post)
</p></li><li class="listitem"><p>
We no longer dump core on processing LOC records on UltraSPARC (Andrew Mulholland supplied a testing machine)
</p></li></ul></div><p>
</p><p>
Improvements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
MySQL can now connect to a specified port again (Chris Anderton).
</p></li><li class="listitem"><p>
When running chroot()ed and with master or slave support active, PowerDNS needs to resolve domain names
to find slaves. This in turn may require access to certain libraries. Previously, these needed to be available
in the chroot directory but by forcing an initial lookup, these libraries are now loaded before the chrooting.
</p></li><li class="listitem"><p>
pdns_recursor was very slow after having done a larger number of queries because of the checks
to see if a query should be throttled. This is now done using a set which is a lot faster than the previous
full sequential scan.
</p></li><li class="listitem"><p>
The throttling code may not have throttled as much as was configured.
</p></li><li class="listitem"><p>
Yet another big LDAP update. The LDAP backend now load balances connections over several hosts (Norbert Sendetzky)
</p></li><li class="listitem"><p>
Updated b.root-servers.net address in the recursor
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.30. Version 2.9.15"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-9-15"></a>3.30. Version 2.9.15</h3></div></div></div><p>
This release fixes up some of the shortcomings in 2.9.14, and adds some new features too.
</p><p>
Bugfixes:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
<span class="command"><strong>allow-recursion-override</strong></span> was on by default, it was meant to be off.
</p></li><li class="listitem"><p>
Logging was still off in daemon mode, fixed.
</p></li><li class="listitem"><p>
debian/rules forgot to build an sqlite package
</p></li><li class="listitem"><p>
Recursor accidentally linked in MySQL - this was the result of an experiment with a persistent recursor cache.
</p></li><li class="listitem"><p>
The PowerDNS recursor had stability problems. It now sorts nameservers (roughly) by responsiveness. The 'roughly' part
upset the sorting algorithm used, the speeds being sorted on changed during sorting.
</p></li><li class="listitem"><p>
The recursor now outputs the nameserver average response times in trace mode
</p></li><li class="listitem"><p>
LDAP compiles again.
</p></li></ul></div><p>
</p><p>
Improvements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
zone2sql can now accept <code class="filename">-</code> as a file name which causes it to read stdin. This allows the following
to work: <span class="command"><strong>dig axfr ds9a.nl | zone2sql --gmysql --zone=- | mysql pdns</strong></span>, which is a nice way to
import a zone.
</p></li><li class="listitem"><p>
zone2sql now ignores duplicate SOA records which are identical - which also makes the above possible.
</p></li><li class="listitem"><p>
Remove libpqpp dependencies - since we now use the native C API for PostgreSQL
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.31. Version 2.9.14"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-9-14"></a>3.31. Version 2.9.14</h3></div></div></div><p>
Big release with the fix for the all important 2^30 seconds problem and a lot of other news.
</p><p>
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
errno problems would cause compilation problems when using LDAP (Norbert Sendetzky)
</p></li><li class="listitem"><p>
The Generic SQL backend could cause crashes on PostgreSQL when using pdns_control notify (Georg Bauer)
</p></li><li class="listitem"><p>
Debian compatible init.d script (Wichert Akkerman)
</p></li><li class="listitem"><p>
If using the master or slave features, pdns had the notion of eternity ending in 2038, except that due
to a thinko, eternity ended out to be the 10th of January 2004. This caused a loop to timeout immediately.
Many thanks to Jasper Spaans for spotting the bug within five minutes.
</p></li><li class="listitem"><p>
Parts of the SOA field were not canonicalized.
</p></li><li class="listitem"><p>
The loglevel could in fact cause nothing to be logged (Norbert Sendetzky)
</p></li></ul></div><p>
</p><p>
Improvements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
The recursor now chooses the fastest nameserver, which causes a big speedup!
</p></li><li class="listitem"><p>
LDAP now has different lookup models
</p></li><li class="listitem"><p>
Cleanups, better load distribution, better exception handling, zone2ldap improvements
</p></li><li class="listitem"><p>
The recursor was somewhat chatty about TCP connections
</p></li><li class="listitem"><p>
PostgreSQL now only depends on the C API and not on the deprecated C++ one
</p></li><li class="listitem"><p>
PowerDNS can now fully overrule external zones when doing recursion. See <a class="xref" href="recursion.html" title="Chapter 16. Recursion">Chapter 16, <i>Recursion</i></a>.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.32. Version 2.9.13"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-9-13"></a>3.32. Version 2.9.13</h3></div></div></div><p>
Big news! Windows is back! Our great friend Michel Stol found the time to update the PowerDNS code so it works
again under windows.
</p><p>
Furthermore, big thanks go out to Dell who quickly repaired my trusty <a class="ulink" href="http://ds9a.nl/dell-d800" target="_top">laptop</a>.
</p><p>
His changes:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Generic SQLite support added
</p></li><li class="listitem"><p>
Removed the ODBC backend, replaced it by the Generic ODBC Backend, which has all the cool configurability
of the Generic MySQL and PostgreSQL backends.
</p></li><li class="listitem"><p>
The PowerDNS Recursor now runs as a Service. It defaults to running on port 5300, PowerDNS itself is configured
to expect the Recursor on port 5300 now.
</p></li><li class="listitem"><p>
The PowerDNS Service is now known as 'PowerDNS' to Windows.
</p></li><li class="listitem"><p>
The Installer was redone, this time with <a class="ulink" href="http://nsis.sf.net" target="_top">NSIS2</a>.
</p></li><li class="listitem"><p>
General updates and fixes.
</p></li></ul></div><p>
</p><p>
Other news:
</p><p>
</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Note"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Note]" src="note.png" /></td><th align="left">Note</th></tr><tr><td align="left" valign="top"><p>
There appears to be a problem with PowerDNS on Red Hat 7.3 with GCC 2.96 and self-compiled binaries. The symptoms are
that PowerDNS works on the foreground but fails as a daemon. We're working on it.
</p><p>
If you do note problems, let the list know, if you don't, please do so as well. Tell us if you use the RPM or
compiled yourself.
</p><p>
It is known that not compiling in MySQL support helps solve the problem, but then you don't have MySQL.
</p></td></tr></table></div><p>
</p><p>
There have been a number of reports on MySQL connections being dropped on FreeBSD 4.x, which sometimes causes PowerDNS to give up and reload itself.
To combat this, MySQL error messages have been improved in some places in hopes of figuring out what is up. The initial indication is
that MySQL itself sometimes terminates the connection and, amazingly, that switching to a Unix domain socket instead of TCP solves
the problem.
</p><p>
Bug fixes:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
<span class="command"><strong>allow-axfr-ips</strong></span> did not work for individual IP addresses (bug & fix by Norbert Sendetzky)
</p></li></ul></div><p>
</p><p>
Improvements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Opteron support! Thanks to Jeff Davey for providing a shell on an Opteron. The fixes should
also help PowerDNS on other platforms with a 64 bit userspace.
</p><p>
Btw, the PowerDNS team has a strong desire for an Opteron :-)
</p></li><li class="listitem"><p>
pdns_recursor jumbles answers now. This means that you can do poor man's round robin
by supplying multiple A, MX or AAAA records for a service, and get a random one on top
each time. Interestingly, this feature appeared out of nowhere, this change was made to the
authoritative code but due to the wonders of code-reuse had an effect on pdns_recursor too.
</p></li><li class="listitem"><p>
Big LDAP cleanup. Support for TLS was added. Zone2LDAP also gained the ability to
generate ldif files containing a tree or a list of entries. (Norbert Sendetzky)
</p></li><li class="listitem"><p>
Zone2sql is now somewhat clearer when reporting malformed line errors - it did not always
include the name of the file causing a problem, especially for big installations. Problem noted
by Thom May.
</p></li><li class="listitem"><p>
pdns_recursor now survives the expiration of all its root records, most often caused by prolonged
disconnection from the net.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.33. Version 2.9.12"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-9-12"></a>3.33. Version 2.9.12</h3></div></div></div><p>
Release rich in features. Work on Verisign oddities, addition of SQLite backend, pdns_recursor maturity.
</p><p>
New features:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
--version command (requested by Mike Benoit)
</p></li><li class="listitem"><p>
delegation-only, a Verisign special.
</p></li><li class="listitem"><p>
Generic <a class="ulink" href="http://www.sqlite.org" target="_top">SQLite</a> support, by Michel 'Who da man?' Stol. See <a class="xref" href="gsqlite.html" title="5. Generic SQLite backend (2 and 3)">Section 5, “Generic SQLite backend (2 and 3)”</a>.
</p></li><li class="listitem"><p>
init.d script for pdns_recursor
</p></li><li class="listitem"><p>
Recursor now actually purges its cache, saving memory.
</p></li><li class="listitem"><p>
Slave configuration now no longer falls over when presented with a NULL master
</p></li><li class="listitem"><p>
Bindbackend2 now has supermaster support (Mark Bergsma, untested)
</p></li><li class="listitem"><p>
Answers are now shuffled! It turns out a few recursors don't do shuffling (pdns_recursor, djbdns), so we do it now. Requested by Jorn Ekkelenkamp of ISP-Services. This means that if you have
multiple IP addresses for one host, they will be returned in differing order every once in a while.
</p></li></ul></div><p>
</p><p>
Bugs:
</p><p>
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
0.0.0.0/0 didn't use to work (Norbert Sendetzky)
</p></li><li class="listitem"><p>
pdns_recursor would try to resolve IP address which to bind to, potentially causing chicken/egg problem
</p></li><li class="listitem"><p>
gpgsql no longer reports as gmysql (Sherwin Daganoto)
</p></li><li class="listitem"><p>
SRV would not be parsed right from disk (Christof Meerwald)
</p></li><li class="listitem"><p>
An AXFR from a zone hosted on the LDAP backend no longer transmits all the reverse entries too (Norbert Sendetzky)
</p></li><li class="listitem"><p>
PostgreSQL backend now does error checking. It would be a bit too trusting before.
</p></li></ul></div><p>
</p><p>
Improvements, cleanups:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
PowerDNS now reports the numerical IP addresses it binds to instead of the, possibly, alphanumeric names the operator passed.
</p></li><li class="listitem"><p>
Removed only-soa hackery (noticed by Norbert Sendetzky)
</p></li><li class="listitem"><p>
Debian packaging fixes (Wichert Akkerman)
</p></li><li class="listitem"><p>
Some parameter descriptions were improved.
</p></li><li class="listitem"><p>
Cleanups by Norbert: getAuth moved to chopOff, arguments::contains massive cleanup, more.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.34. Version 2.9.11"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-9-11"></a>3.34. Version 2.9.11</h3></div></div></div><p>
Yet another iteration, hopefully this will be the last silly release.
</p><p>
</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Warning"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Warning]" src="warning.png" /></td><th align="left">Warning</th></tr><tr><td align="left" valign="top"><p>
There has been a change in behaviour whereby <span class="command"><strong>disable-axfr</strong></span> does what it means now! From now
on, setting <span class="command"><strong>allow-axfr-ips</strong></span> automatically disables AXFR from unmentioned subnets.
</p></td></tr></table></div><p>
</p><p>
This release enables AXFR again, <span class="command"><strong>disable-axfr</strong></span> did the opposite of what it claimed. Furthermore, the pdns_recursor now cleans its cache, which should save some memory in the long run. Norbert contributed some small LDAP work which should come in useful in the future.
</p></div><div class="sect2" title="3.35. Version 2.9.10"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-9-10"></a>3.35. Version 2.9.10</h3></div></div></div><p>
Small bugfixes, LDAP update. Released 3rd of July 2003. Apologies for the long delay, real life keeps interfering.
</p><p>
</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Warning"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Warning]" src="warning.png" /></td><th align="left">Warning</th></tr><tr><td align="left" valign="top"><p>
Do not use or try to use 2.9.9, it was a botched release!
</p></td></tr></table></div><p>
</p><p>
</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Warning"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Warning]" src="warning.png" /></td><th align="left">Warning</th></tr><tr><td align="left" valign="top"><p>
There has been a change in behaviour whereby <span class="command"><strong>disable-axfr</strong></span> does what it means now! From now
on, setting <span class="command"><strong>allow-axfr-ips</strong></span> automatically disables AXFR from unmentioned subnets.
</p></td></tr></table></div><p>
</p><p>
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
2.9.8 was prone to crash on adding additional records. Thanks to excellent debugging by PowerDNS users worldwide, the bug was found
quickly and is in fact present in all earlier PowerDNS releases, but for some reason doesn't cause crashes there.
</p></li><li class="listitem"><p>
Notifications now jump in front of the queue of domains that need to be checked for changes, giving much greater perceived performance.
This is needed if you have tens of thousands of slave domains and your master server is on a high latency link. Thanks to Mark Jeftovic
of EasyDNS for suggesting this change and testing it on their platform.
</p></li><li class="listitem"><p>
Dean Mills reported that PowerDNS does confusing logging about changing GIDs and UIDs, fixed. Cosmetic only.
</p></li><li class="listitem"><p>
pdns_recursor may have logged empty lines for some users, fixed. Solution suggested by Norbert Sendetzky.
</p></li><li class="listitem"><p>
LDAP: DNS TTLs were random values (Norbert Sendetzky, Stefan Pfetzing). New <span class="command"><strong>ldap-default-ttl</strong></span>
option.
</p></li><li class="listitem"><p>
LDAP: Now works with OpenLDAP 2.1 (Norbert Sendetzky)
</p></li><li class="listitem"><p>
LDAP: error handling for invalid MX records implemented (Norbert Sendetzky)
</p></li><li class="listitem"><p>
LDAP: better exception handling (Norbert Sendetzky)
</p></li><li class="listitem"><p>
LDAP: code cleanup of lookup() (Norbert Sendetzky)
</p></li><li class="listitem"><p>
LDAP: added support for scoped searches (Norbert Sendetzky)
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.36. Version 2.9.8"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-9-8"></a>3.36. Version 2.9.8</h3></div></div></div><p>
Queen's day release! 30th of April 2003.
</p><p>
Added support for AIX, fixed negative SOA caching. Some other cleanups. Not a major release but enough reasons to upgrade.
</p><p>
Bugs fixed:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Recursor had problems expiring negatively cached entries, which wasted memory and also led to the continued non-existence of
hosts that since had come into existence.
</p></li><li class="listitem"><p>
The Generic SQL backends did not lowercase the names of records, which led to new records not being found by case sensitive
databases (notably PostgreSQL). Found by Volker Goetz.
</p></li><li class="listitem"><p>
NS queries for zones for which we did not carry authority, but only had delegation information, had their NS records in the
wrong section. Minor detail, but a standards violation nonetheless. Spotted by Stephane Bortzmeyer.
</p></li></ul></div><p>
</p><p>
Improvements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Removed crypt.h dependency from powerldap.hh, which was a problem on some platforms (Richard Arends)
</p></li><li class="listitem"><p>
PowerDNS can't parse so called binary labels which we now detect and ignore, after printing a warning.
</p></li><li class="listitem"><p>
Specifying allow-axfr-ips now automatically disables AXFR for all non-mentioned addresses.
</p></li><li class="listitem"><p>
A Solaris ready init.d script is now part of the tar.gz (contributed, but I lost by whom).
</p></li><li class="listitem"><p>
Added some fixes to PowerDNS can work on AIX (spotted by Markus Heimhilcher).
</p></li><li class="listitem"><p>
Norbert Sendetzky contributed <code class="filename">zone2ldap</code>.
</p></li><li class="listitem"><p>
Everybody's favorite compiler warning from <code class="filename">zone2sql.cc</code> was removed!
</p></li><li class="listitem"><p>
Recursor now listens on TCP!
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.37. Version 2.9.7"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-9-7"></a>3.37. Version 2.9.7</h3></div></div></div><p>
Released on 2003-03-20.
</p><p>
This is a sweeping release in the sense of cleanup. There are some new features but mostly a lot of cleanup going on. Hiding inside is the
<code class="filename">bind2backend</code>, the next generation of the bind backend. A work in progress. Those of you with overlapping zones,
as mentioned in the changelog of 2.9.6, are invited to check it out by replacing <span class="command"><strong>launch=bind</strong></span>
by <span class="command"><strong>launch=bind2</strong></span> and renaming all <span class="command"><strong>bind-</strong></span> parameters to
<span class="command"><strong>bind2-</strong></span>. Be aware that if you run with many small zones, this backend is faster, but if you run with a few large ones, it is slower. This will improve.
</p><p>
Features:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Mark Bergsma contributed <span class="command"><strong>query-local-address</strong></span> which allows the operator to select which source address to
use. This is useful on servers with multiple source addresses and the operating system selecting an unintended one, leading to
remotes denying access.
</p></li><li class="listitem"><p>
PowerDNS can now perform AAAA additional processing optionally, turned on by setting <span class="command"><strong>do-ipv6-additional-processing</strong></span>.
Thanks to Stephane Bortzmeyer for pointing out the need.
</p></li><li class="listitem"><p>
Bind2backend, which is almost in compliance with the new IETF AXFR-clarify (some would say
'redefinition') draft.
</p><p>
This backend is not ready for primetime but you may want to try it if you currently have overlapping
zones and note problems. An overlapping zone would be having "ipv6.powerdns.com" and "powerdns.com" zones
on one server.
</p></li></ul></div><p>
</p><p>
Improvements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Zone2sql would happily try to read from a directory and not give a useful error about this.
</p></li><li class="listitem"><p>
PowerDNS now reports the case where it can't figure out any IP address of slave nameservers for a zone
</p></li><li class="listitem"><p>
Removed <span class="command"><strong>receiver-threads</strong></span> setting which was experimental and in fact only made things worse.
</p></li><li class="listitem"><p>
LDAP backend updates from its author Norbert Sendetzky. Reverse lookups should work now too.
</p></li><li class="listitem"><p>
An error message about unparseable packets did not include the originating IP address (fixed by Mark Bergsma)
</p></li><li class="listitem"><p>
PowerDNS can now be started via path resolution while running with a guardian. Suggested by Maurice Nonnekes.
</p></li><li class="listitem"><p>
<code class="filename">pdns_recursor</code> moved to <code class="filename">sbin</code> (reported by Norbert Sendetzky)
</p></li><li class="listitem"><p>
Retuned some logger errorlevels, a lot of master/slave chatter was logged as 'Error'. Reported by Willem de Groot.
</p></li></ul></div><p>
</p><p>
Bugs fixed:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
<code class="filename">zone2sql</code> did not remove trailing dots in SOA records.
</p></li><li class="listitem"><p>
ldapbackend did not include <code class="filename">utility.hh</code> which caused compilation problems on Solaris (reported by Remco Post)
</p></li><li class="listitem"><p>
<code class="filename">pdns_control</code> could leave behind remnants in case PowerDNS was not running (reported by dG)
</p></li><li class="listitem"><p>
Incoming AXFR did not work on Solaris and other big-endian systems (Willem de Groot helped debugging this long standing problem).
</p></li><li class="listitem"><p>
Recursor could crash on convoluted CNAME loops. Thanks to Dan Faerch for delivering core dumps.
</p></li><li class="listitem"><p>
Silly 'wuh' debugging output in zone2sql and bindbackend removed (spotted by Ivo van der Wijk).
</p></li><li class="listitem"><p>
Recursor neglected to differentiate between negative cache of NXDOMAIN and NOERROR, leading to problems
with IPv6 enabled Windows clients. Thanks to Stuart Walsh for reporting this and testing the fix.
</p></li><li class="listitem"><p>
PowerDNS set the 'aa' bit on serving NS records in a zone for which it was authoritative. Most implementations
drop the 'aa' bit in this case and Stephane Bortzmeyer informed us of this. PowerDNS now also drops the 'aa'
bit in this case.
</p></li><li class="listitem"><p>
The webserver tended to fail after prolonged operation on FreeBSD, this was due to an uninitialised timeout, other platforms were lucky. Thanks to G.P. de Boer for helping debug this.
</p></li><li class="listitem"><p>
getAnswers() in dnspacket.cc could be forced to read bytes beyond the end of the packet, leading to crashes in the
PowerDNS recursor. This is an ongoing project that needs more work. Reported by Dan Faerch, with a core dump proving the problem.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.38. Version 2.9.6"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-9-6"></a>3.38. Version 2.9.6</h3></div></div></div><p>
Two new backends - Generic ODBC (windows only) and LDAP. Furthermore, a few important bugs have been fixed which may have hampered sites seeing a lot of
outgoing zone transfers. Additionally, the pdns recursor now has 'query throttling' which is pretty cool. In short this makes sure that PowerDNS
does not send out heaps of queries if a nameserver is unable to provide an answer. Many operators of authoritative setups are all too aware of
recursing nameservers that hammer them for zones they don't have, PowerDNS won't do that anymore now, no matter what clients request of it.
</p><p>
</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Warning"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Warning]" src="warning.png" /></td><th align="left">Warning</th></tr><tr><td align="left" valign="top"><p>
There is an unresolved issue with the BIND backend and 'overlapping' slave zones. So if you have 'example.com' and also have a separate
slave zone called 'external.example.com', things may go wrong badly. Thanks to Christian Laursen for working with us a lot in finding
this issue. We hope to resolve it soon.
</p></td></tr></table></div><p>
</p><p>
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
BIND Backend now honours notifies, code to support this was accidentally left out. Thanks to Christian Laursen for noticing this.
</p></li><li class="listitem"><p>
Massive speedup for those of you using the slightly deprecated MBOXFW records. Thanks to Jorn of <a class="ulink" href="http://www.ISP-Services.nl" target="_top">
ISP Services</a> for helping and testing this improvement.
</p></li><li class="listitem"><p>
$GENERATE had an off-by-one bug where it would omit the last record to be generated (Christian Laursen)
</p></li><li class="listitem"><p>
Simultaneous AXFRs may have been problematic on some backends. Thanks to Jorn of ISP-Services again for helping us resolve this issue.
</p></li><li class="listitem"><p>
Added LDAP backend by Norbert Sendetzky, see <a class="xref" href="ldap.html" title="10. LDAP backend">Section 10, “LDAP backend”</a>.
</p></li><li class="listitem"><p>
Added Generic ODBC backend for Windows by Michel Stol.
</p></li><li class="listitem"><p>
Simplified 'out of zone data' detection in incoming AXFR support, hopefully removing a case sensitivity bug there. Thanks again
to Christian Laursen for reporting this issue.
</p></li><li class="listitem"><p>
$include in-zonefile was broken under some circumstances, losing the last character of a file name. Thanks to Joris Vandalon for noticing this.
</p></li><li class="listitem"><p>
The zone parser was more case-sensitive than BIND, refusing to accept 'in' as well as 'IN'. Thanks to Joris Vandalon for noticing this.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.39. Version 2.9.5"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-9-5"></a>3.39. Version 2.9.5</h3></div></div></div><p>
Released on 2002-02-03.
</p><p>
This version is almost entirely about recursion with major changes to both the pdns recursor, which is renamed to
'<code class="filename">pdns_recursor</code>' and to the main PowerDNS binary to make it interact better with the recursing component.
</p><p>
Sadly, due to <a class="ulink" href="http://sources.redhat.com/ml/libc-alpha/2003-01/msg00245.html" target="_top">technical reasons</a>, compiling
the pdns recursor and pdns authoritative nameserver into one binary is not immediately possible. During the release of 2.9.4 we
stated that the recursing nameserver would be integrated in the next release - this won't happen now.
</p><p>
However, this turns out to not be that bad at all. The recursor can now be restarted without having to restart the rest of the nameserver,
for example. Cooperation between the both halves of PDNS is also almost seamless. As a result, 'non-lazy recursion' has been dropped. See
<a class="xref" href="recursion.html" title="Chapter 16. Recursion">Chapter 16, <i>Recursion</i></a> for more details.
</p><p>
Furthermore, the recursor only works on Linux, Windows and Solaris (not entirely). FreeBSD does not support the required functions.
If you know any important FreeBSD people, plea with them to support set/get/swapcontext! Alternatively, FreeBSD coders could read
the solution presented here <a class="ulink" href="http://www.eng.uwaterloo.ca/~ejones/software/threading.html" target="_top">in figure 5</a>.
</p><p>
The 'Contributor of the Month' award goes to Mark Bergsma who has responded to our plea for help with the label compressor and contributed
a wonderfully simple and right fix that allows PDNS to compress just as well as other nameservers out there. An honorary mention goes to
Ueli Heuer who, despite having no C++ experience, submitted an excellent SRV record implementation.
</p><p>
Excellent work was also performed by Michel Stol, the Windows guy, in fixing all our non-portable stuff again. Christof Meerwald has also done
wonderful work in porting MTasker to Windows, which was then used by Michel to get the recursor functioning on Windows.
</p><p>
Other changes:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
dnspacket.cc was cleaned up by factoring out common operations
</p></li><li class="listitem"><p>
Heaps of work on the recursing nameserver. Has now achieved *days* of uptime!
</p></li><li class="listitem"><p>
Recursor renamed from syncres to <code class="filename">pdns_recursor</code>
</p></li><li class="listitem"><p>
PowerDNS can now serve records it does not know about. To benefit from this slightly undocumented feature, add
1024 to the numerical type of a record and include the record in binary form in your database. Used internally by the
recursing nameserver but you can use it too.
</p></li><li class="listitem"><p>
PowerDNS now knows about SIG and KEY records *names*. It does not support them yet but can at least report so now.
</p></li><li class="listitem"><p>
HINFO records can now be transferred from a master to PowerDNS (thanks to Ueli Heuer for noticing it didn't work).
</p></li><li class="listitem"><p>
Yet more UltraSPARC alignment issues fixed (Chris Andrews).
</p></li><li class="listitem"><p>
Dropped non-lazy recursion, nobody was using it. Lazy recursion became even more lazy after Dan Bernstein pointed out that additional
processing is not vital, so PowerDNS does its best to do additional processing on recursive queries, but does not scream murder if it does
not succeed. Due to caching, the next identical query will be successfully additionally processed.
</p></li><li class="listitem"><p>
Label compression was improved so we can now fit all . records in 436 bytes, this used to be 460! (Code & formal
proof of correctness by Mark Bergsma).
</p></li><li class="listitem"><p>
SRV support (incoming and outgoing), submitted by Ueli Heuer.
</p></li><li class="listitem"><p>
Generic backends do not support SOA serial autocalculation, it appears. Could lead to random SOA serials in case
of a serial of 0 in the database. Fixed so that 0 stays zero in that case. Don't set the SOA serial to 0 when using
Generic MySQL or Generic PostgreSQL!
</p></li><li class="listitem"><p>
J root-server address was updated to its new location.
</p></li><li class="listitem"><p>
SIGUSR1 now forces the recursor to print out statistics to the log.
</p></li><li class="listitem"><p>
Meaning of recursor logging was changed a bit - a cache hit is now a question that was answered with 0 outgoing packets needed. Used to
be a weighted average of internal cache hits.
</p></li><li class="listitem"><p>
MySQL compilation did not include -lz which causes problems on some platforms. Thanks to James H. Cloos Jr for reporting this.
</p></li><li class="listitem"><p>
After a suggestion by Daniel Meyer and Florus Both, the built in webserver now reports the configuration name when multiple PowerDNS
instances are active.
</p></li><li class="listitem"><p>
Brad Knowles noticed that zone2sql had problems with the root.zone, fixed. This also closes some other zone2sql annoyances with converting
single zones.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.40. Version 2.9.4"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-9-4"></a>3.40. Version 2.9.4</h3></div></div></div><p>
Yet another grand release. Big news is the addition of a recursing nameserver which has sprung into existence
over the past week. It is in use on several computers already but it is not ready for prime time. Complete integration
with PowerDNS is expected around 2.9.5, for now the recursor is a separate program.
</p><p>
In preliminary tests, the recursor appears to be four times faster than BIND 9 on a naive benchmark starting from a cold cache. BIND 9
managed to get through to some slower nameservers however, which were given up on by PowerDNS. We will continue to tune the recursor.
See <a class="xref" href="built-in-recursor.html" title="Chapter 17. PowerDNS Recursor: a high performance resolving nameserver">Chapter 17, <i>PowerDNS Recursor: a high performance resolving nameserver</i></a> for further details.
</p><p>
The BIND Backend has also been tested (see the <span class="command"><strong>bind-domain-status</strong></span> item below) rather heavily by several parties. After some
discussion online, one of the BIND authors ventured that the newsgroup comp.protocols.dns.bind may now in fact be an appropriate venue
for discussing PowerDNS. Since this discussion, traffic to the PowerDNS pages has increased sixfold and shows no signs of slowing down.
</p><p>
From this, it is apparent that far more people are interested in PowerDNS than yet know about it. So spread the word!
</p><p>
In other news, we now have a security page at <a class="xref" href="security-policy.html" title="4. Security">Section 4, “Security”</a>. Furthermore, Maurice Nonnekes contributed an OpenBSD
port! See <a class="ulink" href="http://www.codeninja.nl/openbsd/powerdns/" target="_top">his page</a> for more details!
</p><p>
New features and improvements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
All SQL queries in the generic backends are now available for configuration. (Martin Klebermass, Bert Hubert).
See <a class="xref" href="generic-mypgsql-backends.html" title="3. Generic MySQL and PgSQL backends">Section 3, “Generic MySQL and PgSQL backends”</a>.
</p></li><li class="listitem"><p>
A recursing nameserver! See <a class="xref" href="built-in-recursor.html" title="Chapter 17. PowerDNS Recursor: a high performance resolving nameserver">Chapter 17, <i>PowerDNS Recursor: a high performance resolving nameserver</i></a>.
</p></li><li class="listitem"><p>
An incoming AXFR now only starts a backend zone replacement transaction after the first record arrived successfully, thus making
sure no work is done when a remote nameserver is unable/unwilling to AXFR a zone to us.
</p></li><li class="listitem"><p>
Zone parser error messages were improved slightly (thanks to Stef van Dessel for spotting this shortcoming)
</p></li><li class="listitem"><p>
XS4ALL's Erik Bos checked how PowerDNS reacted to a BIND installation with almost 60.000 domains, some of which
with >100.000 records, and he discovered the pdns_control <span class="command"><strong>bind-domain-status</strong></span> command
became very slow with larger numbers of domains. Fixed, 60.000 domains are now listed in under one second.
</p></li><li class="listitem"><p>
If a remote nameserver disconnects during an incoming AXFR, the update is now rolled back, unless the AXFR was
properly terminated.
</p></li><li class="listitem"><p>
The migration chapter mentioned the use of deprecated backends.
</p></li></ul></div><p>
</p><p>
A tremendous number of bugs were discovered and fixed:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Zone parser would only accept $include and not $INCLUDE
</p></li><li class="listitem"><p>
Zone parser had problems with $lines with comments on the end
</p></li><li class="listitem"><p>
Wildcard ANY queries were broken (thanks Colemarcus for spotting this)
</p></li><li class="listitem"><p>
A connection failure with the Generic backends would lead to a powerdns reload (cast of many)
</p></li><li class="listitem"><p>
Generic backends had some semantic problems with slave support. Symptoms were oft-repeated notifications
and transfers (thanks to Mark Bergsma for helping resolve this).
</p></li><li class="listitem"><p>
Solaris version compiles again. Thanks to Mohamed Lrhazi for reporting that it didn't.
</p></li><li class="listitem"><p>
Some UltraSPARC alignment fixes. Thanks to Mohamed Lrhazi for being helpful in spotting these.
One problem is still outstanding, Mohamed sent a core dump that tells us where the problem is. Expect the
fix to be in 2.9.5. Volunteers can grep the source for 'UltraSPARC' to find where the problem is.
</p></li><li class="listitem"><p>
Our support of IPv6 on FreeBSD had phase of moon dependent bugs, fixed by Peter van Dijk.
</p></li><li class="listitem"><p>
Some crashes of and by pdns_control were fixed, thanks to Mark Bergsma for helping resolve these.
</p></li><li class="listitem"><p>
Outgoing AXFR in pdns installations with multiple loaded backends was broken (thanks to Stuart Walsh for reporting this).
</p></li><li class="listitem"><p>
A failed BIND Backend incoming AXFR would block the zone until it succeeded again.
</p></li><li class="listitem"><p>
Generic PostgreSQL backend wouldn't compile with newer libpq++, fixed by Julien Lemoine/SpeedBlue.
</p></li><li class="listitem"><p>
Potential bug (not observed) when listening on multiple interfaces fixed.
</p></li><li class="listitem"><p>
Some typos in manpages fixed (reported by Marco Davids).
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.41. Version 2.9.3a"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-9-3"></a>3.41. Version 2.9.3a</h3></div></div></div><p>
</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Note"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Note]" src="note.png" /></td><th align="left">Note</th></tr><tr><td align="left" valign="top"><p>2.9.3a is identical to 2.9.3 except that zone2sql does work</p></td></tr></table></div><p>
Broad range of huge improvements. We now have an all-static .rpm and .deb for Linux users and a link to an OpenBSD port.
Major news is that work on the Bind backend has progressed to the point that we've just retired our last Bind server and
replaced it with PowerDNS in Bind mode! This server is operating a number of master and slave setups so it should stress the Bind backend
somewhat.
</p><p>
This version is rapidly approaching the point where it is a better-Bind-than-Bind and nearly a drop-in replacement for authoritative
setups. PowerDNS is now equipped with a powerful
master/slave apparatus that offers a lot of insight and control to the user, even when operating from Bind zone files and a
Bind configuration. Observe.
</p><p>
After the SOA of ds9a.nl was raised:
</p><pre class="screen">
pdns[17495]: All slave domains are fresh
pdns[17495]: 1 domain for which we are master needs notifications
pdns[17495]: Queued notification of domain 'ds9a.nl' to 195.193.163.3
pdns[17495]: Queued notification of domain 'ds9a.nl' to 213.156.2.1
pdns[17520]: AXFR of domain 'ds9a.nl' initiated by 195.193.163.3
pdns[17520]: AXFR of domain 'ds9a.nl' to 195.193.163.3 finished
pdns[17521]: AXFR of domain 'ds9a.nl' initiated by 213.156.2.1
pdns[17521]: AXFR of domain 'ds9a.nl' to 213.156.2.1 finished
pdns[17495]: Removed from notification list: 'ds9a.nl' to 195.193.163.3 (was acknowledged)
pdns[17495]: Removed from notification list: 'ds9a.nl' to 213.156.2.1 (was acknowledged)
pdns[17495]: No master domains need notifications
</pre><p>
If however our slaves would ignore us, as some are prone to do, we can send some additional notifications:
</p><pre class="screen">
$ sudo pdns_control notify ds9a.nl
Added to queue
pdns[17492]: Notification request for domain 'ds9a.nl' received
pdns[17492]: Queued notification of domain 'ds9a.nl' to 195.193.163.3
pdns[17492]: Queued notification of domain 'ds9a.nl' to 213.156.2.1
pdns[17495]: Removed from notification list: 'ds9a.nl' to 195.193.163.3 (was acknowledged)
pdns[17495]: Removed from notification list: 'ds9a.nl' to 213.156.2.1 (was acknowledged)
</pre><p>
Conversely, if PowerDNS needs to be reminded to retrieve a zone from a master, a command is provided:
</p><pre class="screen">
$ sudo pdns_control retrieve forfun.net
Added retrieval request for 'forfun.net' from master 212.187.98.67
pdns[17495]: AXFR started for 'forfun.net', transaction started
pdns[17495]: Zone 'forfun.net' (/var/cache/bind/forfun.net) reloaded
pdns[17495]: AXFR done for 'forfun.net', zone committed
</pre><p>
Also, you can force PowerDNS to reload a zone from disk immediately with <span class="command"><strong>pdns_control bind-reload-now</strong></span>.
All this happens 'live', per your instructions. Without instructions, the right things also happen, but the operator is in charge.
</p><p>
For more about all this coolness, see <a class="xref" href="pdns-internals.html#pdnscontrol" title="1.1. pdns_control">Section 1.1, “pdns_control”</a> and <a class="xref" href="bindbackend.html#bind-control-commands" title="7.2. Pdns_control commands">Section 7.2, “Pdns_control commands”</a>.
</p><p>
</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Warning"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Warning]" src="warning.png" /></td><th align="left">Warning</th></tr><tr><td align="left" valign="top"><p>
Again some changes in compilation instructions. The hybrid pgmysql backend has been split up into 'gmysql' and 'gpgsql', sharing
a common base within the PowerDNS server itself. This means that you can no longer compile
<span class="command"><strong>--with-modules="pgmysql" --enable-mysql --enable-pgsql</strong></span> but that you should now use:
<span class="command"><strong>--with-modules="gmysql gpgsql"</strong></span>. The old launch-names remain available.
</p><p>
If you launch the Generic PgSQL backend as gpgsql2, all parameters will have gpgsql2 as a prefix, for example
<span class="command"><strong>gpgsql2-dbname</strong></span>. If launched as gpgsql, the regular names are in effect.
</p></td></tr></table></div><p>
</p><p>
</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Warning"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Warning]" src="warning.png" /></td><th align="left">Warning</th></tr><tr><td align="left" valign="top"><p>
The pdns_control protocol was changed which means that older pdns_controls cannot talk to 2.9.3. The other way around is
broken too. This may lead to problems with automatic upgrade scripts, so pay attention if your daemon is truly restarted.
</p><p>
Also make sure no old pdns_control command is around to confuse things.
</p></td></tr></table></div><p>
</p><p>
Improvements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Bind backend can now deal with missing files and try to find them later.
</p></li><li class="listitem"><p>
Bind backend is now explicitly master capable and triggers the sending of notifications.
</p></li><li class="listitem"><p>
General robustness improvements in Bind backend - many errors are now non-fatal.
</p></li><li class="listitem"><p>
Accessibility, Serviceability. New <span class="command"><strong>pdns_server</strong></span> commands like <span class="command"><strong>bind-list-rejects</strong></span>
(lists zones that could not be loaded, and the reason why), <span class="command"><strong>bind-reload-now</strong></span> (reload a zone from disk NOW),
<span class="command"><strong>rediscover</strong></span> (reread named.conf NOW). More is coming up.
</p></li><li class="listitem"><p>
Added support for retrieving RP (Responsible Person) records from remote masters. Serving them was already possible.
</p></li><li class="listitem"><p>
Added support for LOC records, which encode the geographical location of a host, both serving and retrieving (thanks to Marco Davids
using them on our last Bind server, forcing us to implement this silly record).
</p></li><li class="listitem"><p>
Configuration file parser now strips leading spaces too, allowing "chroot= /tmp" to work, as well as "chroot=/tmp"
(Thanks to Hub Dohmen for reporting this for months on end).
</p></li><li class="listitem"><p>
Added <span class="command"><strong>bind-domain-status</strong></span> command that shows the status of all domains (when/if they were parsed, any errors
encountered while parsing them).
</p></li><li class="listitem"><p>
Added <span class="command"><strong>bind-reload-now</strong></span> command that tries to reload a zone from disk NOW, and reports back errors to the operator
immediately.
</p></li><li class="listitem"><p>
Added <span class="command"><strong>retrieve</strong></span> command that queues a request to retrieve a zone from its master.
</p></li><li class="listitem"><p>
Zones retrieved from masters are now stored way smaller on disk because the domain is stripped from records, which is derived
from the configuration file. Retrieved zones are now prefixed with some information on where they came from.
</p></li></ul></div><p>
</p><p>
Changes:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
gpgsql and gmysql backends split out of the hybrid pgmysqlbackend. This again changed compilation instructions!
</p></li><li class="listitem"><p>
<span class="command"><strong>pdns_control</strong></span> now uses the rarely seen SOCK_STREAM Unix Domain socket variety so it can transport
large amounts of text, which is needed for the <span class="command"><strong>bind-domain-status</strong></span> command, for which see
<a class="xref" href="bindbackend.html#bind-control-commands" title="7.2. Pdns_control commands">Section 7.2, “Pdns_control commands”</a>. This breaks compatibility with older pdns_control and pdns_server binaries!
</p></li><li class="listitem"><p>
Bind backend now ignores 'hint' and 'forward' and other unsupported zone types.
</p></li><li class="listitem"><p>
AXFRs are now logged more heavily by default. An AXFR is a heavy operation anyhow, some more logging does not further
increase the load materially. Does help in clearing up what slaves are doing.
</p></li><li class="listitem"><p>
A lot of master/slave chatter has been silenced, making output more relevant. No more repetitive 'No master domains need notifications' etc, only changes are reported now.
</p></li></ul></div><p>
</p><p>
Bugfixes:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Windows version did not compile without minor changes.
</p></li><li class="listitem"><p>
Confusing error reporting on Windows 98 (which does not support PowerDNS) fixed
</p></li><li class="listitem"><p>
Potential crashes with shortened packets addressed. An upgrade is advised!
</p></li><li class="listitem"><p>
<span class="command"><strong>notify</strong></span> (which was already there, just badly documented) no longer prints out debugging garbage.
</p></li><li class="listitem"><p>
pgmysql backend had problems launching when not compiled in but available as a module. Workaround for 2.9.2 is 'load-modules=pgmysql',
but even then gpgsql would not work! gmysql would then, however. These modules are now split out, removing such issues.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.42. Version 2.9.2"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-9-2"></a>3.42. Version 2.9.2</h3></div></div></div><p>
Bugfixes galore. Solaris porting created some issues on all platforms. Great news is that PowerDNS is now in Debian 'sid' (unstable). The 2.9.1
packages in there currently aren't very good but the 2.9.2 ones will be. Many thanks to Wichert Akkerman, our 'downstream' for making this possible.
</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Warning"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Warning]" src="warning.png" /></td><th align="left">Warning</th></tr><tr><td align="left" valign="top"><p>
The Generic MySQL backend, part of the Generic MySQL & PostgreSQL backend, is now the DEFAULT! The previous default, the
'mysql' backend (note the lack of 'g') is now DEPRECATED. This was the source of much confusion. The 'mysql' backend
does not support MASTER or SLAVE operation. The Generic backends do.
</p><p>
To get back the mysql backend, add --with-modules="mysql" or --with-dynmodules="mysql" if you prefer to load your modules at runtime.
</p></td></tr></table></div><p>
Bugs fixed:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Silly debugging output removed from the webserver (found by Paul Wouters)
</p></li><li class="listitem"><p>
SEVERE: due to Solaris portability fixes, qtypes<127 were broken.
These include NAPTR, ANY and AXFR. The upshot is that powerdns
wasn't performing outgoing AXFRs nor ANY queries. These were the
'question for type -1' warnings in the log
</p></li><li class="listitem"><p>
incoming AXFR could theoretically miss some trailing records (not observed, but could happen)
</p></li><li class="listitem"><p>
incoming AXFR did not support TXT records (spotted by Paul Wouters)
</p></li><li class="listitem"><p>
with some remotes, an incoming AXFR would not terminate until a
timeout occurred (observed by Paul Wouters)
</p></li><li class="listitem"><p>
Documentation bug, pgmysql != mypgsql
</p></li></ul></div><p>
</p><p>
Documentation:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Documented the 'random backend', see <a class="xref" href="randombackend.html" title="2. Random Backend">Section 2, “Random Backend”</a>.
</p></li><li class="listitem"><p>
Wichert Akkerman contributed three manpages.
</p></li><li class="listitem"><p>
Building PowerDNS on Unix is now documented somewhat more, see <a class="xref" href="compiling-powerdns.html#on-unix" title="1. Compiling PowerDNS on Unix">Section 1, “Compiling PowerDNS on Unix”</a>.
</p></li></ul></div><p>
</p><p>
Features:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
pdns init.d script is now +x by default
</p></li><li class="listitem"><p>
OpenBSD is on its way of becoming a supported platform! As of 2.9.2, PowerDNS compiles on OpenBSD but swiftly crashes.
Help is welcome.
</p></li><li class="listitem"><p>
ODBC backend (for Windows only) was missing from the distribution, now added.
</p></li><li class="listitem"><p>
xdb backend added - see <a class="xref" href="xdbbackend.html" title="9. XDB Backend">Section 9, “XDB Backend”</a>. Designed for use by root-server operators.
</p></li><li class="listitem"><p>
Dynamic modules are back which is good news for distributors who want to make a pdns packages that does not
depend one every database under the sun.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.43. Version 2.9.1"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-9-1"></a>3.43. Version 2.9.1</h3></div></div></div><p>
Thanks to the great enthusiasm from around the world, powerdns is now available for Solaris and FreeBSD users again!
Furthermore, the Windows build is back. We are very grateful for the help of:
</p><p>
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Michel Stol</p></li><li class="listitem"><p>Wichert Akkerman</p></li><li class="listitem"><p>Edvard Tuinder</p></li><li class="listitem"><p>Koos van den Hout</p></li><li class="listitem"><p>Niels Bakker</p></li><li class="listitem"><p>Erik Bos</p></li><li class="listitem"><p>Alex Bleker</p></li><li class="listitem"><p>Steven Stillaway</p></li><li class="listitem"><p>Roel van der Made</p></li><li class="listitem"><p>Steven Van Steen</p></li></ul></div><p>
</p><p>
We are happy to have been able to work with the open source community to improve PowerDNS!
</p><p>
Changes:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
The monitor command <span class="command"><strong>set</strong></span> no longer allows the changing of non-existent variables.
</p></li><li class="listitem"><p>
IBM Universal Database DB2 backend now included in source distribution (untested!)
</p></li><li class="listitem"><p>
Oracle backend now included in source distribution (slightly tested!)
</p></li><li class="listitem"><p>
configure script now searches for postgresql and mysql includes
</p></li><li class="listitem"><p>
Bind parser now no longer dies on records with a ' in them (Erik Bos)
</p></li><li class="listitem"><p>
The pipebackend was accidentally left out of 2.9
</p></li><li class="listitem"><p>
FreeBSD fixes (with help from Erik Bos, Alex Bleeker, Niels Bakker)
</p></li><li class="listitem"><p>
Heap of Solaris work (with help from Edvard Tuinder, Stefan Van Steen, Koos van den Hout, Roel van der Made and
especially Mark Bakker).
Now compiles in 2.7 and 2.8, haven't tried 2.9. May be a bit dysfunctional on 2.7 though - it won't do IPv6 and it won't serve AAAA. Patches
welcome!
</p></li><li class="listitem"><p>
Windows 32 build is back! Michel Stol updated his earlier work to the current version.
</p></li><li class="listitem"><p>
S/Linux (Linux on Sparc) build works now (with help from Steven Stillaway).
</p></li><li class="listitem"><p>
Silly debugging message ('sd.ttl from cache') removed
</p></li><li class="listitem"><p>
.deb files are back, hopefully in 'sid' soon! (Wichert Akkerman)
</p></li><li class="listitem"><p>
Removal of bzero and other less portable constructs. Discovered that recent Linux glibc's need -D_GNU_SOURCE (Wichert Akkerman). </p></li></ul></div><p>
</p></div><div class="sect2" title="3.44. Version 2.9"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-9"></a>3.44. Version 2.9</h3></div></div></div><p>
Open source release. Do not deploy unless you know what you are
doing. Stability is expected to return with 2.9.1, as are the binary builds.
</p><p>
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
License changed to the GNU General Public License version 2.
</p></li><li class="listitem"><p>
Cleanups by Erik Bos @ xs4all.
</p></li><li class="listitem"><p>
Build improvements by Wichert Akkerman
</p></li><li class="listitem"><p>
Lots of work on the build system, entirely revamped. By PowerDNS.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.45. Version 2.8"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-8"></a>3.45. Version 2.8</h3></div></div></div><p>
From this release onwards, we'll concentrate on stabilising for the 3.0 release. So if you have any must-have features,
let us know soonest. The 2.8 release fixes a bunch of small stability issues and add two new features. In the spirit of the move to
stability, this release has already been running 24 hours on our servers before release.
</p><p>
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
pipe backend gains the ability to restricts its invocation to a limited number of requests. This allows a very busy nameserver
to still serve packets from a slow perl backend.
</p></li><li class="listitem"><p>
pipe backend now honors query-logging, which also documents which queries were blocked by the regex.
</p></li><li class="listitem"><p>
pipe backend now has its own backend chapter.
</p></li><li class="listitem"><p>
An incoming AXFR timeout at the wrong moment had the ability to crash the binary, forcing a reload. Thanks to our bug spotting
champions Mike Benoit and Simon Kirby of NetNation for reporting this.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.46. Version 2.7 and 2.7.1"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-7"></a>3.46. Version 2.7 and 2.7.1</h3></div></div></div><p>
This version fixes some very long standing issues and adds a few new features. If you are still running 2.6, upgrade yesterday. If you
were running 2.6.1, an upgrade is still strongly advised.
</p><p>
Features:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
The controlsocket is now readable and writable by the 'setgid' user. This allows for non-root
access to PDNS which is nice for mrtg or cricket graphs.
</p></li><li class="listitem"><p>
MySQL backend (the non-generic one) gains the ability to read from a different table using the
<span class="command"><strong>mysql-table</strong></span> setting.
</p></li><li class="listitem"><p>
pipe backend now has a configurable timeout using the <span class="command"><strong>pipe-timeout</strong></span> setting. Thanks to Steve Bromwich
for pointing out the need for this.
</p></li><li class="listitem"><p>
Experimental backtraces. If PowerDNS crashes, it will log a lot of numbers and sometimes more to the syslog.
If you see these, please report them to us. Only available under Linux.
</p></li></ul></div><p>
</p><p>
Bugs:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
2.7 briefly broke the mysql backend, so don't use it if you use that. 2.7.1 fixes this.
</p></li><li class="listitem"><p>
SOA records could sometimes have the wrong TTL. Thanks to Jonas Daugaard for reporting this.
</p></li><li class="listitem"><p>
An ANY query might lead to duplicate SOA records being returned under exceptional circumstances.
Thanks to Jonas Daugaard for reporting this.
</p></li><li class="listitem"><p>
Underlying the above bug, packet compression could sometimes suddenly be turned off, leading to
overly large responses and non-removal of duplicate records.
</p></li><li class="listitem"><p>
The <span class="command"><strong>allow-axfr-ips</strong></span> setting did not accept IP ranges (1.2.3.0/24) which the
documentation claimed it did (thanks to Florus Both of Ascio technologies for being sufficiently persistent in reporting this).
</p></li><li class="listitem"><p>
Killed backends were not being respawned, leading to suboptimal behaviour on intermittent database errors. Thanks to Steve Bromwich for
reporting this.
</p></li><li class="listitem"><p>
Corrupt packets during an incoming AXFR when acting as a slave would cause a PowerDNS reload instead of just failing that AXFR.
Thanks to Mike Benoit and Simon Kirby of NetNation for reporting this.
</p></li><li class="listitem"><p>
Label compression in incoming AXFR had problems with large offsets, causing the above mentioned errors. Thanks to Mike Benoit
and Simon Kirby of NetNation for reporting this.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.47. Version 2.6.1"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-6-1"></a>3.47. Version 2.6.1</h3></div></div></div><p>
Quick fix release for a big cache problem.
</p></div><div class="sect2" title="3.48. Version 2.6"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-6"></a>3.48. Version 2.6</h3></div></div></div><p>
Performance release. A lot of work has been done to raise PDNS performance to staggering levels in order to take part
in benchmarketing efforts. Together with our as yet unnamed partner, PDNS has been benchmarked at 60.000 mostly cached queries/second
on off the shelf PC hardware. Uncached performance was 17.000 uncached DNS queries/second on the .ORG domain.
</p><p>
Performance has been increased by both making PDNS itself quicker but also by lowering the number of backend queries typically needed. Operators
will typically see PDNS taking less CPU and the backend seeing less load.
</p><p>
Furthermore, some real bugs were fixed. A couple of undocumented performance switches may appear in --help output but you are advised to stay
away from these.
</p><p>
Developers: this version needs the pdns-2.5.1 development kit, available on <a class="ulink" href="http://downloads.powerdns.com/releases/dev" target="_top">
http://downloads.powerdns.com/releases/dev</a>. See also <a class="xref" href="backend-writers-guide.html" title="Appendix C. Backend writers' guide">Appendix C, <i>Backend writers' guide</i></a>.
</p><p>
Performance:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
A big error in latency calculations - cached packets were weighed 50 times less, leading to inflated latency reporting. Latency calculations
are now correct and way lower - often in the microseconds range.
</p></li><li class="listitem"><p>
It is now possible to run with 0 second cache TTLs. This used to cause very frequent cache cleanups, leading
to performance degradation.
</p></li><li class="listitem"><p>
Many tiny performance improvements, removing duplicate cache key calculations, etc. The cache itself has also been reworked
to be more efficient.
</p></li><li class="listitem"><p>
First 'CNAME' backend query replaced by an 'ANY' query, which most of the time returns the actual record,
preventing the need for a separate CNAME lookup, halving query load.
</p></li><li class="listitem"><p>
Much of the same for same-level-NS records on queries needing delegation.
</p></li></ul></div><p>
</p><p>
Bugs fixed:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Incidentally, the cache count would show 'unknown' packets, which was harmless but confusing. Thanks to Mike and Simon of
NetNation for reporting this.
</p></li><li class="listitem"><p>
SOA hostmaster with a . in the local-part would be cached wrongly, leading to a stray backslash
in case of multiple successively SOA queries. Thanks to Ascio Technologies for spotting this bug.
</p></li><li class="listitem"><p>
zone2sql did not parse Verisign zone files correctly as these contained a $TTL statement in mid-record.
</p></li><li class="listitem"><p>
Sometimes packets would not be accounted, leading to 'udp-queries' and 'udp-answers' divergence.
</p></li></ul></div><p>
</p><p>
Features:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
'cricket' command added to init.d scripts that provides unadorned output for parsing by 'Cricket'.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.49. Version 2.5.1"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-5-1"></a>3.49. Version 2.5.1</h3></div></div></div><p>
<a class="ulink" href="http://www.tuxedo.org/~esr/jargon/html/entry/brown-paper-bag-bug.html" target="_top">Brown paper bag</a> release fixing
a huge memory leak in the new Query Cache.
</p><p>
Developers: this version needs the new pdns-2.5.1 development kit, available on <a class="ulink" href="http://downloads.powerdns.com/releases/dev" target="_top">
http://downloads.powerdns.com/releases/dev</a>. See also <a class="xref" href="backend-writers-guide.html" title="Appendix C. Backend writers' guide">Appendix C, <i>Backend writers' guide</i></a>.
</p><p>
And some small changes:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Added support for RFC 2308 compliant negative-answer caching. This allows remotes to cache the fact that
a domain does not exist and will not exist for a while. Thanks to Chris Thompson for <a class="ulink" href="http://ops.ietf.org/lists/namedroppers/namedroppers.2002/msg01697.html" target="_top">pointing out how tiny our minds are</a>. This feature may cause a noticeable reduction
in query load.
</p></li><li class="listitem"><p>
Small speedup to non-packet-cached queries, incidentally fixing the huge memory leak.
</p></li><li class="listitem"><p>
<span class="command"><strong>pdns_control ccounts</strong></span> command outputs statistics on what is in the cache, which is
useful to help optimize your caching strategy.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.50. Version 2.5"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-5"></a>3.50. Version 2.5</h3></div></div></div><p>
An important release which has seen quite a lot of trial and error testing. As a result, PDNS can now run with a huge cache
and concurrent invalidations. This is useful when running of a slower database or under high traffic load with a fast database.
</p><p>
Furthermore, the gpgsql2 backend has been validated for use and will soon supplant the gpgsql backend entirely. This also bodes
well for the gmysql backend which is the same code.
</p><p>
Also, a large amount of issues biting large scale slave operators were addressed. Most of these issues would only show up
after prolonged uptime.
</p><p>
New features:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Query cache. The old Packet Cache only cached entire questions and their answers. This is very CPU efficient but
does not lead to maximum hitrate. Two packets both needing to resolve smtp.you.com internally would not benefit
from any caching. Furthermore, many different DNS queries lead to the same backend queries, like 'SOA for .COM?'.
</p><p>
PDNS now also caches backend queries, but only those having no answer (the majority) and those having one answer
(almost the rest).
</p><p>
In tests, these additional caches appear to halve the database backend load numerically and perhaps even more in terms
of CPU load. Often, queries with no answer are more expensive than those having one.
</p><p>
The default <span class="command"><strong>ttl</strong></span>s for the query-cache and negquery-cache are set to safe values (20 and 60 seconds
respectively), you should be seeing an improvement in behaviour without sacrificing a lot in terms of quick updates.
</p><p>
The webserver also displays the efficiency of the new Query Cache.
</p><p>
The old Packet Cache is still there (and useful) but see <a class="xref" href="performance.html" title="Chapter 9. Authoritative Server Performance">Chapter 9, <i>Authoritative Server Performance</i></a> for more details.
</p></li><li class="listitem"><p>
There is now the ability to shut off some logging at a very early stage. High performance sites doing thousands of
queries/second may in fact spend most of their CPU time on attempting to write out logging, even though it is ignored
by syslog. The new flag <span class="command"><strong>log-dns-details</strong></span>, on by default, allows the operator to kill most
informative-only logging before it takes any cpu.
</p></li><li class="listitem"><p>
Flags which can be switched 'on' and 'off' can now also be set to 'off' instead of only to 'no' to turn them off.
</p></li></ul></div><p>
</p><p>
Enhancements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Packet Cache is now case insensitive, leading to a higher hitrate because identical queries only differing in case
now both match. Care is taken to restore the proper case in the answer sent out.
</p></li><li class="listitem"><p>
Packet Cache stores packets more efficiently now, savings are estimated at 50%.
</p></li><li class="listitem"><p>
The Packet Cache is now asynchronous which means that PDNS continues to answer questions while the cache
is busy being purged or queried. Incidentally this will mean a cache miss where previously the question would
wait until the cache became available again.
</p><p>
The upshot of this is that operators can call <span class="command"><strong>pdns_control purge</strong></span> as often as desired without
fearing performance loss. Especially the full, non-specific, purge was sped up tremendously.
</p><p>
This optimization is of little merit for small sites but is very important when running with a large packetcache, such
as when using recursion under high load.
</p></li><li class="listitem"><p>
AXFR log messages now all contain the word 'AXFR' to ease grepping.
</p></li><li class="listitem"><p>
Linux static version now compiled with gcc 3.2 which is known to output better and faster code than the previously
used 3.0.4.
</p></li></ul></div><p>
</p><p>
Bugs fixed:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Packetcache would sometimes send packets back with slightly modified flags if these differed from the flags
of the cached copy.
</p></li><li class="listitem"><p>
Resolver code did bad things with file descriptors leading to fd exhaustion after prolonged uptimes and many slave
SOA currency checks.
</p></li><li class="listitem"><p>
Resolver code failed to properly log some errors, leading to operator uncertainty regarding to AXFR problems with
remote masters.
</p></li><li class="listitem"><p>
After prolonged uptime, slave code would try to use privileged ports for originating queries, leading to bad
replication efficiency.
</p></li><li class="listitem"><p>
Masters sending back answers in differing case from questions would lead to bogus
'Master tried to sneak in out-of-zone data' errors and failing AXFRs.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.51. Version 2.4"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-4"></a>3.51. Version 2.4</h3></div></div></div><p>
Developers: this version is compatible with the pdns-2.1 development kit, available on <a class="ulink" href="http://downloads.powerdns.com/releases/dev" target="_top">
http://downloads.powerdns.com/releases/dev</a>. See also <a class="xref" href="backend-writers-guide.html" title="Appendix C. Backend writers' guide">Appendix C, <i>Backend writers' guide</i></a>.
</p><p>
This version fixes some stability issues with malformed or malcrafted packets. An upgrade is advised. Furthermore, there are interesting new
features.
</p><p>
New features:
</p><p>
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Recursive queries are now also cached, but in a separate namespace so non-recursive queries don't get recursed answers and
vice versa. This should mean way lower database load for sites running with the current default lazy-recursion. Up to now,
each and every recursive query would lead to a large amount of SQL queries.
</p><p>
To prevent the packetcache from becoming huge, a separate <span class="command"><strong>recursive-cache-ttl</strong></span> can be specified.
</p></li><li class="listitem"><p>
The ability to change parameters at runtime was added. Currently, only the new <span class="command"><strong>query-logging</strong></span> flag
can be changed.
</p></li><li class="listitem"><p>
Added <span class="command"><strong>query-logging</strong></span> flag which hints a backend that it should output a textual representation of queries
it receives. Currently only gmysql and gpgsql2 honor this flag.
</p></li><li class="listitem"><p>
Gmysql backend can now also talk to PgSQL, leading to less code. Currently, the old postgresql driver ('gpgsql') is still the default,
the new driver is available as 'gpgsql2' and has the benefit that it does query logging. In the future, gpgsql2 will become the default
gpgsql driver.
</p></li><li class="listitem"><p>
DNS recursing proxy is now more verbose in logging odd events which may be caused by buggy recursing backends.
</p></li><li class="listitem"><p>
Webserver now displays peak queries/second 1 minute average.
</p></li></ul></div><p>
</p><p>
Bugs fixed:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Failure to connect to database in master/slave communicator thread could lead to an unclean reload, fixed.
</p></li></ul></div><p>
</p><p>
Documentation: added details for <span class="command"><strong>strict-rfc-axfrs</strong></span>. This feature can be used if very old clients need to be able
to do zone transfers with PDNS. Very slow.
</p></div><div class="sect2" title="3.52. Version 2.3"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-3"></a>3.52. Version 2.3</h3></div></div></div><p>
Developers: this version is compatible with the pdns-2.1 development kit, available on <a class="ulink" href="http://downloads.powerdns.com/releases/dev" target="_top">
http://downloads.powerdns.com/releases/dev</a>. See also <a class="xref" href="backend-writers-guide.html" title="Appendix C. Backend writers' guide">Appendix C, <i>Backend writers' guide</i></a>.
</p><p>
This release adds the Generic MySQL backend which allows full master/slave semantics with MySQL and InnoDB tables (or other tables that support
transactions). See <a class="xref" href="generic-mypgsql-backends.html" title="3. Generic MySQL and PgSQL backends">Section 3, “Generic MySQL and PgSQL backends”</a>.
</p><p>
Other new features:
</p><p>
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Improved error messages in master/slave communicator will help down track problems.
</p></li><li class="listitem"><p>
<span class="command"><strong>slave-cycle-interval</strong></span> setting added. Very large sites with thousands of slave domains may need to raise this value
above the default of 60. Every cycle, domains in indeterminate state are checked for their condition. Depending on the health of the masters,
this may entail many SOA queries or attempted AXFRs.
</p></li></ul></div><p>
</p><p>
Bugs fixed:
</p><p>
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
'pdns_control purge <strong class="userinput"><code>domain</code></strong>' and 'pdns_control purge <strong class="userinput"><code>domain$</code></strong>' were broken in version 2.2 and
did not in fact purge the cache. There is a slight risk that domain-specific purge commands could force a reload in previous version.
Thanks to Mike Benoit of NetNation for discovering this.
</p></li><li class="listitem"><p>
Master/slave communicator thread got confused in case of delayed answers from slow masters. While not causing harm, this caused inefficient
behaviour when testing large amounts of slave domains because additional 'cycles' had to pass before all domains would have their status
ascertained.
</p></li><li class="listitem"><p>
Backends implementing special SOA semantics (currently only the undocumented 'pdns express backend', or homegrown backends) would
under some circumstances not answer the SOA record in case of an ANY query. This should put an end to the last DENIC problems. Thanks to
DENIC for helping us find the problem.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.53. Version 2.2"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-2"></a>3.53. Version 2.2</h3></div></div></div><p>
Developers: this version is compatible with the pdns-2.1 development kit, available on <a class="ulink" href="http://downloads.powerdns.com/releases/dev" target="_top">
http://downloads.powerdns.com/releases/dev</a>. See also <a class="xref" href="backend-writers-guide.html" title="Appendix C. Backend writers' guide">Appendix C, <i>Backend writers' guide</i></a>.
</p><p>
Again a big release. PowerDNS is seeing some larger deployments in more demanding environments and these are helping shake out remaining issues,
especially with recursing backends.
</p><p>
The big news is that wildcard CNAMEs are now supported, an oft requested feature and nearly the only part in which PDNS differed from BIND in
authoritative capabilities.
</p><p>
If you were seeing signal 6 errors in PDNS causing reloads and intermittent service disruptions, please upgrade to this version.
</p><p>
For operators of PowerDNS Express trying to host .DE domains, the very special <span class="command"><strong>soa-serial-offset</strong></span> feature has been added
to placate the new DENIC requirement that the SOA serial be at least six digits. PowerDNS Express uses the SOA serial as an actual serial and
not to insert dates and hence often has single digit soa serial numbers, causing big problems with .DE redelegations.
</p><p>
Bugs fixed:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Malformed or shortened TCP recursion queries would cause a signal 6 and a reload. Same for EOF from the TCP recursing backend.
Thanks to Simon Kirby and Mike Benoit of NetNation for helping debug this.
</p></li><li class="listitem"><p>
Timeouts on the TCP recursing backend were far too long, leading to possible exhaustion of TCP resolving threads.
</p></li><li class="listitem"><p>
<span class="command"><strong>pdns_control purge domain</strong></span> accidentally cleaned all packets with that name as a prefix. Thanks to Simon Kirby
for spotting this.
</p></li><li class="listitem"><p>
Improved exception error logging - in some circumstances PDNS would not properly log the cause of an exception, which hampered problem
resolution.
</p></li></ul></div><p>
</p><p>
New features:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Wildcard CNAMEs now work as expected!
</p></li><li class="listitem"><p>
<span class="command"><strong>pdns_control purge</strong></span> can now also purge based on suffix, allowing operators to
purge an entire domain from the packet cache instead of only specific records. See also <a class="xref" href="pdns-internals.html#pdnscontrol" title="1.1. pdns_control">Section 1.1, “pdns_control”</a>
Thanks to Mike Benoit for this suggestion.
</p></li><li class="listitem"><p>
<span class="command"><strong>soa-serial-offset</strong></span> for installations with small SOA serial numbers wishing to register .DE domains
with DENIC which demands six-figure SOA serial numbers. See also <a class="xref" href="all-settings.html" title="Chapter 20. Index of all Authoritative Server settings">Chapter 20, <i>Index of all Authoritative Server settings</i></a>.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.54. Version 2.1"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-1"></a>3.54. Version 2.1</h3></div></div></div><p>
This is a somewhat bigger release due to pressing demands from customers. An upgrade is advised for installations using Recursion.
If you are using recursion, it is vital that you are aware of changes in semantics. Basically, local data will now override data in your
recursing backend under most circumstances. Old behaviour can be restored by turning <span class="command"><strong>lazy-recursion</strong></span> off.
</p><p>
Developers: this version has a new pdns-2.1 development kit, available on <a class="ulink" href="http://downloads.powerdns.com/releases/dev" target="_top">
http://downloads.powerdns.com/releases/dev</a>. See also <a class="xref" href="backend-writers-guide.html" title="Appendix C. Backend writers' guide">Appendix C, <i>Backend writers' guide</i></a>.
</p><p>
</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Warning"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Warning]" src="warning.png" /></td><th align="left">Warning</th></tr><tr><td align="left" valign="top"><p>
Most users will run a static version of PDNS which has no dependencies on external libraries. However, some may need to run the dynamic version.
This warning applies to these users.
</p><p>
To run the dynamic version of PDNS, which is needed for backend drivers which are only available in source form, gcc 3.0 is required.
RedHat 7.2 comes with gcc 3.0 as an optional component, RedHat 7.3 does not. However, the RedHat 7.2 Update gcc rpms install just fine
on RedHat 7.3. For Debian, we suggest running 'woody' and installing the g++-3.0 package. We expect to release a FreeBSD dynamic version
shortly.
</p></td></tr></table></div><p>
</p><p>
Bugs fixed:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
RPM releases sometimes overwrote previous configuration files. Thanks to Jorn Ekkelenkamp of Hubris/ISP Services for reporting this.
</p></li><li class="listitem"><p>
TCP recursion sent out overly large responses due to a byte order mistake, confusing some clients. Thanks to the capable engineers
of NetNation for bringing this to our attention.
</p></li><li class="listitem"><p>
TCP recursion in combination with a recursing backend on a non-standard port did not work, leading to a
non-functioning TCP listener. Thanks to the capable engineers of NetNation for bringing this to our attention.
</p></li></ul></div><p>
</p><p>
Unexpected behaviour:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Wildcard URL records where not implemented because they are a performance penalty. To turn these on, enable
<span class="command"><strong>wildcard-url</strong></span> in the configuration.
</p></li><li class="listitem"><p>
Unlike other nameservers, local data did not override the internet for recursing queries. This has mostly been brought into conformance
with user expectations. If a recursive question can be answered entirely from local data, it is. To restore old behaviour, disable
<span class="command"><strong>lazy-recursion</strong></span>. Also see <a class="xref" href="recursion.html" title="Chapter 16. Recursion">Chapter 16, <i>Recursion</i></a>.
</p></li></ul></div><p>
</p><p>
Features:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Oracle support has been tuned, leading to the first public release of the Oracle backend. Zone2sql now outputs better SQL
and the backend is now fully documented. Furthermore, the queries are compatible with the PowerDNS XML-RPC product, allowing
PowerDNS express to run off Oracle. See <a class="xref" href="oracle.html" title="4. Oracle backend">Section 4, “Oracle backend”</a>.
</p></li><li class="listitem"><p>
Zone2sql now accepts --transactions to wrap zones in a transaction for PostgreSQL and Oracle output. This is a major speedup and also
makes for better isolation of inserts. See <a class="xref" href="migration.html#zone2sql" title="1. Zone2sql">Section 1, “Zone2sql”</a>.
</p></li><li class="listitem"><p>
<span class="command"><strong>pdns_control</strong></span> now has the ability to purge the PowerDNS cache or parts of it. This enables operators to
raise the TTL of the Packet Cache to huge values and only to invalidate the cache when changes are made. See also <a class="xref" href="performance.html" title="Chapter 9. Authoritative Server Performance">Chapter 9, <i>Authoritative Server Performance</i></a> and
<a class="xref" href="pdns-internals.html#pdnscontrol" title="1.1. pdns_control">Section 1.1, “pdns_control”</a>.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.55. Version 2.0.1"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-0-1"></a>3.55. Version 2.0.1</h3></div></div></div><p>
Maintenance release, fixing three small issues.
</p><p>
Developers: this version is compatible with 1.99.11 backends.
</p><p>
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
PowerDNS ignored the <span class="command"><strong>logging-facility</strong></span> setting unless it was specified on the command line.
Thanks to Karl Obermayer from WebMachine Technologies for noticing this.
</p></li><li class="listitem"><p>
Zone2sql neglected to preserve 'slaveness' of domains when converting to the slave capable PostgreSQL backend. Thanks
to Mike Benoit of NetNation for reporting this. Zone2sql now has a <span class="command"><strong>--slave</strong></span> option.
</p></li><li class="listitem"><p>
SOA Hostmaster addresses with dots in them before the @-sign were mis-encoded on the wire.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.56. Version 2.0"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-0"></a>3.56. Version 2.0</h3></div></div></div><p>
Two bugfixes, one stability/security related. No new features.
</p><p>
Developers: this version is compatible with 1.99.11 backends.
</p><p>
Bugfixes:
</p><p>
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
zone2sql refused to work under some circumstances, taking 100% cpu and not functioning. Thanks to Andrew Clark and Mike Benoit
for reporting this.
</p></li><li class="listitem"><p>
Fixed a stability issue where malformed packets could force PDNS to reload. Present in all earlier 2.0 versions.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.57. Version 2.0 Release Candidate 2"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-0-rc2"></a>3.57. Version 2.0 Release Candidate 2</h3></div></div></div><p>
Mostly bugfixes, no really new features.
</p><p>
Developers: this version is compatible with 1.99.11 backends.
</p><p>
Bugs fixed:
</p><p>
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
chroot() works again - 2.0rc1 silently refused to chroot. Thanks to Hub Dohmen for noticing this.
</p></li><li class="listitem"><p>
setuid() and setgid() security features were silently not being performed in 2.0rc1. Thanks to Hub Dohmen for noticing this.
</p></li><li class="listitem"><p>
MX preferences over 255 now work as intended. Thanks to Jeff Crowe for noticing this.
</p></li><li class="listitem"><p>
IPv6 clients can now also benefit from the recursing backend feature. Thanks to Andy Furnell for proving beyond any doubt that this
did not work.
</p></li><li class="listitem"><p>
Extremely bogus code removed from DNS notification reception code - please test! Thanks to Jakub Jermar for working with us
in figuring out just how broken this was.
</p></li><li class="listitem"><p>
AXFR code improved to handle more of the myriad different zone transfer dialects available. Specifically, interoperability
with Bind 4 was improved, as well as Bind 8 in 'strict rfc conformance' mode. Thanks again for Jakub Jermar for running many tests for us.
If your transfers failed with 'Unknown type 14!!' or words to that effect, this was it.
</p></li></ul></div><p>
</p><p>
Features:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Win32 version now has a zone2sql tool.
</p></li><li class="listitem"><p>
Win32 version now has support for specifying how urgent messages should be before they go to the NT event log.
</p></li></ul></div><p>
</p><p>
Remaining issues:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
One persistent report of the default 'chroot=./' configuration not working.
</p></li><li class="listitem"><p>
One report of disable-axfr and allow-axfr-ips not working as intended.
</p></li><li class="listitem"><p>
Support for relative paths in zones and in Bind configuration is not bug-for-bug compatible with bind yet.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.58. Version 2.0 Release Candidate 1"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-2-0-rc1"></a>3.58. Version 2.0 Release Candidate 1</h3></div></div></div><p>
The MacOS X release! A very experimental OS X 10.2 build has been added. Furthermore, the Windows version is now in line with Unix with
respect to capabilities. The ODBC backend now has the code to function as both a master and a slave.
</p><p>
Developers: this version is compatible with 1.99.11 backends.
</p><p>
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Implemented native packet response parsing code, allowing Windows to perform AXFR and NS and SOA queries.
</p></li><li class="listitem"><p>
This is the first version for which we have added support for Darwin 6.0, which is part of the forthcoming Mac OS X 10.2.
Please note that although this version is marked RC1, that we have not done extensive testing yet. Consider this a technology
preview.
</p><p>
</p><div class="itemizedlist"><ul class="itemizedlist" type="circle"><li class="listitem"><p>
The Darwin version has been developed on Mac OS X 10.2 (6<a class="ulink" href="http://wiki.powerdns.com/projects/trac/changeset/35" target="_top">35</a>). Other versions may or may not work.
</p></li><li class="listitem"><p>
Currently only the random, bind, mysql and pdns backends are included.
</p></li><li class="listitem"><p>
The menu based installer script does not work, you will have to edit pathconfig by hand as outlined in chapter 2.
</p></li><li class="listitem"><p>
On Mac OS X Client, PDNS will fail to start because a system service is already bound to port 53.
</p></li></ul></div><p>
</p><p>
This version is distributed as a compressed tar file. You should follow the generic UNIX installation instructions.
</p></li></ul></div><p>
</p><p>
Bugs fixed:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Zone2sql PostgreSQL mode neglected to lowercase $ORIGIN. Thanks to Maikel Verheijen of Ladot for spotting this.
</p></li><li class="listitem"><p>
Zone2sql PostgreSQL mode neglected to remove a trailing dot from $ORIGIN if present.
Thanks to Thanks to Maikel Verheijen of Ladot for spotting this.
</p></li><li class="listitem"><p>
Zone file parser was not compatible with bind when $INCLUDING non-absolute file names. Thanks to Jeff Miller for working out
how this should work.
</p></li><li class="listitem"><p>
Bind configuration parser was not compatible with bind when including non-absolute file names. Thanks to Jeff Miller for working out
how this should work.
</p></li><li class="listitem"><p>
Documentation incorrectly listed the Bind backend as 'slave capable'. This is not yet true, now labeled 'experimental'.
</p></li></ul></div><p>
</p><p>
Windows changes. We are indebted to Dimitry Andric who educated us in the ways of distributing Windows software.
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
<code class="filename">pdns.conf</code> is now read if available.
</p></li><li class="listitem"><p>
Console version responds to ^c now.
</p></li><li class="listitem"><p>
Default pdns.conf added to distribution
</p></li><li class="listitem"><p>
Uninstaller missed several files, leaving remnants behind
</p></li><li class="listitem"><p>
DLLs are now installed locally, with the pdns executable.
</p></li><li class="listitem"><p>
pdns_control is now also available on Windows
</p></li><li class="listitem"><p>
ODBC backend can now act as master and slave. Experimental.
</p></li><li class="listitem"><p>
The example zone missed indexes and had other faults.
</p></li><li class="listitem"><p>
A runtime DLL that is present on most windows systems (but not all!) was missing.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.59. Version 1.99.12 Prerelease"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-1-99-12"></a>3.59. Version 1.99.12 Prerelease</h3></div></div></div><p>
The Windows release! See <a class="xref" href="windows.html" title="Chapter 3. Installing on Microsoft Windows">Chapter 3, <i>Installing on Microsoft Windows</i></a>. Beware, windows support is still very fresh and untested. Feedback is very welcome.
</p><p>
Developers: this version is compatible with 1.99.11 backends.
</p><p>
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Windows 2000 code base merge completed. This resulted in quite some changes on the Unix end of things, so this may impact reliability.
</p></li><li class="listitem"><p>
ODBC backend added for Windows. See <a class="xref" href="odbc.html" title="8. ODBC backend">Section 8, “ODBC backend”</a>.
</p></li><li class="listitem"><p>
IBM DB2 Universal Database backend available for Linux. See <a class="xref" href="db2.html" title="6. DB2 backend">Section 6, “DB2 backend”</a>.
</p></li><li class="listitem"><p>
Zone2sql now understands $INCLUDE. Thanks to Amaze Internet for nagging about this
</p></li><li class="listitem"><p>
The SOA Minimum TTL now has a configurable default (<span class="command"><strong>soa-minimum-ttl</strong></span>)value to placate the DENIC requirements.
</p></li><li class="listitem"><p>
Added a limit on the simultaneous numbers of TCP connections to accept (<span class="command"><strong>max-tcp-connections</strong></span>). Defaults to 10.
</p></li></ul></div><p>
</p><p>
Bugs fixed:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
When operating in virtual hosting mode (See <a class="xref" href="virtual.html" title="Chapter 8. Virtual hosting">Chapter 8, <i>Virtual hosting</i></a>), the additional init.d scripts would not function correctly
and interface with other pdns instances.
</p></li><li class="listitem"><p>
PDNS neglected to conserve case on answers. So a query for WwW.PoWeRdNs.CoM would get an answer listing the address of www.powerdns.com.
While this did not confuse resolvers, it is better to conserve case. This has semantic consequences for all backends, which the documentation
now spells out.
</p></li><li class="listitem"><p>
PostgreSQL backend was case sensitive and returned only answers in case an exact match was found. The Generic PostgreSQL backend is now
officially all lower case and zone2sql in PostgreSQL mode enforces this.
Documentation has been been updated to reflect the case change. Thanks to Maikel Verheijen of Ladot for
spotting this!
</p></li><li class="listitem"><p>
Documentation bug - postgresql create/index statements created a duplicate index. If you've previously copy pasted the commands and
not noticed the error, execute <span class="command"><strong>CREATE INDEX rec_name_index ON records(name)</strong></span> to remedy. Thanks to Jeff Miller for reporting
this. This also lead to depressingly slow 'ANY' lookups for those of you doing benchmarks.
</p></li></ul></div><p>
</p><p>
Features:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
pdns_control (see <a class="xref" href="pdns-internals.html#pdnscontrol" title="1.1. pdns_control">Section 1.1, “pdns_control”</a>) now opens the local end of its socket in <code class="filename">/tmp</code> instead of next to the
remote socket (by default <code class="filename">/var/run</code>). This eases the way for allowing non-root access to pdns_control. When running chrooted
(see <a class="xref" href="security.html" title="Chapter 7. Security settings & considerations">Chapter 7, <i>Security settings & considerations</i></a>), the local socket again moves back to <code class="filename">/var/run</code>.
</p></li><li class="listitem"><p>
pdns_control now has a 'version' command. See <a class="xref" href="pdns-internals.html#pdnscontrol" title="1.1. pdns_control">Section 1.1, “pdns_control”</a>.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.60. Version 1.99.11 Prerelease"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-1-99-11"></a>3.60. Version 1.99.11 Prerelease</h3></div></div></div><p>
This release is important because it is the first release which is accompanied by an Open Source Backend Development Kit, allowing external
developers to write backends for PDNS. Furthermore, a few bugs have been fixed:
</p><p>
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Lines with only whitespace in zone files confused PDNS (thanks Henk Wevers)
</p></li><li class="listitem"><p>
PDNS did not properly parse TTLs with symbolic suffixes in zone files, ie 2H instead of 7200 (thanks Henk Wevers)
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.61. Version 1.99.10 Prerelease"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-1-99-10"></a>3.61. Version 1.99.10 Prerelease</h3></div></div></div><p>
IMPORTANT: there has been a tiny license change involving free public webbased dns hosting, check out the changes before deploying!
</p><p>
PDNS is now feature complete, or very nearly so. Besides adding features, a lot of 'fleshing out' work is done now. There is an important
performance bug fix which may have lead to disappointing benchmarks - so if you saw any of that, please try either this version or 1.99.8 which
also does not have the bug.
</p><p>
This version has been very stable for us on multiple hosts, as was 1.99.9.
</p><p>
PostgreSQL users should be aware that while 1.99.10 works with the schema as presented in earlier versions, advanced features
such as master or slave support will not work unless you create the new 'domains' table as well.
</p><p>
Bugs fixed:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Wildcard AAAA queries sometimes received an NXDOMAIN error where they should have gotten an empty NO ERROR. Thanks to Jeroen Massar
for spotting this on the .TK TLD!
</p></li><li class="listitem"><p>
Do not disable the packetcache for 'recursion desired' packets unless a recursor was configured. Thanks to Greg Schueler for noticing this.
</p></li><li class="listitem"><p>
A failing backend would not be reinstated. Thanks to 'Webspider' for discovering this problem with PostgreSQL connections that die after
prolonged inactivity.
</p></li><li class="listitem"><p>
Fixed loads of IPv6 transport problems. Thanks to Marco Davids and others for testing. Considered ready for production now.
</p></li><li class="listitem"><p>
<span class="command"><strong>Zone2sql</strong></span> printed a debugging statement on range $GENERATE commands. Thanks to Rene van Valkenburg for spotting this.
</p></li></ul></div><p>
</p><p>
Features:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
PDNS can now act as a master, sending out notifications in case of changes and allowing slaves to AXFR. Big rewording of replication support,
domains are now either 'native', 'master' or 'slave'. See <a class="xref" href="replication.html" title="Chapter 18. Master/Slave operation & replication">Chapter 18, <i>Master/Slave operation & replication</i></a> for lots of details.
</p></li><li class="listitem"><p>
<span class="command"><strong>Zone2sql</strong></span> in PostgreSQL mode now populates the 'domains' table for easy master, slave or native replication support.
</p></li><li class="listitem"><p>
Ability to disable those annoying Windows DNS Dynamic Update messages from appearing in the log. See <code class="function">log-failed-updates</code>
in <a class="xref" href="all-settings.html" title="Chapter 20. Index of all Authoritative Server settings">Chapter 20, <i>Index of all Authoritative Server settings</i></a>.
</p></li><li class="listitem"><p>
Ability to run on IPv6 transport only
</p></li><li class="listitem"><p>
Logging can now happen under a 'facility' so all PDNS messages appear in their own file. See <a class="xref" href="syslog.html" title="3. Operational logging using syslog">Section 3, “Operational logging using syslog”</a>.
</p></li><li class="listitem"><p>
Different OS releases of PDNS now get different install path defaults. Thanks to Mark Lastdrager for nagging about this and to Nero Imhard and
Frederique Rijsdijk for suggesting saner defaults.
</p></li><li class="listitem"><p>
Infrastructure for 'also-notify' statements added.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.62. Version 1.99.9 Early Access Prerelease"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-1-99-9"></a>3.62. Version 1.99.9 Early Access Prerelease</h3></div></div></div><p>
This is again a feature and an infrastructure release. We are nearly feature complete and will soon start
work on the backends to make sure that they are all master, slave and 'superslave' capable.
</p><p>
Bugs fixed:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
PDNS sometimes sent out duplicate replies for packets passed to the recursing backend. Mostly a problem on SMP systems. Thanks to Mike Benoit
for noticing this.
</p></li><li class="listitem"><p>
Out-of-bailiwick CNAMEs (ie, a CNAME to a domain not in PDNS) caused a 'ServFail' packet in 1.99.8, indicating failure, leading to hosts not
resolving. Thanks to Martin Gillstrom for noticing this.
</p></li><li class="listitem"><p>
Zone2sql balked at zones edited under operating systems terminating files with ^Z (Windows). Thanks Brian Willcott for reporting this.
</p></li><li class="listitem"><p>
PostgreSQL backend logged the password used to connect. Now only does so in case of failure to connect. Thanks to 'Webspider' for noticing this.
</p></li><li class="listitem"><p>
Debian unstable distribution wrongly depended on home compiled PostgreSQL libraries. Thanks to Konrad Wojas for noticing this.
</p></li></ul></div><p>
</p><p>
Features:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
When operating as a slave, AAAA records are now supported in the zone. They were already supported in master zones.
</p></li><li class="listitem"><p>
IPv6 transport support - PDNS can now listen on an IPv6 socket using the <span class="command"><strong>local-ipv6</strong></span> setting.
</p></li><li class="listitem"><p>
Very silly randombackend added which appears in the documentation as a sample backend. See <a class="xref" href="backend-writers-guide.html" title="Appendix C. Backend writers' guide">Appendix C, <i>Backend writers' guide</i></a>.
</p></li><li class="listitem"><p>
When transferring a slave zone from a master, out of zone data is now rejected. Malicious operators might try to insert bad records otherwise.
</p></li><li class="listitem"><p>
'Supermaster' support for automatic provisioning from masters. See <a class="xref" href="slave.html#supermaster" title="2.1. Supermaster automatic provisioning of slaves">Section 2.1, “Supermaster automatic provisioning of slaves”</a>.
</p></li><li class="listitem"><p>
Recursing backend can now live on a non-standard (!=53) port. See <a class="xref" href="recursion.html" title="Chapter 16. Recursion">Chapter 16, <i>Recursion</i></a>.
</p></li><li class="listitem"><p>
Slave zone retrieval is now queued instead of immediate, which scales better and is more resilient to temporary failures.
</p></li><li class="listitem"><p>
<span class="command"><strong>max-queue-length</strong></span> parameter. If this many packets are queued for database attention, consider the situation hopeless and
respawn.
</p></li></ul></div><p>
</p><p>
Internal:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
SOA records are now 'special' and each backend can optionally generate them in special ways. PostgreSQL backend does so
when operating as a slave.
</p></li><li class="listitem"><p>
Writing backends is now a lot easier. See <a class="xref" href="backend-writers-guide.html" title="Appendix C. Backend writers' guide">Appendix C, <i>Backend writers' guide</i></a>.
</p></li><li class="listitem"><p>
Added Bindbackend to internal regression tests, confirming that it is compliant.
</p></li></ul></div><p>
</p></div><div class="sect2" title="3.63. Version 1.99.8 Early Access Prerelease"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-1-99-8"></a>3.63. Version 1.99.8 Early Access Prerelease</h3></div></div></div><p>
A lot of infrastructure work gearing up to 2.0. Some stability bugs fixed and a lot of new features.
</p><p>
Bugs fixed:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Bindbackend was overly complex and crashed on some systems on startup. Simplified launch code.
</p></li><li class="listitem"><p>
SOA fields were not always properly filled in, causing default values to go out on the wire
</p></li><li class="listitem"><p>
Obscure bug triggered by malicious packets (we know who you are) in SOA finding code fixed.
</p></li><li class="listitem"><p>
Magic serial number calculation contained a double free leading to instability.
</p></li><li class="listitem"><p>
Standards violation, questions for domains for which PDNS was unauthoritative now get a SERVFAIL answer.
Thanks to the IETF Namedroppers list for helping out with this.
</p></li><li class="listitem"><p>
Slowly launching backends were being relaunched at a great rate when queries were coming in while launching backends.
</p></li><li class="listitem"><p>
MySQL-on-unix-domain-socket on SMP systems was overwhelmed by the quick connection rate on launch, inserted a small 50ms delay.
</p></li><li class="listitem"><p>
Some SMP problems appear to be compiler related. Shifted to GCC 3.0.4 for Linux.
</p></li><li class="listitem"><p>
Ran ispell on documentation.
</p></li></ul></div><p>
</p><p>
Feature enhancements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Recursing backend. See <a class="xref" href="recursion.html" title="Chapter 16. Recursion">Chapter 16, <i>Recursion</i></a>. Allows recursive and authoritative DNS on the same IP address.
</p></li><li class="listitem"><p>
<a class="link" href="types.html#naptr">NAPTR support</a>, which is especially useful for the ENUM/E.164 community.
</p></li><li class="listitem"><p>
Zone transfers can now be allowed per <a class="link" href="all-settings.html#allow-axfr-ips">netmask instead of only per IP address</a>.
</p></li><li class="listitem"><p>
Preliminary support for slave operation included. Only for the adventurous right now! See <a class="xref" href="slave.html" title="2. Slave operation">Section 2, “Slave operation”</a>
</p></li><li class="listitem"><p>
All record types now documented, see <a class="xref" href="types.html" title="Chapter 22. Supported record types and their storage">Chapter 22, <i>Supported record types and their storage</i></a>.
</p></li></ul></div><p>
</p><div class="sect3" title="Known bugs"><div class="titlepage"><div><div><h4 class="title"><a id="idp7453600"></a>Known bugs</h4></div></div></div><p>
Wildcard CNAMEs do not work as they do with bind.
</p><p>
Recursion sometimes sends out duplicate packets (fixed in 1.99.9 snapshots)
</p><p>
Some stability issues which are caught by the guardian
</p></div><div class="sect3" title="Missing features"><div class="titlepage"><div><div><h4 class="title"><a id="idp7455680"></a>Missing features</h4></div></div></div><p>
Features present in this document, but disabled or withheld from the current release:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
gmysqlbackend, oraclebackend
</p></li></ul></div><p>
</p></div></div><div class="sect2" title="3.64. Version 1.99.7 Early Access Prerelease"><div class="titlepage"><div><div><h3 class="title"><a id="changelog-1-99-7"></a>3.64. Version 1.99.7 Early Access Prerelease</h3></div></div></div><p>
Named.conf parsing got a lot of work and many more bind configurations can now be parsed. Furthermore, error reporting was improved.
Stability is looking good.
</p><p>
Bugs fixed:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Bind parser got confused by file names with underscores and colons.
</p></li><li class="listitem"><p>
Bind parser got confused by spaces in quoted names
</p></li><li class="listitem"><p>
FreeBSD version now stops and starts when instructed to do so.
</p></li><li class="listitem"><p>
Wildcards were off by default, which violates standards. Now on by default.
</p></li><li class="listitem"><p>
--oracle was broken in zone2sql
</p></li></ul></div><p>
</p><p>
Feature enhancements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Line number counting goes on as it should when including files in named.conf
</p></li><li class="listitem"><p>
Added --no-config to enable users to start the pdns daemon without parsing the configuration file.
</p></li><li class="listitem"><p>
zone2sql now has --bare for unformatted output which can be used to generate insert statements for different database layouts
</p></li><li class="listitem"><p>
zone2sql now has --gpgsql, which is an alias for --mysql, to output in a format useful for the default Generic PgSQL backend
</p></li><li class="listitem"><p>
zone2sql is now documented.
</p></li></ul></div><p>
</p><div class="sect3" title="Known bugs"><div class="titlepage"><div><div><h4 class="title"><a id="idp7470128"></a>Known bugs</h4></div></div></div><p>
Wildcard CNAMEs do not work as they do with bind.
</p></div><div class="sect3" title="Missing features"><div class="titlepage"><div><div><h4 class="title"><a id="idp7471264"></a>Missing features</h4></div></div></div><p>
Features present in this document, but disabled or withheld from the current release:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
gmysqlbackend, oraclebackend
</p></li></ul></div><p>
Some of these features will be present in newer releases.
</p></div></div><div class="sect2" title="3.65. Version 1.99.6 Early Access Prerelease"><div class="titlepage"><div><div><h3 class="title"><a id="idp7473920"></a>3.65. Version 1.99.6 Early Access Prerelease</h3></div></div></div><p>
This version is now running on dns-eu1.powerdns.net and working very well for us. But please remain cautious before
deploying!
</p><p>
Bugs fixed:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Webserver neglected to show log messages
</p></li><li class="listitem"><p>
TCP question/answer miscounted multiple questions over one socket. Fixed misnaming of counter
</p></li><li class="listitem"><p>
Packetcache now detects clock skew and times out entries
</p></li><li class="listitem"><p>
named.conf parser now reports errors with line number and offending token
</p></li><li class="listitem"><p>
File names in named.conf can now contain :
</p></li></ul></div><p>
</p><p>
Feature enhancements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
The webserver now by default does not print out configuration statements, which might contain database backends. Use
<span class="command"><strong>webserver-print-arguments</strong></span> to restore the old behaviour.
</p></li><li class="listitem"><p>
Generic PostgreSQL backend is now included. Still rather beta.
</p></li></ul></div><p>
</p><div class="sect3" title="Known bugs"><div class="titlepage"><div><div><h4 class="title"><a id="idp7483440"></a>Known bugs</h4></div></div></div><p>
FreeBSD version does not stop when requested to do so.
</p><p>
Wildcard CNAMEs do not work as they do with bind.
</p></div><div class="sect3" title="Missing features"><div class="titlepage"><div><div><h4 class="title"><a id="idp7485040"></a>Missing features</h4></div></div></div><p>
Features present in this document, but disabled or withheld from the current release:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
gmysqlbackend, oraclebackend
</p></li></ul></div><p>
Some of these features will be present in newer releases.
</p></div></div><div class="sect2" title="3.66. Version 1.99.5 Early Access Prerelease"><div class="titlepage"><div><div><h3 class="title"><a id="idp7487696"></a>3.66. Version 1.99.5 Early Access Prerelease</h3></div></div></div><p>
The main focus of this release is stability and TCP improvements. This is the first release PowerDNS-the-company actually considers for running
on its production servers!
</p><p>
Major bugs fixed:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Zone2sql received a floating point division by zero error on named.confs with less than 100 domains.
</p></li><li class="listitem"><p>
Huffman encoder failed without specific error on illegal characters in a domain
</p></li><li class="listitem"><p>
Fixed huge memory leaks in TCP code.
</p></li><li class="listitem"><p>
Removed further file descriptor leaks in guardian respawning code
</p></li><li class="listitem"><p>
Pipebackend was too chatty.
</p></li><li class="listitem"><p>
pdns_server neglected to close fds 0, 1 & 2 when daemonizing
</p></li></ul></div><p>
</p><p>
Feature enhancements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
bindbackend can be instructed not to check the ctime of a zone by specifying <span class="command"><strong>bind-check-interval=0</strong></span>,
which is also the new default.
</p></li><li class="listitem"><p>
<span class="command"><strong>pdns_server --list-modules</strong></span> lists all available modules.
</p></li></ul></div><p>
</p><p>
Performance enhancements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
TCP code now only creates a new database connection for AXFR.
</p></li><li class="listitem"><p>
TCP connections timeout rather quickly now, leading to less load on the server.
</p></li></ul></div><p>
</p><div class="sect3" title="Known bugs"><div class="titlepage"><div><div><h4 class="title"><a id="idp7501488"></a>Known bugs</h4></div></div></div><p>
FreeBSD version does not stop when requested to do so.
</p><p>
Wildcard CNAMEs do not work as they do with bind.
</p></div><div class="sect3" title="Missing features"><div class="titlepage"><div><div><h4 class="title"><a id="idp7503088"></a>Missing features</h4></div></div></div><p>
Features present in this document, but disabled or withheld from the current release:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
gmysqlbackend, oraclebackend, gpgsqlbackend
</p></li></ul></div><p>
Some of these features will be present in newer releases.
</p></div></div><div class="sect2" title="3.67. Version 1.99.4 Early Access Prerelease"><div class="titlepage"><div><div><h3 class="title"><a id="idp7505760"></a>3.67. Version 1.99.4 Early Access Prerelease</h3></div></div></div><p>
A lot of new named.confs can now be parsed, zone2sql & bindbackend have gained features and stability.
</p><p>
Major bugs fixed:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Label compression was not always enabled, leading to large reply packets sometimes.
</p></li><li class="listitem"><p>
Database errors on TCP server lead to a nameserver reload by the guardian.
</p></li><li class="listitem"><p>
MySQL backend neglected to close its connection properly.
</p></li><li class="listitem"><p>
BindParser miss parsed some IP addresses and netmasks.
</p></li><li class="listitem"><p>
Truncated answers were also truncated on the packetcache, leading to truncated TCP answers.
</p></li></ul></div><p>
</p><p>
Feature enhancements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Zone2sql and the bindbackend now understand the Bind $GENERATE{} syntax.
</p></li><li class="listitem"><p>
Zone2sql can optionally gloss over non-existing zones with <span class="command"><strong>--on-error-resume-next</strong></span>.
</p></li><li class="listitem"><p>
Zone2sql and the bindbackend now properly expand @ also on the right hand side of records.
</p></li><li class="listitem"><p>
Zone2sql now sets a default TTL.
</p></li><li class="listitem"><p>
DNS UPDATEs and NOTIFYs are now logged properly and sent the right responses.
</p></li></ul></div><p>
</p><p>
Performance enhancements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
'Fancy records' are no longer queried for on ANY queries - this is a big speedup.
</p></li></ul></div><p>
</p><div class="sect3" title="Known bugs"><div class="titlepage"><div><div><h4 class="title"><a id="idp7519504"></a>Known bugs</h4></div></div></div><p>
FreeBSD version does not stop when requested to do so.
</p><p>
Zone2sql refuses named.confs with less than 100 domains.
</p><p>
Wildcard CNAMEs do not work as they do with bind.
</p></div><div class="sect3" title="Missing features"><div class="titlepage"><div><div><h4 class="title"><a id="idp7521568"></a>Missing features</h4></div></div></div><p>
Features present in this document, but disabled or withheld from the current release:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
gmysqlbackend, oraclebackend, gpgsqlbackend
</p></li></ul></div><p>
Some of these features will be present in newer releases.
</p></div></div><div class="sect2" title="3.68. Version 1.99.3 Early Access Prerelease"><div class="titlepage"><div><div><h3 class="title"><a id="idp7524240"></a>3.68. Version 1.99.3 Early Access Prerelease</h3></div></div></div><p>
The big news in this release is the BindBackend which is now capable of parsing many more named.conf Bind configurations.
Furthermore, PDNS has successfully parsed very large named.confs with large numbers of small domains, as well as small numbers of
large domains (TLD).
</p><p>
Zone transfers are now also much improved.
</p><p>
Major bugs fixed:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
zone2sql leaked file descriptors on each domain, used wrong Bison recursion leading to
parser stack overflows. This limited the amount of domains that could be parsed to 1024.
</p></li><li class="listitem"><p>
zone2sql can now read all known zone files, with the exception of those containing $GENERATE
</p></li><li class="listitem"><p>
Guardian relaunching a child lost two file descriptors
</p></li><li class="listitem"><p>
Don't die on a connection reset by peer during zone transfer.
</p></li><li class="listitem"><p>
Webserver does not crash anymore on ringbuffer resize
</p></li></ul></div><p>
</p><p>
Feature enhancements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
AXFR can now be disabled, and re-enabled per IP address
</p></li><li class="listitem"><p>
--help accepts a parameter, will then show only help items with that prefix.
</p></li><li class="listitem"><p>
zone2sql now accepts a --zone-name parameter
</p></li><li class="listitem"><p>
BindBackend maturing - 9500 zones parsed in 3.5 seconds. No longer case sensitive.
</p></li></ul></div><p>
</p><p>
Performance enhancements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Implemented RFC-breaking AXFR format (which is the industry standard). Zone transfers now zoom along
at wire speed (many megabits/s).
</p></li></ul></div><p>
</p><div class="sect3" title="Known bugs"><div class="titlepage"><div><div><h4 class="title"><a id="idp7537168"></a>Known bugs</h4></div></div></div><p>
FreeBSD version does not stop when requested to do so.
</p><p>
BindBackend cannot parse zones with $GENERATE statements.
</p></div><div class="sect3" title="Missing features"><div class="titlepage"><div><div><h4 class="title"><a id="idp7538768"></a>Missing features</h4></div></div></div><p>
Features present in this document, but disabled or withheld from the current release:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
gmysqlbackend, oraclebackend, gpgsqlbackend
</p></li></ul></div><p>
Some of these features will be present in newer releases.
</p></div></div><div class="sect2" title="3.69. Version 1.99.2 Early Access Prerelease"><div class="titlepage"><div><div><h3 class="title"><a id="idp7541440"></a>3.69. Version 1.99.2 Early Access Prerelease</h3></div></div></div><p>
Major bugs fixed:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Database backend reload does not hang the daemon anymore
</p></li><li class="listitem"><p>
Buffer overrun in local socket address initialisation may have caused binding problems
</p></li><li class="listitem"><p>
setuid changed the uid to the gid of the selected user
</p></li><li class="listitem"><p>
zone2sql doesn't crash (dump core) on invocation anymore. Fixed lots of small issues.
</p></li><li class="listitem"><p>
Don't parse configuration file when creating configuration file. This was a problem with reinstalling.
</p></li></ul></div><p>
Performance improvements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
removed a lot of unnecessary gettimeofday calls
</p></li><li class="listitem"><p>
removed needless select(2) call in case of listening on only one address
</p></li><li class="listitem"><p>
removed 3 useless syscalls in the fast path
</p></li></ul></div><p>
Having said that, more work may need to be done. Testing on a 486 saw packet rates in a simple setup
(question/wait/answer/question..) improve from 200 queries/second to over 400.
</p><p>
Usability improvements:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
Fixed error checking in init.d script (<span class="command"><strong>show</strong></span>, <span class="command"><strong>mrtg</strong></span>)
</p></li><li class="listitem"><p>
Added 'uptime' to the mrtg output
</p></li><li class="listitem"><p>
removed further GNUisms from installer and init.d scripts for use on FreeBSD
</p></li><li class="listitem"><p>
Debian package and apt repository, thanks to Wichert Akkerman.
</p></li><li class="listitem"><p>
FreeBSD /usr/ports, thanks to Peter van Dijk (in progress).
</p></li></ul></div><p>
</p><p>
Stability may be an issue as well as performance. This version has a tendency to log a bit too much which slows
the nameserver down a lot.
</p><div class="sect3" title="Known bugs"><div class="titlepage"><div><div><h4 class="title"><a id="idp7557408"></a>Known bugs</h4></div></div></div><p>
Decreasing a ringbuffer on the website is a sure way to crash the daemon. Zone2sql, while improved, still
has problems with a zone in the following format:
</p><pre class="programlisting">
name IN A 1.2.3.4
IN A 1.2.3.5
</pre><p>
To fix, add 'name' to the second line.
</p><p>
Zone2sql does not close file descriptors.
</p><p>
FreeBSD version does not stop when requested via the init.d script.
</p></div><div class="sect3" title="Missing features"><div class="titlepage"><div><div><h4 class="title"><a id="idp7560544"></a>Missing features</h4></div></div></div><p>
Features present in this document, but disabled or withheld from the current release:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
gmysqlbackend, oraclebackend, gpgsqlbackend
</p></li><li class="listitem"><p>
fully functioning bindbackend - will try to parse named.conf, but probably fail
</p></li></ul></div><p>
Some of these features will be present in newer releases.
</p></div></div><div class="sect2" title="3.70. Version 1.99.1 Early Access Prerelease"><div class="titlepage"><div><div><h3 class="title"><a id="idp7564112"></a>3.70. Version 1.99.1 Early Access Prerelease</h3></div></div></div><p>
This is the first public release of what is going to become PDNS 2.0. As such, it is not of production quality.
Even PowerDNS-the-company does not run this yet.
</p><p>
Stability may be an issue as well as performance. This version has a tendency to log a bit too much which slows
the nameserver down a lot.
</p><div class="sect3" title="Known bugs"><div class="titlepage"><div><div><h4 class="title"><a id="idp7565792"></a>Known bugs</h4></div></div></div><p>
Decreasing a ringbuffer on the website is a sure way to crash the daemon. Zone2sql is very buggy.
</p></div><div class="sect3" title="Missing features"><div class="titlepage"><div><div><h4 class="title"><a id="idp7566976"></a>Missing features</h4></div></div></div><p>
Features present in this document, but disabled or withheld from the current release:
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
gmysqlbackend, oraclebackend, gpgsqlbackend
</p></li><li class="listitem"><p>
fully functioning bindbackend - will not parse configuration files
</p></li></ul></div><p>
Some of these features will be present in newer releases.
</p></div></div></div><div class="navfooter"><hr /><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="about.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="powerdns.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="security-policy.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">2. About this document </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> 4. Security</td></tr></table></div></body></html>
