<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<HTML
><HEAD
><TITLE
>Release notes</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REL="HOME"
TITLE="PowerDNS manual"
HREF="index.html"><LINK
REL="UP"
TITLE="The PowerDNS dynamic nameserver"
HREF="powerdns.html"><LINK
REL="PREVIOUS"
TITLE="About this document"
HREF="about.html"><LINK
REL="NEXT"
TITLE="Security"
HREF="security-policy.html"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>PowerDNS manual</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="about.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 1. The PowerDNS dynamic nameserver</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="security-policy.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="CHANGELOG"
>1.3. Release notes</A
></H1
><P
> Before proceeding, it is advised to check the release notes for your PDNS version, as specified in the name of the distribution
file.
</P
><P
> Beyond PowerDNS 2.9.20, the Authoritative Server and Recursor are released separately.
</P
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-9-21"
>1.3.1. PowerDNS Authoritative Server version 2.9.21</A
></H2
><P
> Released the 21st of April 2007.
</P
><P
> This is the first release the PowerDNS Authoritative Server since the Recursor was split off to a separate product, and also marks the transfer
of the new technology developed specifically for the recursor, back to the authoritative server.
</P
><P
> This move has reduced the amount of code of the Authoritative server by over 2000 lines, while improving the quality
of the program enormously.
</P
><P
> However, since so much has been changed, care should be taken when deploying 2.9.21.
</P
><P
> To signify the magnitude of the underlying improvements, the next release of the PowerDNS Authoritative Server will be called 3.0.
</P
><P
> This release would not have been possible without large amounts of help and support from the PowerDNS Community. We specifically want to thank
Massimo Bandinelli of Italy's <A
HREF="http://register.it"
TARGET="_top"
>Register.it</A
>, <A
HREF="http://aaldering-ict.nl"
TARGET="_top"
>Dave Aaldering of Aaldering ICT</A
>,
<A
HREF="http://true.nl"
TARGET="_top"
>True BV</A
>, <A
HREF="http://www.xs4all.nl"
TARGET="_top"
>XS4ALL</A
>, Daniel Bilik of <A
HREF="http://www.neosystem.cz"
TARGET="_top"
>Neosystem</A
>,
<A
HREF="http://www.easydns.com"
TARGET="_top"
>EasyDNS</A
>, <A
HREF="http://www.siemens.com"
TARGET="_top"
>Heinrich Ruthensteiner</A
> of Siemens,
<A
HREF="http://schwer.us"
TARGET="_top"
>Augie Schwer</A
>, <A
HREF="http://www.wikipedia.org"
TARGET="_top"
>Mark Bergsma</A
>, <A
HREF="http://www.forfun.net"
TARGET="_top"
>Marco Davids</A
>,
<A
HREF="http://www.opensuse.org"
TARGET="_top"
>Marcus Rueckert of OpenSUSE</A
>, Andre Muraro of <A
HREF="http://www.locaweb.com.br"
TARGET="_top"
>Locaweb</A
>,
Antony Lesuisse, <A
HREF="http://www.linuxnetworks.de"
TARGET="_top"
>Norbert Sendetzky</A
>, <A
HREF="http://www.aruba.it"
TARGET="_top"
>Marco Chiavacci</A
>, Christoph Haas,
Ralf van der Enden and Ruben Kerkhof.
</P
><P
> Security issues:
<P
></P
><UL
><LI
><P
> The previous packet parsing and generating code contained no known bugs, but was however very lengthy and overly complex, and might have had
security problems. The new code is 'inherently safe' because it relies on bounds-checking C++ constructs. Therefore, a move to 2.9.21 is highly
recommended.
</P
></LI
><LI
><P
> Pre-2.9.21, communication between master and server nameservers was not checked as rigidly as possible, possibly allowing third parties to disrupt
but not modify such communications.
</P
></LI
></UL
>
</P
><P
> <DIV
CLASS="WARNING"
><P
></P
><TABLE
CLASS="WARNING"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/warning.gif"
HSPACE="5"
ALT="Warning"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
> The 'bind1' legacy version of our BIND backend has been dropped! There should be no need to rely on this old version anymore, as the main BIND backend
has been very well tested recently.
</P
></TD
></TR
></TABLE
></DIV
>
</P
><P
> Bugs:
<P
></P
><UL
><LI
><P
> Multi-part TXT records weren't supported. This has been fixed, and regression tests have been added. Code in commits <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/1016"
TARGET="_top"
>1016</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/996"
TARGET="_top"
>996</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/994"
TARGET="_top"
>994</A
>.
</P
></LI
><LI
><P
> Email addresses with embedded dots in SOA records were not parsed correctly, nor were other embedded dots. Noted by 'Bastiaan', fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/1026"
TARGET="_top"
>commit 1026</A
>.
</P
></LI
><LI
><P
> BIND backend treated the 'm' TTL modifier as 'months' and not 'minutes'. Closes Debian bug 406462. Addressed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/1026"
TARGET="_top"
>commit 1026</A
>.
</P
></LI
><LI
><P
> Our snapshots were built against a static version of PosgreSQL that was incompatible with many Linux distributions, leading to instant
crashes on startup. Fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/1022"
TARGET="_top"
>1022</A
> and <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/1023"
TARGET="_top"
>1023</A
>.
</P
></LI
><LI
><P
> CNAME referrals to child zones gave improper responses. Noted by Augie Schwer in <A
HREF="http://wiki.powerdns.com/projects/trac/ticket/123"
TARGET="_top"
>ticket 123</A
>, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/992"
TARGET="_top"
>commit 992</A
>.
</P
></LI
><LI
><P
> When passing a port number with the <B
CLASS="COMMAND"
>recursor</B
> setting, this would sometimes generate errors during additional processing. Switched off
overly helpful additional processing for recursive queries to remove this problem. Implemented in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/1031"
TARGET="_top"
>commit 1031</A
>, spotted by Ralf van der Enden.
</P
></LI
><LI
><P
> NS to a nameserver with the name of the zone itself generated problems. Spotted by Augie Schwer, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/947"
TARGET="_top"
>commit 947</A
>.
</P
></LI
><LI
><P
> Multi-line records in the BIND backend were not always parsed correctly. Fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/1014"
TARGET="_top"
>commit 1014</A
>.
</P
></LI
><LI
><P
> The LOC-record had problems operating outside of the eastern hemisphere of the northern part of the world! Fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/1011"
TARGET="_top"
>commit 1011</A
>.
</P
></LI
><LI
><P
> Backends were compiled without multithreading preprocessor flags. As far as we can determine, this would only cause problems for the BIND backend,
but we cannot rule out this caused instability in other backends. Fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/1001"
TARGET="_top"
>commit 1001</A
>.
</P
></LI
><LI
><P
> The BIND backend was highly unstable under reloads, and leaked memory and file descriptors.
Thanks to Mark Bergsma and Massimo Bandinelli for respectively pointing this out to us and testing
large amounts of patches to fix the problem. The fixes have resulted in better performance, less code, and a remarkable simplification
of this backend. Commits <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/1039"
TARGET="_top"
>1039</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/1034"
TARGET="_top"
>1034</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/1035"
TARGET="_top"
>1035</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/1006"
TARGET="_top"
>1006</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/999"
TARGET="_top"
>999</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/905"
TARGET="_top"
>905</A
> and previous.
</P
></LI
><LI
><P
> BIND backend gave convincing NXDOMAINS on unloaded zones in some cases. Spotted and fixed by Daniel Bilik in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/984"
TARGET="_top"
>commit 984</A
>.
</P
></LI
><LI
><P
> SOA records in zone transfers sometimes contained the wrong SOA TTL. Spotted by Christian Kuehn, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/902"
TARGET="_top"
>commit 902</A
>.
</P
></LI
><LI
><P
> PowerDNS could get confused by very high SOA serial numbers. Spotted and fixed by Dan Billik, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/626"
TARGET="_top"
>commit 626</A
>.
</P
></LI
><LI
><P
> Some versions of FreeBSD perform very strict checks on socket address sizes passed to 'connect', which could lead to problems retrieving zones over AXFR.
Fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/891"
TARGET="_top"
>commit 891</A
>.
</P
></LI
><LI
><P
> Some versions of FreeBSD perform very strict checks on IPv6 socket addresses, leading to problems. Discovered by Sten Spans, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/885"
TARGET="_top"
>commit 885</A
> and <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/886"
TARGET="_top"
>commit 886</A
>.
</P
></LI
><LI
><P
> IXFR requests were not logged properly. Noted by Ralf van der Enden, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/990"
TARGET="_top"
>commit 990</A
>.
</P
></LI
><LI
><P
> Some NAPTR records needed an additional space character to encode correctly. Spotted by Heinrich Ruthensteiner, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/1029"
TARGET="_top"
>commit 1029</A
>.
</P
></LI
><LI
><P
> Many bugs in the TCP nameserver, leading to a PowerDNS process that did not respond to TCP queries over time. Many fixes provided by
Dan Bilik, other problems were fixed by rewriting our TCP handling code. Commits <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/982"
TARGET="_top"
>982</A
> and <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/980"
TARGET="_top"
>980</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/950"
TARGET="_top"
>950</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/924"
TARGET="_top"
>924</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/889"
TARGET="_top"
>889</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/874"
TARGET="_top"
>874</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/869"
TARGET="_top"
>869</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/685"
TARGET="_top"
>685</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/684"
TARGET="_top"
>684</A
>.
</P
></LI
><LI
><P
> Fix crashes on the ARM processor due to alignment errors. Thanks to Sjoerd Simons. Closes Debian bug 397031.
</P
></LI
><LI
><P
> Missing data in generic SQL backends would sometimes lead to faked SOA serial data. Spotted by Leander Lakkas from True. Fix in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/866"
TARGET="_top"
>commit 866</A
>.
</P
></LI
><LI
><P
> When receiving two quick notifications in succession, the packet cache would sometimes "process" the second one, leading PowerDNS to ignore it. Spotted by
Dan Bilik, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/686"
TARGET="_top"
>commit 686</A
>.
</P
></LI
><LI
><P
> Geobackend (by Mark Bergsma) did not properly override the getSOA method, breaking non-overlay operation of this fine backend. The geobackend now also
skips '.hidden' configuration files, and now properly disregards empty configuration files. Additionally, the overlapping abilities were improved. Details
available in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/876"
TARGET="_top"
>commit 876</A
>, by Mark.
</P
></LI
></UL
>
</P
><P
> Features:
<P
></P
><UL
><LI
><P
> Thanks to <A
HREF="http://www.easydns.com"
TARGET="_top"
>EasyDNS</A
>, PowerDNS now supports multiple masters per domain. For configuration
details, see <A
HREF="slave.html"
>Section 13.2</A
>. Implemented in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/1018"
TARGET="_top"
>commit 1018</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/1017"
TARGET="_top"
>commit 1017</A
>.
</P
></LI
><LI
><P
> Thanks to <A
HREF="http://www.easydns.com"
TARGET="_top"
>EasyDNS</A
>, PowerDNS now supports the KEY record type, as well the SPF record. In <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/976"
TARGET="_top"
>commit 976</A
>.
</P
></LI
><LI
><P
> Added support for CERT, SSHFP, DNSKEY, DS, NSEC, RRSIG record types, as part of the move to the new DNS parsing/generating code.
</P
></LI
><LI
><P
> Support for the AFSDB record type, as requested by 'Bastian'. Implemented in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/978"
TARGET="_top"
>commit 978</A
>, closing <A
HREF="http://wiki.powerdns.com/projects/trac/ticket/129"
TARGET="_top"
>ticket 129</A
>.
</P
></LI
><LI
><P
> Support for the MR record type. Implemented in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/941"
TARGET="_top"
>commit 941</A
> and <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/1019"
TARGET="_top"
>commit 1019</A
>.
</P
></LI
><LI
><P
> Gsqlite3 backend was added by Antony Lesuisse in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/942"
TARGET="_top"
>commit 942</A
>;
</P
></LI
><LI
><P
> Added the ability to send out light-weight root-referrals that save bandwidth yet still placate mediocre resolver implementations. Implemented in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/912"
TARGET="_top"
>commit 912</A
>,
enable with 'root-referral=lean'.
</P
></LI
></UL
>
</P
><P
> Improvements:
<P
></P
><UL
><LI
><P
> Miscellaneous OpenDBX and LDAP backend improvements by Norbert Sendetzky. Applied in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/977"
TARGET="_top"
>commit 977</A
> and <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/1040"
TARGET="_top"
>commit 1040</A
>.
</P
></LI
><LI
><P
> SGML source of the documentation was cleaned up by Ruben Kerkhof in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/936"
TARGET="_top"
>commit 936</A
>.
</P
></LI
><LI
><P
> Speedups in core DNS label processing code. Implemented in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/928"
TARGET="_top"
>commit 928</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/654"
TARGET="_top"
>commit 654</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/1020"
TARGET="_top"
>commit 1020</A
>.
</P
></LI
><LI
><P
> When communicating with master servers and encountering errors, more useful details are logged. Reported by Stefan Arentz in <A
HREF="http://wiki.powerdns.com/projects/trac/ticket/137"
TARGET="_top"
>ticket 137</A
>, closed by <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/1015"
TARGET="_top"
>commit 1015</A
>.
</P
></LI
><LI
><P
> Database errors are now logged with more details. Addressed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/1004"
TARGET="_top"
>commit 1004</A
>.
</P
></LI
><LI
><P
> pdns_control problems are now logged more verbosely. Change in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/910"
TARGET="_top"
>commit 910</A
>.
</P
></LI
><LI
><P
> Erroneous address configuration was logged unclearly. Spotted by River Tarnell, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/888"
TARGET="_top"
>commit 888</A
>.
</P
></LI
><LI
><P
> Example configuration shipped with PowerDNS was very old. Noted by Leen Besselink, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/946"
TARGET="_top"
>commit 946</A
>.
</P
></LI
><LI
><P
> PowerDNS neglected to chdir to the root when chrooted. This closes <A
HREF="http://wiki.powerdns.com/projects/trac/ticket/110"
TARGET="_top"
>ticket 110</A
>, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/944"
TARGET="_top"
>commit 944</A
>.
</P
></LI
><LI
><P
> Microsoft resolver had problems with responses we generated for CNAMEs pointing out of our bailiwick. Fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/983"
TARGET="_top"
>commit 983</A
> and expedited by Locaweb.com.br.
</P
></LI
><LI
><P
> Built-in webserver logs errors more verbosely. Closes <A
HREF="http://wiki.powerdns.com/projects/trac/ticket/82"
TARGET="_top"
>ticket 82</A
>, gixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/991"
TARGET="_top"
>commit 991</A
>.
</P
></LI
><LI
><P
> Queries containing '@' no longer flood the logs. Addressed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/1014"
TARGET="_top"
>commit 1014</A
>.
</P
></LI
><LI
><P
> The build process now looks for PostgreSQL in more places. Implemented in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/998"
TARGET="_top"
>commit 998</A
>, closes <A
HREF="http://wiki.powerdns.com/projects/trac/ticket/90"
TARGET="_top"
>ticket 90</A
>.
</P
></LI
><LI
><P
> Speedups in the BIND backend now mean large installations enjoy startup times up to 30 times faster than with the original BIND nameserver. Many thanks
to Massimo Bandinelli.
</P
></LI
><LI
><P
> BIND backend now offers full support for query logging, implemented in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/1026"
TARGET="_top"
>commit 1026</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/1029"
TARGET="_top"
>commit 1029</A
>.
</P
></LI
><LI
><P
> BIND backend named.conf parsing is now fully case-insensitive for domain names. This closes Debian bug 406461, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/1027"
TARGET="_top"
>commit 1027</A
>.
</P
></LI
><LI
><P
> IPv6 and IPv4 address parsing routines have been replaced, which should result in prettier output in some cases. <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/962"
TARGET="_top"
>commit 962</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/1012"
TARGET="_top"
>commit 1012</A
> and others.
</P
></LI
><LI
><P
> 5 new regression tests have been added to insure old bugs do not return.
</P
></LI
><LI
><P
> Fix small issues with very modern compilers and BOOST snapshots. Noted by Marcus Rueckert, addressed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/954"
TARGET="_top"
>commit 954</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/964"
TARGET="_top"
>commit 964</A
> <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/965"
TARGET="_top"
>commit 965</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/1003"
TARGET="_top"
>commit 1003</A
>.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-RECURSOR-3-1-4"
>1.3.2. Recursor version 3.1.4</A
></H2
><P
> Released the 13th of November 2006.
</P
><P
> This release contains almost no new features, but consists mostly of minor and major bug fixes. It also addresses two major security issues, which makes
this release a highly recommended upgrade.
</P
><P
> Security issues:
<P
></P
><UL
><LI
><P
> Large TCP questions followed by garbage could cause the recursor to crash. This critical security issue has been assigned CVE-2006-4251, and is fixed in
<A
HREF="http://wiki.powerdns.com/projects/trac/changeset/915"
TARGET="_top"
>commit 915</A
>. More information can be found in <A
HREF="powerdns-advisory-2006-01.html"
>Section 1.5</A
>.
</P
></LI
><LI
><P
> CNAME loops with zero second TTLs could cause crashes in some conditions. These loops could be constructed by malicious parties,
making this issue a potential denial of service attack. This security issue has been assigned CVE-2006-4252 and is fixed by <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/919"
TARGET="_top"
>commit 919</A
>.
More information can be found in <A
HREF="powerdns-advisory-2006-02.html"
>Section 1.6</A
>. Many thanks to David Gavarret for helping pin down this problem.
</P
></LI
></UL
>
</P
><P
> Bugs:
<P
></P
><UL
><LI
><P
> On certain error conditions, PowerDNS would neglect to close a socket, which might therefore eventually run out. Spotted by Stefan Schmidt, fixed in commits <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/892"
TARGET="_top"
>892</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/897"
TARGET="_top"
>897</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/899"
TARGET="_top"
>899</A
>.
</P
></LI
><LI
><P
> Some nameservers (including PowerDNS in rare circumstances) emit a SOA record in the authority section. The recursor mistakenly interpreted this as an
authoritative "NXRRSET". Spotted by Bryan Seitz, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/893"
TARGET="_top"
>commit 893</A
>.
</P
></LI
><LI
><P
> In some circumstances, PowerDNS could end up with a useless (not working, or no longer working) set of nameserver records for a domain. This release contains logic
to invalidate such broken NSSETs, without overloading authoritative servers. This problem had previously been spotted by Bryan Seitz, 'Cerb' and Darren Gamble.
Invalidations of NSSETs can be plotted using the "nsset-invalidations" metric, available through <B
CLASS="COMMAND"
>rec_control get</B
>.
Implemented in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/896"
TARGET="_top"
>commit 896</A
> and <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/901"
TARGET="_top"
>commit 901</A
>.
</P
></LI
><LI
><P
> PowerDNS could crash while dumping the cache using <B
CLASS="COMMAND"
>rec_control dump-cache</B
>. Reported by Wouter of WideXS and Stefan Schmidt and many others, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/900"
TARGET="_top"
>commit 900</A
>.
</P
></LI
><LI
><P
> Under rare circumstances (depleted TCP buffers), PowerDNS might send out incomplete questions to remote servers. Additionally, on big-endian systems (non-Intel and non-AMD
generally), sending out large TCP answers questions would not work at all, and possibly crash. Brought to our attention by David Gavarret, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/903"
TARGET="_top"
>commit 903</A
>.
</P
></LI
><LI
><P
> The recursor contained the potential for a dead-lock processing an invalid domain name. It is not known how this might be triggered,
but it has been observed by 'Cerb' on #powerdns. Several dead-locks where PowerDNS consumed all CPU, but did not answer questions,
have been reported in the past few months. These might be fixed by <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/904"
TARGET="_top"
>commit 904</A
>.
</P
></LI
><LI
><P
> IPv6 'allow-from' matching had problems with the least significant bits, sometimes allowing disallowed addresses, but mostly disallowing allowed addresses. Spotted by Wouter
from WideXS, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/916"
TARGET="_top"
>commit 916</A
>.
</P
></LI
></UL
>
Improvements:
<P
></P
><UL
><LI
><P
> PowerDNS has support to drop answers from so called 'delegation only' zones. A statistic ("dlg-only-drops") is now available to plot how often this happens. Implemented in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/890"
TARGET="_top"
>commit 890</A
>.
</P
></LI
><LI
><P
> Hint-file parameter was mistakenly named "hints-file" in the documentation. Spotted by my Marco Davids, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/898"
TARGET="_top"
>commit 898</A
>.
</P
></LI
><LI
><P
> <B
CLASS="COMMAND"
>rec_control quit</B
> should be near instantaneous now, as it no longer meticulously cleans up memory before exiting. Problem spotted by Darren Gamble, fixed in
<A
HREF="http://wiki.powerdns.com/projects/trac/changeset/914"
TARGET="_top"
>commit 914</A
>, closing <A
HREF="http://wiki.powerdns.com/projects/trac/ticket/84"
TARGET="_top"
>ticket 84</A
>.
</P
></LI
><LI
><P
> init.d script no longer refers to the Recursor as the Authoritative Server. Spotted by Wouter of WideXS, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/913"
TARGET="_top"
>commit 913</A
>.
</P
></LI
><LI
><P
> A potentially serious warning for users of the GNU C Library version 2.5 was fixed. Spotted by Marcus Rueckert, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/920"
TARGET="_top"
>commit 920</A
>.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-RECURSOR-3-1-3"
>1.3.3. Recursor version 3.1.3</A
></H2
><P
> Released the 12th of September 2006.
</P
><P
> Compared to 3.1.2, this release again consists of a number of mostly minor bug fixes, and some slight improvements.
</P
><P
> Many thanks are again due to Darren Gamble who together with his team has discovered many misconfigured domains that do work
with some other name servers. DNS has long been tolerant of misconfigurations, PowerDNS intends to uphold that tradition. Almost all of
the domains found by Darren now work as well in PowerDNS as in other name server implementations.
</P
><P
> Thanks to some recent migrations, this release, or something very close to it, is powering over 40 million internet connections that
we know of. We appreciate hearing about succesful as well as unsuccesful migrations, please feel free to notify pdns.bd@powerdns.com of your
experiences, good or bad.
</P
><P
> Bug-fixes:
<P
></P
><UL
><LI
><P
> The MThread default stack size was too small, which led to problems, mostly on 64-bit platforms. This stack size is now configurable
using the <B
CLASS="COMMAND"
>stack-size</B
> setting should our estimate be off. Discovered by Darren Gamble, Sten Spans and a number of others.
Fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/868"
TARGET="_top"
>commit 868</A
>.
</P
></LI
><LI
><P
> Plug a small memory leak discovered by Kai and Darren Gamble, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/870"
TARGET="_top"
>commit 870</A
>.
</P
></LI
><LI
><P
> Switch from the excellent nedmalloc to dlmalloc, based on advice by the nedmalloc author. Nedmalloc is optimised for multithreaded
operation, whereas the PowerDNS recursor is single threaded. The version of nedmalloc shipped contained a number of possible bugs,
which are probably resolved by moving to dlmalloc. Some reported crashes on hitting 2G of allocated memory on 64 bit systems might
be solved by this switch, which should also increase performance. See <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/873"
TARGET="_top"
>commit 873</A
> for details.
</P
></LI
></UL
>
</P
><P
> Improvements:
<P
></P
><UL
><LI
><P
> The cache is now explicitly aware of the difference between authoritative and unauthoritative data, allowing it to deal
with some domains that have different data in the parent zone than in the authoritative zone. Patch in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/867"
TARGET="_top"
>commit 867</A
>.
</P
></LI
><LI
><P
> No longer try to parse DNS updates as if they were queries. Discovered and fixed by Jan Gyselinck, fix in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/871"
TARGET="_top"
>commit 871</A
>.
</P
></LI
><LI
><P
> Rebalance logging priorities for less log cluttering and add IP address to a remote server error message.
Noticed and fixed by Jan Gyselinck (<A
HREF="http://wiki.powerdns.com/projects/trac/changeset/877"
TARGET="_top"
>commit 877</A
>).
</P
></LI
><LI
><P
> Add <B
CLASS="COMMAND"
>logging-facility</B
> setting, allowing syslog to send PowerDNS logging to a separate file. Added in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/871"
TARGET="_top"
>commit 871</A
>.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-RECURSOR-3-1-2"
>1.3.4. Recursor version 3.1.2</A
></H2
><P
> Released Monday 26th of June 2006.
</P
><P
> Compared to 3.1.1, this release consists almost exclusively of bug-fixes and speedups. A quick update is recommended, as some of the bugs
impact operators of authoritative zones on the internet. This version has been tested by some of the largest internet providers on the planet,
and is expected to perform well for everybody.
</P
><P
> Many thanks are due to Darren Gamble, Stefan Schmidt and Bryan Seitz who all provided excellent feedback based on their large-scale
tests of the recursor.
</P
><P
> Bug-fixes:
<P
></P
><UL
><LI
><P
> Internal authoritative server did not differentiate between 'NXDOMAIN' and 'NXRRSET', in other words, it would answer
'no such host' when an AAAA query came in for a domain that did exist, but did not have an AAAA record. This only affects
users with <B
CLASS="COMMAND"
>auth-zones</B
> configured. Discovered by Bryan Seitz, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/848"
TARGET="_top"
>commit 848</A
>.
</P
></LI
><LI
><P
> ANY queries for hosts where nothing was present in the cache would not work. This did not cause real problems as ANY queries are
not reliable (by design) for anything other than debugging, but did slow down the nameserver and cause unnecessary load on remote
nameservers. Fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/854"
TARGET="_top"
>commit 854</A
>.
</P
></LI
><LI
><P
> When exceeding the configured maximum amount of TCP sessions, TCP support would break and the nameserver would waste CPU trying to accept TCP
connections on UDP ports. Noted by Bryan Seitz, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/849"
TARGET="_top"
>commit 849</A
>.
</P
></LI
><LI
><P
> DNS queries come in two flavours: recursion desired and non-recursion desired. The latter is not very useful for a recursor, but is
sometimes (erroneously) used by monitoring software or loadbalancers to detect nameserver availability. A non-rd query would not only not recurse,
but also not query authoritative zones, which is confusing. Fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/847"
TARGET="_top"
>commit 847</A
>.
</P
></LI
><LI
><P
> Non-standard DNS TCP queries, that did occur however, could drive the recursor to 100% CPU usage for extended periods of time. This did not disrupt service
immediately, but does waste a lot of CPU, possibly exhausting resources. Discovered by Bryan Seitz, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/858"
TARGET="_top"
>commit 858</A
>, which is post-3.1.2-rc1.
</P
></LI
><LI
><P
> The PowerDNS recursor did not honour the rare but standardised 'ANY' query class (normally 'ANY' refers to the query type, not class), upsetting the Wildfire
Jabber server. Discovered and debugged by Daniel Nauck, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/859"
TARGET="_top"
>commit 859</A
>, which is post-3.1.2-rc1.
</P
></LI
><LI
><P
> Everybody's favorite, when starting up under high load, a bogus line of statistics was sometimes logged. Fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/851"
TARGET="_top"
>commit 851</A
>.
</P
></LI
><LI
><P
> Remove some spurious debugging output on dropping a packet by an unauthorized host. Discovered by Kai. Fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/854"
TARGET="_top"
>commit 854</A
>.
</P
></LI
></UL
>
</P
><P
> Improvements:
<P
></P
><UL
><LI
><P
> Misconfigured domains, with a broken nameserver in the parent zone, should now work better. Changes motivated and suggested by
Darren Gamble. This makes PowerDNS more compliant with RFC 2181 by making it prefer authoritative data over non-authoritative data.
Implemented in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/856"
TARGET="_top"
>commit 856</A
>.
</P
></LI
><LI
><P
> PowerDNS can now listen on multiple ports, using the <B
CLASS="COMMAND"
>local-address</B
> setting. Added in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/845"
TARGET="_top"
>commit 845</A
>.
</P
></LI
><LI
><P
> A number of speedups which should have a noticeable impact, implemented in commits <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/850"
TARGET="_top"
>850</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/852"
TARGET="_top"
>852</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/853"
TARGET="_top"
>853</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/855"
TARGET="_top"
>855</A
>
</P
></LI
><LI
><P
> The recursor now works around an issue with the Linux kernel 2.6.8, as shipped by Debian. Fixed by Christof Meerwald in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/860"
TARGET="_top"
>commit 860</A
>, which is post 3.1.2-rc1.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-RECURSOR-3-1-1"
>1.3.5. Recursor version 3.1.1</A
></H2
><P
> <DIV
CLASS="WARNING"
><P
></P
><TABLE
CLASS="WARNING"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/warning.gif"
HSPACE="5"
ALT="Warning"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>
3.1.1 is identical to 3.1 except for a bug in the packet chaining code which would mainly manifest itself for IPv6 enabled Konqueror
users with very fast connections to their PowerDNS installation. However, all 3.1 users are urged to upgrade to 3.1.1.
Many thanks to Alessandro Bono for his quick aid in solving this problem.
</P
></TD
></TR
></TABLE
></DIV
>
</P
><P
> Released on the 23rd of May 2006. Many thanks are due to the operators of some of the largest internet access providers in the world,
each having many millions of customers, who have tested the various 3.1 pre-releases for suitability. They have uncovered and helped
fix bugs that could impact us all, but are only (quickly) noticeable with such vast amounts of DNS traffic.
</P
><P
> After version 3.0.1 has proved to hold up very well under tremendous loads, 3.1 adds important new features:
<P
></P
><UL
><LI
><P
> Ability to serve authoritative data from 'BIND' style zone files (using <B
CLASS="COMMAND"
>auth-zones</B
> statement).
</P
></LI
><LI
><P
> Ability to forward domains so configured to external servers (using <B
CLASS="COMMAND"
>forward-zones</B
>).
</P
></LI
><LI
><P
> Possibility of 'serving' the contents of <TT
CLASS="FILENAME"
>/etc/hosts</TT
> over DNS, which is very well
suited to simple domestic router/DNS setups. Enabled using <B
CLASS="COMMAND"
>export-etc-hosts</B
>.
</P
></LI
><LI
><P
> As recommended by recent standards documents, the PowerDNS recursor is now authoritative for RFC-1918 private IP space
zones by default (suggested by Paul Vixie).
</P
></LI
><LI
><P
> Full outgoing IPv6 support (off by default) with IPv6 servers getting equal treatment with IPv4, nameserver
addresses are chosen based on average response speed, irrespective of protocol.
</P
></LI
><LI
><P
> Initial Windows support, including running as a service ('NET START "POWERDNS RECURSOR"'). <B
CLASS="COMMAND"
>rec_channel</B
> is still missing,
the rest should work. Performance appears to be below that of the UNIX versions, this situation is expected to improve.
</P
></LI
></UL
>
</P
><P
> Bug fixes:
<P
></P
><UL
><LI
><P
> No longer send out SRV and MX record priorities as zero on big-endian platforms (UltraSPARC). Discovered by Eric Sproul, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/773"
TARGET="_top"
>commit 773</A
>.
</P
></LI
><LI
><P
> SRV records need additional processing, especially in an Active Directory setting. Reported by Kenneth Marshall, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/774"
TARGET="_top"
>commit 774</A
>.
</P
></LI
><LI
><P
> The root-records were not being refreshed, which could lead to problems under inconceivable conditions. Fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/780"
TARGET="_top"
>commit 780</A
>.
</P
></LI
><LI
><P
> Fix resolving domain names for nameservers with multiple IP addresses, with one of these addresses being lame. Other nameserver implementations
were also unable to resolve these domains, so not a big bug. Fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/780"
TARGET="_top"
>commit 780</A
>.
</P
></LI
><LI
><P
> For a period of 5 minutes after expiring a negative cache entry, the domain would not be re-cached negatively, leading to a lot of duplicate
outgoing queries for this short period. This fix has raised the average cache hit rate of the recursor by a few percent. Fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/783"
TARGET="_top"
>commit 783</A
>.
</P
></LI
><LI
><P
> Query throttling was not aggressive enough and not all sorts of queries were throttled. Implemented in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/786"
TARGET="_top"
>commit 786</A
>.
</P
></LI
><LI
><P
> Fix possible crash during startup when parsing empty configuration lines (<A
HREF="http://wiki.powerdns.com/projects/trac/changeset/807"
TARGET="_top"
>commit 807</A
>).
</P
></LI
><LI
><P
> Fix possible crash when the first query after wiping a cache entry was for the just deleted entry. Rare in production servers. Fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/820"
TARGET="_top"
>commit 820</A
>.
</P
></LI
><LI
><P
> Recursor would send out differing TTLs when receiving a misconfigured, standards violating, RRSET with different TTLs. Implement fix as mandated by
RFC 2181, paragraph 5.2. Reported by Stephen Harker (<A
HREF="http://wiki.powerdns.com/projects/trac/changeset/819"
TARGET="_top"
>commit 819</A
>).
</P
></LI
><LI
><P
> The <B
CLASS="COMMAND"
>top-remotes</B
> would list remotes duplicately, once per source port. Discovered by Jorn Ekkelenkamp, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/827"
TARGET="_top"
>commit 827</A
>, which is post 3.1-pre1.
</P
></LI
><LI
><P
> Default <B
CLASS="COMMAND"
>allow-from</B
> allowed queries from fe80::/16, corrected to fe80::/10. Spotted by Niels Bakker, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/829"
TARGET="_top"
>commit 829</A
>, which is post 3.1-pre1.
</P
></LI
><LI
><P
> While PowerDNS blocks failing queries quickly, multiple packets could briefly be in flight for the same domain and nameserver. This situation is now
explicitly detected and queries are chained to identical queries already in flight. Fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/833"
TARGET="_top"
>commit 833</A
> and <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/834"
TARGET="_top"
>commit 834</A
>, post 3.1-pre1.
</P
></LI
></UL
>
</P
><P
> Improvements:
<P
></P
><UL
><LI
><P
> ANY queries are now implemented as in other nameserver implementations, leading to a decrease in outgoing queries. The RFCs are not very
clear on desired behaviour, what is implemented now saves bandwidth and CPU and brings us in line with existing practice. Previously
ANY queries were not cached by the PowerDNS recursor. Implemented in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/784"
TARGET="_top"
>commit 784</A
>.
</P
></LI
><LI
><P
> <B
CLASS="COMMAND"
>rec_control</B
> was very sparse in its error reporting, and user unfriendly as well. Reported by Erik Bos, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/818"
TARGET="_top"
>commit 818</A
> and <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/820"
TARGET="_top"
>commit 820</A
>.
</P
></LI
><LI
><P
> IPv6 addresses were printed in a non-standard way, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/788"
TARGET="_top"
>commit 788</A
>.
</P
></LI
><LI
><P
> TTLs of records are now capped at two weeks, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/820"
TARGET="_top"
>commit 820</A
>.
</P
></LI
><LI
><P
> <B
CLASS="COMMAND"
>allow-from</B
> IPv4 netmasks now automatically work for IP4-to-IPv6 mapper IPv4 addresses, which appear when running on the wildcard
<B
CLASS="COMMAND"
>::</B
> IPv6 address. Lack of feature noted by Marcus 'darix' Rueckert. Fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/826"
TARGET="_top"
>commit 826</A
>, which is post 3.1-pre1.
</P
></LI
><LI
><P
> Errors before daemonizing are now also sent to syslog. Suggested by Marcus 'darix' Rueckert. Fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/825"
TARGET="_top"
>commit 825</A
>, which is post 3.1-pre1.
</P
></LI
><LI
><P
> When launching without any form of configured network connectivity, all root-servers would be cached as 'down' for some time. Detect this special case
and treat it as a resource-constraint, which is not accounted against specific nameservers. Spotted by Seth Arnold, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/835"
TARGET="_top"
>commit 835</A
>, which is post 3.1-pre1.
</P
></LI
><LI
><P
> The recursor now does not allow authoritative servers to keep supplying its own NS records into perpetuity, which causes problems
when a domain is redelegated but the old authorative servers are not updated to this effect. Noticed and explained at length by Darren
Gamble of Shaw Communications, addressed by <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/837"
TARGET="_top"
>commit 837</A
>, which is post 3.1-pre2.
</P
></LI
><LI
><P
> Some operators may want to follow RFC 2181 paragraph 5.2 and 5.4. This harms performance and does not solve any real problem,
but does make PowerDNS more compliant. If you want this, enable <B
CLASS="COMMAND"
>auth-can-lower-ttl</B
>. Implemented in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/838"
TARGET="_top"
>commit 838</A
>, which is
post 3.1-pre2.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-RECURSOR-3-0-1"
>1.3.6. Recursor version 3.0.1</A
></H2
><P
> Released 25th of April 2006, <A
HREF="http://www.powerdns.com/en/downloads.aspx"
TARGET="_top"
>download</A
>.
</P
><P
> This release consists of nothing but tiny fixes to 3.0, including one with security implications. An upgrade is highly recommended.
</P
><P
> <P
></P
><UL
><LI
><P
> Compilation used both <TT
CLASS="FILENAME"
>cc</TT
> and <TT
CLASS="FILENAME"
>gcc</TT
>, leading to the possibility of compiling with different compiler versions (<A
HREF="http://wiki.powerdns.com/projects/trac/changeset/766"
TARGET="_top"
>commit 766</A
>).
</P
></LI
><LI
><P
> <B
CLASS="COMMAND"
>rec_control</B
> would leave files named <TT
CLASS="FILENAME"
>lsockXXXXXX</TT
> around in the configured socket-dir. Operators
may wish to remove these files from their socket-dir (often <TT
CLASS="FILENAME"
>/var/run</TT
>), quite a few might have accumulated already (<A
HREF="http://wiki.powerdns.com/projects/trac/changeset/767"
TARGET="_top"
>commit 767</A
>).
</P
></LI
><LI
><P
> Certain malformed packets could crash the recursor. As far as we can determine these packets could only lead to a crash,
but as always, there are no guarantees. A quick upgrade is highly recommended (commits <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/760"
TARGET="_top"
>760</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/761"
TARGET="_top"
>761</A
>). Reported by David Gavarret.
</P
></LI
><LI
><P
> Recursor would not distinguish between NXDOMAIN and NXRRSET (<A
HREF="http://wiki.powerdns.com/projects/trac/changeset/756"
TARGET="_top"
>commit 756</A
>). Reported and debugged by Jorn Ekkelenkamp.
</P
></LI
><LI
><P
> Some error messages and trace logging statements were improved (commits <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/756"
TARGET="_top"
>756</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/758"
TARGET="_top"
>758</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/759"
TARGET="_top"
>759</A
>).
</P
></LI
><LI
><P
> stderr was closed during daemonizing, but not dupped to /dev/null, leading to slight chance of odd behaviour on reporting errors (<A
HREF="http://wiki.powerdns.com/projects/trac/changeset/757"
TARGET="_top"
>commit 757</A
>)
</P
></LI
></UL
>
Operating system specific fixes:
<P
></P
><UL
><LI
><P
> The stock Debian sarge Linux kernel, 2.6.8, claims to support epoll but fails at runtime. The epoll self-testing code has been improved,
and PowerDNS will fall back to a select based multiplexer if needed (<A
HREF="http://wiki.powerdns.com/projects/trac/changeset/758"
TARGET="_top"
>commit 758</A
>) Reported by Michiel van Es.
</P
></LI
><LI
><P
> Solaris 8 compilation and runtime issues were addressed. See the README for details (<A
HREF="http://wiki.powerdns.com/projects/trac/changeset/765"
TARGET="_top"
>commit 765</A
>). Reported by Juergen Georgi and Kenneth Marshall.
</P
></LI
><LI
><P
> Solaris 10 x86_64 compilation issues were addressed (<A
HREF="http://wiki.powerdns.com/projects/trac/changeset/755"
TARGET="_top"
>commit 755</A
>). Reported and debugged by Eric Sproul.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-RECURSOR-3-0"
>1.3.7. Recursor version 3.0</A
></H2
><P
> Released 20th of April 2006, <A
HREF="http://www.powerdns.com/en/downloads.aspx"
TARGET="_top"
>download</A
>.
</P
><P
> This is the first separate release of the PowerDNS Recursor. There are many reasons for this, one of the most important ones is that
previously we could only do a release when both the recursor and the authoritative nameserver were fully tested and in good shape. The split
allows us to release new versions when each part is ready.
</P
><P
> Now for the real news. This version of the PowerDNS recursor powers the network access of over two million internet connections. Two large
access providers have been running pre-releases of 3.0 for the past few weeks and results are good. Furthermore, the various pre-releases
have been tested nearly non-stop with DNS traffic replayed at 3000 queries/second.
</P
><P
> As expected, the 2 million househoulds shook out some very rare bugs. But even a rare bug happens once in a while when there are this many users.
</P
><P
> We consider this version of the PowerDNS recursor to be the most advanced resolver publicly available. Given current levels of spam, phishing
and other forms of internet crime we think no recursor should offer less than the best in spoofing protection. We urge all
operators of resolvers without proper spoofing countermeasures to consider PowerDNS, as it is a Better Internet Nameserver Daemon.
</P
><P
> A good article on DNS spoofing can be found <A
HREF="http://www.securesphere.net/download/papers/dnsspoof.htm"
TARGET="_top"
>here</A
>. Some
more information, based on a previous version of PowerDNS, can be found on the
<A
HREF="http://blog.netherlabs.nl/articles/2006/04/14/holy-cow-1-3-million-additional-ip-addresses-served-by-powerdns"
TARGET="_top"
>PowerDNS development blog</A
>.
</P
><P
> <DIV
CLASS="WARNING"
><P
></P
><TABLE
CLASS="WARNING"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/warning.gif"
HSPACE="5"
ALT="Warning"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
> Because of recent DNS based denial of service attacks, running an open recursor has become a security risk. Therefore, unless configured otherwise
this version of PowerDNS will only listen on localhost, which means it does not resolve for hosts on your network.
To fix, configure the <B
CLASS="COMMAND"
>local-address</B
> setting with all addresses you want to listen on. Additionally, by default
service is restricted to RFC 1918 private IP addresses. Use <B
CLASS="COMMAND"
>allow-from</B
> to selectively open up the recursor
for your own network. See <A
HREF="built-in-recursor.html#RECURSOR-SETTINGS"
>Section 12.1</A
> for details.
</P
></TD
></TR
></TABLE
></DIV
>
</P
><P
> Important new features of the PowerDNS recursor 3.0:
<P
></P
><UL
><LI
><P
> Best spoofing protection and detection we know of. Not only is spoofing made harder by using a new network address for each query,
PowerDNS detects when an attempt is made to spoof it, and temporarily ignores the data. For details, see <A
HREF="recursor-details.html#ANTI-SPOOFING"
>Section 12.4.1</A
>.
</P
></LI
><LI
><P
> First nameserver to benefit from epoll/kqueue/Solaris completion ports event reporting framework, for stellar performance.
</P
></LI
><LI
><P
> Best statistics of any recursing nameserver we know of, see <A
HREF="recursor-stats.html"
>Section 12.5</A
>.
</P
></LI
><LI
><P
> Last-recently-used based cache cleanup algorithm, keeping the 'best' records in memory
</P
></LI
><LI
><P
> First class Solaris support, built on a 'try and buy' Sun CoolThreads T 2000.
</P
></LI
><LI
><P
> Full IPv6 support, implemented natively.
</P
></LI
><LI
><P
> Access filtering, both for IPv4 and IPv6.
</P
></LI
><LI
><P
> Experimental SMP support for nearly double performance. See <A
HREF="recursor-performance.html"
>Section 12.3</A
>.
</P
></LI
></UL
>
</P
><P
> Many people helped package and test this release. Jorn Ekkelenkamp of ISP-Services helped find the '8000 SOAs' bug and spotted
many other oddities and <A
HREF="http://www.xs4all.nl"
TARGET="_top"
>XS4ALL</A
> internet funded a lot of the recent development.
Joaquín M López Muñoz of the boost::multi_index_container was again of great help.
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-9-20"
>1.3.8. Version 2.9.20</A
></H2
><P
> Released the 15th of March 2006
</P
><P
> Besides adding OpenDBX, this release is mostly about fixing problems and speeding up the recursor. This release has been made possible by
<A
HREF="http://www.xs4all.nl"
TARGET="_top"
>XS4ALL</A
> and <A
HREF="http://true.nl"
TARGET="_top"
>True</A
>. Thanks!
</P
><P
> Furthermore, we are very grateful for the help of Andrew Pinski, who hacks on gcc, and of Joaquín M López Muñoz, the
author of <A
HREF="http://www.boost.org/libs/multi_index/doc/index.html"
TARGET="_top"
>boost::multi_index_container</A
>. Without their
near-realtime help this release would've been delayed a lot. Thanks!
</P
><P
> Bugs fixed in the recursor:
<P
></P
><UL
><LI
><P
> Possible stability issues in the recursor on encountering errors (<A
HREF="http://wiki.powerdns.com/projects/trac/changeset/532"
TARGET="_top"
>commit 532</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/533"
TARGET="_top"
>commit 533</A
>)
</P
></LI
><LI
><P
> Memory leaks in recursor fixed (<A
HREF="http://wiki.powerdns.com/projects/trac/changeset/534"
TARGET="_top"
>commit 534</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/572"
TARGET="_top"
>commit 572</A
>). In a test 800 million real life DNS packets have been sent to the
recursor, representing several days of traffic from a major ISP, memory use was high (500MB), but stable.
</P
></LI
><LI
><P
> Prune all data in PowerDNS - previously per-nameserver and per-query performance
statistics were kept around forever (<A
HREF="http://wiki.powerdns.com/projects/trac/changeset/535"
TARGET="_top"
>commit 535</A
>)
</P
></LI
><LI
><P
> IPv6 additional processing was broken. Reported by Lionel Elie Mamane, who also provided a fix. The problem
was fixed differently in the end. <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/562"
TARGET="_top"
>commit 562</A
>.
</P
></LI
><LI
><P
> pdns_recursor did not shuffle answers since 2.9.19, leading to problems sending mail to the Hotmail servers.
Reported in <A
HREF="http://wiki.powerdns.com/projects/trac/ticket/54"
TARGET="_top"
>ticket 54</A
>, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/567"
TARGET="_top"
>commit 567</A
>.
</P
></LI
><LI
><P
> If a single nameserver had multiple IP addresses listed, PowerDNS would only use one of them. Noted by
Mark Martin, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/570"
TARGET="_top"
>commit 570</A
>, who depends on a domain with 4 nameserver IP addresses of which 2 are broken.
</P
></LI
></UL
>
Improvements to the recursor:
<P
></P
><UL
><LI
><P
> Commits <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/535"
TARGET="_top"
>535</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/540"
TARGET="_top"
>540</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/541"
TARGET="_top"
>541</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/542"
TARGET="_top"
>542</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/543"
TARGET="_top"
>543</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/544"
TARGET="_top"
>544</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/545"
TARGET="_top"
>545</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/547"
TARGET="_top"
>547</A
> and <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/548"
TARGET="_top"
>548</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/574"
TARGET="_top"
>574</A
> all speed up the recursor by a large factor,
without altering the DNS algorithm.
</P
></LI
><LI
><P
> Move recursor to the incredible boost::multi_index_container (<A
HREF="http://wiki.powerdns.com/projects/trac/changeset/580"
TARGET="_top"
>commit 580</A
>). This brings a huge improvement
in cache pruning times.
</P
></LI
><LI
><P
> <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/549"
TARGET="_top"
>commit 549</A
> and <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/550"
TARGET="_top"
>commit 550</A
> work around gcc bug <A
HREF="http://gcc.gnu.org/bugzilla/show_bug.cgi?id=24704"
TARGET="_top"
>24704</A
>
if requested, which speeds up the recursor a lot, but involves a dirty hack. Enable with
<B
CLASS="COMMAND"
>./configure --enable-gcc-skip-locking</B
>. No guarantees!
</P
></LI
></UL
>
Bugs fixed in the authoritative nameserver:
<P
></P
><UL
><LI
><P
> PowerDNS would no longer allow a '/' in domain names, fixed by <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/537"
TARGET="_top"
>commit 537</A
>, reported in <A
HREF="http://wiki.powerdns.com/projects/trac/ticket/48"
TARGET="_top"
>ticket 48</A
>.
</P
></LI
><LI
><P
> Parameters to <B
CLASS="COMMAND"
>pdns_control notify-host</B
> were not checked, leading to
possible crashes. Reported in <A
HREF="http://wiki.powerdns.com/projects/trac/ticket/24"
TARGET="_top"
>ticket 24</A
>, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/565"
TARGET="_top"
>commit 565</A
>.
</P
></LI
><LI
><P
> On some compilers, processing of NAPTR records could cause the server to crash. Reported by Bernd Froemel
in <A
HREF="http://wiki.powerdns.com/projects/trac/ticket/29"
TARGET="_top"
>ticket 29</A
>, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/538"
TARGET="_top"
>commit 538</A
>.
</P
></LI
><LI
><P
> Backend errors could make the whole nameserver exit under some circumstances, notably using the LDAP backend. Fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/583"
TARGET="_top"
>commit 583</A
>, reported in
<A
HREF="http://wiki.powerdns.com/projects/trac/ticket/62"
TARGET="_top"
>ticket 62</A
>.
</P
></LI
><LI
><P
> Referrals were subtly broken by recent CNAME/Wildcard improvements, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/539"
TARGET="_top"
>commit 539</A
>. Fix and other
improvements sponsored by <A
HREF="http://true.nl"
TARGET="_top"
>True</A
>.
</P
></LI
><LI
><P
> PowerDNS would try to insert records it has no knowledge about in slave zones, which did not work. Reported
in <A
HREF="http://wiki.powerdns.com/projects/trac/ticket/60"
TARGET="_top"
>ticket 60</A
>, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/566"
TARGET="_top"
>commit 566</A
>. A superior fix would be to implement the relevant unknown record standard.
</P
></LI
></UL
>
Improvements to the authoritative nameserver:
<P
></P
><UL
><LI
><P
> Pipebackend did not properly propagate the ABI version to its children, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/546"
TARGET="_top"
>commit 546</A
>, reported by
kickdaddy@gmail.com in <A
HREF="http://wiki.powerdns.com/projects/trac/ticket/45"
TARGET="_top"
>ticket 45</A
>.
</P
></LI
><LI
><P
> <A
HREF="http://www.linuxnetworks.de/pdnsodbx/index.html"
TARGET="_top"
>OpenDBX</A
> backend added
(<A
HREF="http://wiki.powerdns.com/projects/trac/changeset/559"
TARGET="_top"
>commit 559</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/560"
TARGET="_top"
>commit 560</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/561"
TARGET="_top"
>commit 561</A
>) by Norbert Sendetzky. From the website:
<SPAN
CLASS="QUOTE"
>" The OpenDBX backend enables it to fetch DNS information from every DBMS supported by the OpenDBX library
and combines the power of one of the best DNS server implementations with the flexibility of the OpenDBX
library.
"</SPAN
>
OpenDBX adds some other features like database failover. Thanks Norbert!
</P
></LI
><LI
><P
> LDAP fixes as reported in <A
HREF="http://wiki.powerdns.com/projects/trac/ticket/37"
TARGET="_top"
>ticket 37</A
>, fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/558"
TARGET="_top"
>commit 558</A
>, which maked <B
CLASS="COMMAND"
>pdns_control notify</B
>
work.
</P
></LI
><LI
><P
> Arjo Hooimeijer added support for soa-refresh-default, soa-retry-default,
soa-expire-default, which were previously hardcoded. <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/563"
TARGET="_top"
>commit 563</A
> and fallout in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/573"
TARGET="_top"
>commit 573</A
> (thanks to Wolfram Schlich).
</P
></LI
></UL
>
Miscellaneous:
<P
></P
><UL
><LI
><P
> Fixes for g++ 4.1. Compiling with 4.1 realizes notable speedups. <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/568"
TARGET="_top"
>commit 568</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/569"
TARGET="_top"
>commit 569</A
>.
</P
></LI
><LI
><P
> PowerDNS now reports if it is running in 32 or 64 bit mode, useful for bi-arch users that need
to know if they are benefitting from <A
HREF="http://www.amd.com"
TARGET="_top"
>their great processor</A
>. <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/571"
TARGET="_top"
>commit 571</A
>.
</P
></LI
><LI
><P
> <B
CLASS="COMMAND"
>dnsscope</B
> compiles again, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/551"
TARGET="_top"
>commit 551</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/564"
TARGET="_top"
>commit 564</A
> (FreeBSD 64-bit time_t).
</P
></LI
><LI
><P
> <B
CLASS="COMMAND"
>dnsreplay_mindex</B
> compiles again, fixed by <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/572"
TARGET="_top"
>commit 572</A
>. Its performance, and the performance of the recursor
was improved by <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/559"
TARGET="_top"
>commit 559</A
>.
</P
></LI
><LI
><P
> Build scripts were added, mostly for internal use but we know some PowerDNS users build their
own packages too. <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/553"
TARGET="_top"
>commit 553</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/554"
TARGET="_top"
>commit 554</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/555"
TARGET="_top"
>commit 555</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/556"
TARGET="_top"
>commit 556</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/557"
TARGET="_top"
>commit 557</A
>.
</P
></LI
><LI
><P
> <TT
CLASS="FILENAME"
>bootstrap</TT
> script was not included in release. Thanks to Stefan Arentz for noticing. Fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/574"
TARGET="_top"
>commit 574</A
>.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-9-19"
>1.3.9. Version 2.9.19</A
></H2
><P
> Released 29th of October 2005.
</P
><P
> As with other recent releases, the usage of PowerDNS appears to have skyrocketed. Informal, though strict, measurements show
that PowerDNS now powers around 50% of all German domains, and somewhere in the order of 10-15% of the rest of the world. Furthermore,
DNS is set to take a central role in connecting Voice over IP providers, with PowerDNS offering a very good feature set for these ENUM
deployments. PowerDNS is already powering the E164.info ENUM zone and also acts as the backend for a major VoIP provisioning platform.
</P
><P
> Included in this release is the now complete packet parsing/generating, record parsing/generating infrastructure. Furthermore,
this framework is used by the recursor, hopefully making it very fast, memory efficient and robust. Many records are now processed
using a single line of code. This has made the recursor a lot stricter in packet parsing, you will see some error messages
which did not appear before. Rest assured however that these only happen for queries which have no valid answer in any case.
</P
><P
>
Furthermore, support for DNSSEC records is available in the new infrastructure, although is should be emphasised that there is more
to DNSSEC than parsing records. There is no real support for DNSSEC (yet).
</P
><P
> Additionally, the BIND Backend has been replaced by what was up to now known as the 'Bind2Backend'. Initial benchmarking appears
to show that this backend is faster, uses less memory and has shorter startup times. The code is also shorter.
</P
><P
> This release fixes a number of embarassing bugs and is a recommended upgrade.
</P
><P
> Thanks are due to <A
HREF="http://www.xs4all.nl"
TARGET="_top"
>XS4ALL</A
> who are supporting continuing development of PowerDNS,
the fruits of which can be found in this release already. Furthermore, a remarkable number of people have helped report bugs,
validate solutions or have submitted entire patches. Many thanks!
</P
><P
> Improvements:
<P
></P
><UL
><LI
><P
> dnsreplay now has a help message and has received further massive updates, making the code substantially faster. It turns out that dnsreplay
is often 'heavier' than the PowerDNS process being benchmarked.
</P
></LI
><LI
><P
> PowerDNS recursor no longer prints out its queries by default as most recursor deployments have too much traffic
for this to be useful.
</P
></LI
><LI
><P
> PowerDNS recursor is now able to read its root-hints from disk, which is useful to operate with
alternate roots, like the <A
HREF="http://www.orsn.org"
TARGET="_top"
>Open Root Server Network</A
>. See
<A
HREF="built-in-recursor.html"
>Chapter 12</A
>.
</P
></LI
><LI
><P
> PowerDNS can now send out old-fashioned root-referrals when queried for domains for which it is not authoritative. Wastes some bandwidth
but may solve incoming query floods if domains are delegated to you for which you are not authoritative, but which are queried by broken
recursors.
</P
></LI
><LI
><P
> PowerDNS now prints out a warning when running with legacy LinuxThreads implementation instead of the high performance NPTL
library, see <A
HREF="nptl.html"
>Section 9.2</A
>. <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/455"
TARGET="_top"
>commit 455</A
>.
</P
></LI
><LI
><P
> A lot of superfluous calls to gettimeofday() have been removed, making PowerDNS and especially the recursor faster. Suggested by Kai.
</P
></LI
><LI
><P
> SPF records are now supported natively. <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/472"
TARGET="_top"
>commit 472</A
>, closing <A
HREF="http://wiki.powerdns.com/projects/trac/ticket/22"
TARGET="_top"
>ticket 22</A
>.
</P
></LI
><LI
><P
> Improved IPv6 'bound to' messages. Thanks to Niels Bakker, Wichert Akkerman and Gerty de Wolf for suggestions.
</P
></LI
><LI
><P
> Separate graphs can now be made of IPv6 queries and answers. <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/485"
TARGET="_top"
>commit 485</A
>.
</P
></LI
><LI
><P
> Out of zone additional processing is now on by default to better comply with standards. <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/487"
TARGET="_top"
>commit 487</A
>.
</P
></LI
><LI
><P
> Regression tests have been expanded to deal with more record types (SRV, NAPTR, TXT, duplicate SRV).
</P
></LI
><LI
><P
> Improved query-logging in Bindbackend, which can be used for debugging purposes.
</P
></LI
><LI
><P
> Dropped libpcap dependency, making compilation easier
</P
></LI
><LI
><P
> pdns_control now has a help message.
</P
></LI
><LI
><P
> Add RRSIG, DNSKEY, DS and NSEC records for DNSSEC-bis to new parser infrastructure.
</P
></LI
><LI
><P
> Recursor now honours EDNS0 allowing it to send out larger answers.
</P
></LI
></UL
>
</P
><P
> Bugs fixed:
<P
></P
><UL
><LI
><P
> Domain name validation has been made a lot stricter - it turns out PostgreSQL was interpreting some (corrupt) domain names
as unicode. Tested and suggested by Register.com (<A
HREF="http://wiki.powerdns.com/projects/trac/changeset/451"
TARGET="_top"
>commit 451</A
>).
</P
></LI
><LI
><P
> LDAP backend did not compile (commits <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/452"
TARGET="_top"
>452</A
>, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/453"
TARGET="_top"
>453</A
>) due to partially applied patch (Norbert Sendetzky)
</P
></LI
><LI
><P
> Incoming zone transfers work reliably again. Fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/460"
TARGET="_top"
>commit 460</A
> and beyond. And <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/523"
TARGET="_top"
>commit 523</A
> - closing Debian bug 330184.
</P
></LI
><LI
><P
> Recent g++ versions exposed a mistake in the PowerDNS recursor cache pruning code, causing random crashes. Fixed in <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/465"
TARGET="_top"
>commit 465</A
>. Reported by
several Red Hat users.
</P
></LI
><LI
><P
> PowerDNS recursor, and MTasker in general, did not work on Solaris. Patch by Juergen Ilse, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/471"
TARGET="_top"
>commit 471</A
>. Also moved most of PowerDNS over to
uint32_t style typedefs, which eases compilation problems on Solaris, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/477"
TARGET="_top"
>commit 477</A
>.
</P
></LI
><LI
><P
> Bindbackend2 did not properly search its include path for $INCLUDE statements. Noted by Mark Bergsma, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/474"
TARGET="_top"
>commit 474</A
>.
</P
></LI
><LI
><P
> Bindbackend did not notice changed zones, this problem has been fixed by the move to Bind2.
</P
></LI
><LI
><P
> Pipebackend did not clean up, leading to an additional pipe backend per AXFR or pdns_control reload. Discovered by Marc Jauvin, fixed by <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/525"
TARGET="_top"
>commit 525</A
>.
</P
></LI
><LI
><P
> Bindbackend (both old and current versions) did not honour 'include' statements in <TT
CLASS="FILENAME"
>named.conf</TT
>
on <B
CLASS="COMMAND"
>pdns_control rediscover</B
>. Noted by Marc Jauvin, fixed by <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/526"
TARGET="_top"
>commit 526</A
>.
</P
></LI
><LI
><P
> Zone transfers were sometimes shuffled, which wastes useless time, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/478"
TARGET="_top"
>commit 478</A
>.
</P
></LI
><LI
><P
> CNAMEs and Wildcards now work as in Bind, fixing many complaints, <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/487"
TARGET="_top"
>commit 487</A
>.
</P
></LI
><LI
><P
> NAPTR records were compressed, which would work, but was in violation of the RFC, commit 493.
</P
></LI
><LI
><P
> NAPTR records were not always parsed correctly from BIND zonefiles, fixed, commit 494.
</P
></LI
><LI
><P
> Geobackend needed additional include statement to compile on more recent Linux distrbutions, commit 496.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-9-18"
>1.3.10. Version 2.9.18</A
></H2
><P
> Released on the 16th of July 2005.
</P
><P
>
The '8 million domains' release, which also marks the battle readiness of the PowerDNS Recursor. The latest improvements have been made possible
by financial support and contributions by <A
HREF="http://register.com"
TARGET="_top"
>Register.com</A
> and
<A
HREF="http://www.xs4all.nl/"
TARGET="_top"
>XS4ALL</A
>. Thanks!
</P
><P
> This release brings a number of new features (vastly improved recursor, Generic Oracle Support, DNS analysis and replay tools, and more)
but also has a new build dependency, the <A
HREF="http://www.boost.org"
TARGET="_top"
>Boost library</A
> (version 1.31 or higher).
</P
><P
> Currently several big ISPs are evaluating the PowerDNS recursor for their resolving needs, some of them have switched already.
In the course of testing, over 350 million actual queries have been recorded and replayed, the answers turn out to be satisfactorily.
</P
><P
> This testing has verified that the pdns recursor, as shipped in this release, can stand up to heavy duty ISP loads
(over 20000 queries/second) and in fact does so better than major other nameservers, giving more complete answers and being faster to boot.
</P
><P
> We invite ISPs who note recursor problems to record their problematic traffic and replay it using the tools described in
<A
HREF="analysis.html"
>Chapter 19</A
> to discover if PowerDNS does a better job, and to let us know the results.
</P
><P
> Additionally, the bind2backend is almost ready to replace the stock bind backend. If you run with Bind zones, you are cordially invited
to substitute 'launch=bind2' for 'launch=bind'. This will happen automatically in 2.9.19!
</P
><P
> In other news, the entire Wikipedia constellation now runs on PowerDNS using the Geo Backend! Thanks to Mark Bergsma
for keeping us updated.
</P
><P
> There are two bugs with security implications, which only apply to installations running with the LDAP backend, or installations providing recursion
to a limited range of IP addresses. If any of these apply to you, an upgrade is highly advised:
<P
></P
><UL
><LI
><P
> The LDAP backend did not properly escape all queries, allowing it to fail and not answer questions. We have not investigated further risks involved,
but we advise LDAP users to update as quickly as possible (Norbert Sendetzky, Jan de Groot)
</P
></LI
><LI
><P
> Questions from clients denied recursion could blank out answers to clients who are allowed recursion services, temporarily. Reported by Wilco Baan.
This would've made it possible for outsiders to blank out a domain temporarily to your users. Luckily PowerDNS would send out SERVFAIL or Refused, and
not a denial of a domain's existence.
</P
></LI
></UL
>
</P
><P
> General bugs fixed:
<P
></P
><UL
><LI
><P
> TCP authoritative server would not relaunch a backend after failure (reported by Norbert Sendetzky)
</P
></LI
><LI
><P
> Fix backend restarting logic (reported, and fix suggested by Norbert Sendetzky)
</P
></LI
><LI
><P
> Launching identical backends multiple times, with different settings, did not work. Reported by Mario Manno.
</P
></LI
><LI
><P
> Master/slave queries did not honour the <B
CLASS="COMMAND"
>query-local-address</B
> setting. Spotted by David Levy of Register.com.
The fix also randomises the local port used, slightly improving security.
</P
></LI
></UL
>
</P
><P
> Compilation fixes:
<P
></P
><UL
><LI
><P
> Fix compile on Solaris, they define 'PC' for some reason. Reported by Eric Yiu.
</P
></LI
><LI
><P
> PowerDNS recursor would not compile on FreeBSD due to Linux specific defines, as reported in cvstrac ticket 26 (Ralf van der Enden)
</P
></LI
><LI
><P
> Several 64 bits issues have been fixed, especially in the Logging subsystem.
</P
></LI
><LI
><P
> SSQLite would fail to compile on recent Debian systems (Matthijs Mohlmann)
</P
></LI
><LI
><P
> Generic MySQL would not compile on 64-bit platforms.
</P
></LI
></UL
>
</P
><P
> Improvements:
<P
></P
><UL
><LI
><P
> PowerDNS now reports stray command line arguments, like when running '--local-port 5300' instead of '--local-port=5300'. Reported by Christian Welzel.
</P
></LI
><LI
><P
> We now warn against erroneous logging-facility specification, ie specifying an unknown facility.
</P
></LI
><LI
><P
> <B
CLASS="COMMAND"
>--version</B
> now outputs gcc version used, so we can tell people 2.95 is no longer supported.
</P
></LI
><LI
><P
> Extended regression tests, moved them to the new 'sdig' tool (see below).
</P
></LI
><LI
><P
> Bind2backend is now blazingly fast, and highly memory efficient to boot. As a special bonus it can read gzipped zones directly. The '.NET' zone
is hosted using 401MB of memory, the same size as the zone on disk.
</P
></LI
><LI
><P
> The Pipe Backend has been improved such that it can send out different answers based on the IP address the question was received ON. See
<A
HREF="backends-detail.html#PIPEBACKEND-PROTOCOL"
>Section A.1.1</A
> for how this changed the Pipe Backend protocol. Note that you need to set
<B
CLASS="COMMAND"
>pipebackend-abi-version</B
> to benefit from this change, existing clients are not affected. Change and documentation contributed
by Marc Jauvin of Register4Less.
</P
></LI
><LI
><P
> LDAP backend has been updated (Norbert Sendetzky).
</P
></LI
></UL
>
</P
><P
> Recursor improvements and fixes.
See <A
HREF="recursion.html"
>Chapter 11</A
> for details. The changes below mean that all of the caveats listed for the recursor have now been addressed.
<P
></P
><UL
><LI
><P
> After half an hour of uptime, the entire cache would be pruned for each packet, which is a tad slow. It now appears
the pdns recursor is among the faststest around.
</P
></LI
><LI
><P
> Under high loads, or when unlucky, some query mthreads would get 'stuck', and show up in the statistics as eternally running queries.
</P
></LI
><LI
><P
> Lots of redundant gettimeofday() and time() calls were removed, which has resulted in a measurable speedup.
</P
></LI
><LI
><P
> pdns_recursor can now listen on several addresses simultaneously.
</P
></LI
><LI
><P
> Now supports setuid and setgid operation to allow running as a less privileged user (Bram Vandoren)
</P
></LI
><LI
><P
> Return code of pdns_recursor binary did not make sense (Matthijs Mohlmann and Thomas Hood)
</P
></LI
><LI
><P
> Timeouts and errors are now split out in statistics.
</P
></LI
><LI
><P
> Many people reported broken statistics, it turned out that no statistics were being reported if there had been no questions to base them on.
We now log a message to that effect.
</P
></LI
><LI
><P
> Add <B
CLASS="COMMAND"
>query-local-address</B
> support, which allows the recursor to send questions from a specific IP address. Useful
for anycast setups.
</P
></LI
><LI
><P
> Add outgoing TCP query support and proper truncated answer support. Needed for Worldnic Denial of Service protection, which
sends out truncated packets to force clients to connect over TCP, which prevents spoofing.
</P
></LI
><LI
><P
> Properly truncate our own answers.
</P
></LI
><LI
><P
> Improve our TCP answers by using writev, which is slightly friendlier to the network.
</P
></LI
><LI
><P
> On FreeBSD, TCP errors could cause the recursor to exit suddenly due to a SIGPIPE signal.
</P
></LI
><LI
><P
> Maximum number of simultaneous client TCP connections can now be limited with the <B
CLASS="COMMAND"
>max-tcp-clients</B
> setting.
</P
></LI
><LI
><P
> Add agressive timeouts for TCP clients to make sure resources are not wasted. Defaults to two seconds, can be
configured with the <B
CLASS="COMMAND"
>client-tcp-timeout</B
> setting.
</P
></LI
></UL
>
</P
><P
> Backend fixes:
<P
></P
><UL
><LI
><P
> SQLite backend would not slave properly (Darron Broad)
</P
></LI
><LI
><P
> Generic MySQL would not compile on 64-bit platforms.
</P
></LI
></UL
>
</P
><P
> New technology:
<P
></P
><UL
><LI
><P
> Added the new DNS parser logic, called MOADNSParser. Completely modular, every memory access checked.
</P
></LI
><LI
><P
> 'sdig', a simple dig workalike with 'canonical' output, which is used for the regression tests. Based on the new DNS parser logic.
</P
></LI
><LI
><P
> <B
CLASS="COMMAND"
>dnswasher</B
>, <B
CLASS="COMMAND"
>dnsreplay</B
> and <B
CLASS="COMMAND"
>dnsscope</B
>, all DNS analysis tools. See <A
HREF="analysis.html"
>Chapter 19</A
>
for more details.
</P
></LI
><LI
><P
> Generic Oracle Backend, sponsored by Register.COM. See <A
HREF="generic-mypgsql-backends.html#GORACLE"
>Section A.5.3</A
>.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-9-17"
>1.3.11. Version 2.9.17</A
></H2
><P
> See <A
HREF="http://wiki.powerdns.com/projects/trac/timeline"
TARGET="_top"
>the new timeline</A
> for progress reports.
</P
><P
> The 'million domains' release - PowerDNS has now firmly established itself as a major player with the
unofficial count (ie, guesswork) now at over two million PowerDNS domains! Also, the GeoBackend has been tested
by a big website and may soon see wider deployment. Thanks to Mark Bergsma for spreading the word!
</P
><P
> It is also a release with lots of changes and fixes. Take care when deploying!
</P
><P
> Security issues:
<P
></P
><UL
><LI
><P
> PowerDNS could be temporarily DoSed using a random stream of bytes. Reported cause of this has been fixed.
</P
></LI
></UL
>
</P
><P
> Enhancements:
<P
></P
><UL
><LI
><P
> Reported version can be changed, or removed - see the "version-string" setting.
</P
></LI
><LI
><P
> Duplicate MX records are now no longer considered duplicate if their priorities differ. Some people need this feature for
spam filtering.
</P
></LI
></UL
>
</P
><P
> Bug fixes:
<P
></P
><UL
><LI
><P
> NAPTR records can now be slaved, patch by Lorens Kockum.
</P
></LI
><LI
><P
> GMySQL now works on Solaris
</P
></LI
><LI
><P
> PowerDNS could be confused by questions with a %-sign in them - fixing cvstrac ticket #16 (reported by dilinger at voxel.net)
</P
></LI
><LI
><P
> An authentication bug in the webserver was possibly fixed, please report if you were suffering from this. Being unable
to authenticate to the webserver was what you would've noticed.
</P
></LI
><LI
><P
> Fix for cvstrac ticket #2, PowerDNS could lose sync when sending out a very large number of notifications. Excellent bug report
by Martin Hoffman, who also improved our original bugfix.
</P
></LI
><LI
><P
> Fix the oldest PowerDNS bug in existence - under some circumstances, PowerDNS would log to syslog one character at a time.
This was cvstrac ticket #4
</P
></LI
><LI
><P
> HINFO records can now be slaved, fixing cvstrac ticket #8.
</P
></LI
><LI
><P
> pdns_recursor could block under some circumstances, especially in case of corrupt UDP packets. Reported by Wichert Akkerman. Fix by
Christopher Meer. This was cvstrac ticket #13.
</P
></LI
><LI
><P
> Large SOA serial numbers would sometimes be logged as a signed integer, leading to negative numbers in the log.
</P
></LI
><LI
><P
> PowerDNS now fully supports 32 bit SOA serial numbers (thanks to Mark Bergsma), closing cvstrac ticket #5.
</P
></LI
><LI
><P
> pdns_recursor --local-address help text was wrong.
</P
></LI
><LI
><P
> Very devious bug - PowerDNS did not clear its cache before sending out update notifications, leading slaves
to conclude there was no update to AXFR. Excellent debugging by mkuchar at wproduction.cz.
</P
></LI
><LI
><P
> Probably fixed cvstrac ticket #26, which caused pdns_recursor to fail on recent FreeBSD 5.3 systems. Please check,
I have no such system to test on.
</P
></LI
><LI
><P
> Geobackend did not get built for Debian.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-9-16"
>1.3.12. Version 2.9.16</A
></H2
><P
> The 'it must still be Friday somewhere' release. Massive number of fixes, portability improvements and
the new Geobackend by Mark Bergsma & friends.
</P
><P
> New:
<P
></P
><UL
><LI
><P
> The Geobackend which makes it possible to send different answers to different IP ranges. Initial documentation
can be found in pdns/modules/geobackend/README.
</P
></LI
><LI
><P
> qgen query generation tool. Nearly completely undocumented and hard to build too, it requires Boost. But very
spiffy. Use <B
CLASS="COMMAND"
>cd pdns; make qgen</B
> to build it.
</P
></LI
></UL
>
</P
><P
> Bugfixes:
<P
></P
><UL
><LI
><P
> The most reported bug ever was fixed. Zone2sql required the inclusion of unistd.h, except on Debian unstable.
</P
></LI
><LI
><P
> PowerDNS tried to listen on its control "pipe" which does not work. Probably harmless, but might have caused some
oddities.
</P
></LI
><LI
><P
> The Packet Cache did not always set its TTL immediately, causing some packets to be inserted, even when running
with the cache disabled (Mark Bergsma).
</P
></LI
><LI
><P
> Valgrind found some unitialized reads, causing bogus values in the priority field when it was not needed
</P
></LI
><LI
><P
> Valgrind found a bug in MTasker where we used delete instead of delete[].
</P
></LI
><LI
><P
> SOA serials and other parameters are unsigned.
This means that very large SOA serial numbers would be messed up (Michel Stol, Stefano Straus)
</P
></LI
><LI
><P
> PowerDNS left its controlsocket around after exit and reported confusing errors if a socket was
already in use.
</P
></LI
><LI
><P
> The recursor proxy did not work on big endian systems like SPARC and some MIPS processors (Remco Post)
</P
></LI
><LI
><P
> We no longer dump core on processing LOC records on UltraSPARC (Andrew Mulholland supplied a testing machine)
</P
></LI
></UL
>
</P
><P
> Improvements:
<P
></P
><UL
><LI
><P
> MySQL can now connect to a specified port again (Chris Anderton)
</P
></LI
><LI
><P
> When running chroot()ed and with master or slave support active, PowerDNS needs to resolve domain names
to find slaves. This in turn may require access to certain libraries. Previously, these needed to be available
in the chroot directory but by forcing an initial lookup, these libraries are now loaded before the chrooting.
</P
></LI
><LI
><P
> pdns_recursor was very slow after having done a larger number of queries because of the checks
to see if a query should be throttled. This is now done using a set which is a lot faster than the previous
full sequential scan.
</P
></LI
><LI
><P
> The throttling code may not have throttled as much as was configured.
</P
></LI
><LI
><P
> Yet another big LDAP update. The LDAP backend now loadbalances connections over several hosts (Norbert Sendetzky)
</P
></LI
><LI
><P
> Updated b.root-servers.net address in the recursor
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-9-15"
>1.3.13. Version 2.9.15</A
></H2
><P
> This release fixes up some of the shortcomings in 2.9.14, and adds some new features too.
</P
><P
> Bugfixes:
<P
></P
><UL
><LI
><P
> <B
CLASS="COMMAND"
>allow-recursion-override</B
> was on by default, it was meant to be off.
</P
></LI
><LI
><P
> Logging was still off in daemon mode, fixed.
</P
></LI
><LI
><P
> debian/rules forgot to build an sqllite package
</P
></LI
><LI
><P
> Recursor accidentally linked in MySQL - this was the result of an experiment with a persistent recursor cache.
</P
></LI
><LI
><P
> The PowerDNS recursor had stability problems. It now sorts nameservers (roughly) by responsiveness. The 'roughly' part
upset the sorting algorithm used, the speeds being sorted on changed during sorting.
</P
></LI
><LI
><P
> The recursor now outputs the nameserver average response times in trace mode
</P
></LI
><LI
><P
> LDAP compiles again.
</P
></LI
></UL
>
</P
><P
> Improvements:
<P
></P
><UL
><LI
><P
> zone2sql can now accept <TT
CLASS="FILENAME"
>-</TT
> as a filename which causes it to read stdin. This allows the following
to work: <B
CLASS="COMMAND"
>dig axfr ds9a.nl | zone2sql --gmysql --zone=- | mysql pdns</B
>, which is a nice way to
import a zone.
</P
></LI
><LI
><P
> zone2sql now ignores duplicate SOA records which are identical - which also makes the above possible.
</P
></LI
><LI
><P
> Remove libpqpp dependencies - since we now use the native C API for PostgreSQL
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-9-14"
>1.3.14. Version 2.9.14</A
></H2
><P
> Big release with the fix for the all important 2^30 seconds problem and a lot of other news.
</P
><P
> <P
></P
><UL
><LI
><P
> errno problems would cause compilation problems when using LDAP (Norbert Sendetzky)
</P
></LI
><LI
><P
> The Generic SQL backend could cause crashes on PostgreSQL when using pdns_control notify (Georg Bauer)
</P
></LI
><LI
><P
> Debian compatible init.d script (Wichert Akkerman)
</P
></LI
><LI
><P
> If using the master or slave features, pdns had the notion of eternity ending in 2038, except that due
to a thinko, eternity ended out to be the 10th of January 2004. This caused a loop to timeout immediately.
Many thanks to Jasper Spaans for spotting the bug within five minutes.
</P
></LI
><LI
><P
> Parts of the SOA field were not cannonicalized
</P
></LI
><LI
><P
> The loglevel could in fact cause nothing to be logged (Norbert Sendetzky)
</P
></LI
></UL
>
</P
><P
> Improvements:
<P
></P
><UL
><LI
><P
> The recursor now chooses the fastest nameserver, which causes a big speedup!
</P
></LI
><LI
><P
> LDAP now has different lookup models
</P
></LI
><LI
><P
> Cleanups, better load distribution, better exception handling, zone2ldap improvements
</P
></LI
><LI
><P
> The recursor was somewhat chatty about TCP connections
</P
></LI
><LI
><P
> PostgreSQL now only depends on the C API and not on the deprecated C++ one
</P
></LI
><LI
><P
> PowerDNS can now fully overrule external zones when doing recursion. See <A
HREF="recursion.html"
>Chapter 11</A
>.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-9-13"
>1.3.15. Version 2.9.13</A
></H2
><P
> Big news! Windows is back! Our great friend Michel Stol found the time to update the PowerDNS code so it works
again under windows.
</P
><P
> Furthermore, big thanks go out to Dell who quickly repaired my trusty <A
HREF="http://ds9a.nl/dell-d800"
TARGET="_top"
>laptop</A
>.
</P
><P
> His changes:
<P
></P
><UL
><LI
><P
> Generic SQLite support added
</P
></LI
><LI
><P
> Removed the ODBC backend, replaced it by the Generic ODBC Backend, which has all the cool configurability
of the Generic MySQL and PostgreSQL backends.
</P
></LI
><LI
><P
> The PowerDNS Recursor now runs as a Service. It defaults to running on port 5300, PowerDNS itself is configured
to expect the Recursor on port 5300 now.
</P
></LI
><LI
><P
> The PowerDNS Service is now known as 'PowerDNS' to Windows.
</P
></LI
><LI
><P
> The Installer was redone, this time with <A
HREF="http://nsis.sf.net"
TARGET="_top"
>NSIS2</A
>.
</P
></LI
><LI
><P
> General updates and fixes.
</P
></LI
></UL
>
</P
><P
> Other news:
</P
><P
> <DIV
CLASS="NOTE"
><P
></P
><TABLE
CLASS="NOTE"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
> There appears to be a problem with PowerDNS on Red Hat 7.3 with GCC 2.96 and self-compiled binaries. The symptoms are
that PowerDNS works on the foreground but fails as a daemon. We're working on it.
</P
><P
> If you do note problems, let the list know, if you don't, please do so as well. Tell us if you use the RPM or
compiled yourself.
</P
><P
> It is known that not compiling in MySQL support helps solve the problem, but then you don't have MySQL.
</P
></TD
></TR
></TABLE
></DIV
>
</P
><P
> There have been a number of reports on MySQL connections being dropped on FreeBSD 4.x, which sometimes causes PowerDNS to give up and reload itself.
To combat this, MySQL error messages have been improved in some places in hopes of figuring out what is up. The initial indication is
that MySQL itself sometimes terminates the connection and, amazingly, that switching to a Unix domain socket instead of TCP solves
the problem.
</P
><P
> Bug fixes:
<P
></P
><UL
><LI
><P
> <B
CLASS="COMMAND"
>allow-axfr-ips</B
> did not work for individual IP addresses (bug & fix by Norbert Sendetzky)
</P
></LI
></UL
>
</P
><P
> Improvements:
<P
></P
><UL
><LI
><P
> Opteron support! Thanks to Jeff Davey for providing a shell on an Opteron. The fixes should
also help PowerDNS on other platforms with a 64 bit userspace.
</P
><P
> Btw, the PowerDNS team has a strong desire for an Opteron :-)
</P
></LI
><LI
><P
> pdns_recursor jumbles answers now. This means that you can do poor man's roundrobin
by supplying multiple A, MX or AAAA records for a service, and get a random one on top
each time. Interestingly, this feature appeared out of nowhere, this change was made to the
authoritative code but due to the wonders of code-reuse had an effect on pdns_recursor too.
</P
></LI
><LI
><P
> Big LDAP cleanup. Support for TLS was added. Zone2LDAP also gained the ability to
generate ldif files containing a tree or a list of entries. (Norbert Sendetzky)
</P
></LI
><LI
><P
> Zone2sql is now somewhat clearer when reporting malformed line errors - it did not always
include the name of the file causing a problem, especially for big installations. Problem noted
by Thom May.
</P
></LI
><LI
><P
> pdns_recursor now survives the expiration of all its root records, most often caused by prolonged
disconnection from the net.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-9-12"
>1.3.16. Version 2.9.12</A
></H2
><P
>
Release rich in features. Work on Verisign oddities, addition of SQLite backend, pdns_recursor maturity.
</P
><P
> New features:
<P
></P
><UL
><LI
><P
> --version command (requested by Mike Benoit)
</P
></LI
><LI
><P
> delegation-only, a Verisign special.
</P
></LI
><LI
><P
> Generic <A
HREF="http://www.sqlite.org"
TARGET="_top"
>SQLite</A
> support, by Michel 'Who da man?' Stol. See <A
HREF="gsqlite.html"
>Section A.7</A
>.
</P
></LI
><LI
><P
> init.d script for pdns_recursor
</P
></LI
><LI
><P
> Recursor now actually purges its cache, saving memory.
</P
></LI
><LI
><P
> Slave configuration now no longer falls over when presented with a NULL master
</P
></LI
><LI
><P
> Bindbackend2 now has supermaster support (Mark Bergsma, untested)
</P
></LI
><LI
><P
> Answers are now shuffled! It turns out a few recursors don't do shuffling (pdns_recursor, djbdns), so we do it now. Requested by Jorn Ekkelenkamp of ISP-Services. This means that if you have
multiple IP addresses for one host, they will be returned in differing order every once in a while.
</P
></LI
></UL
>
</P
><P
> Bugs:
</P
><P
> <P
></P
><UL
><LI
><P
> 0.0.0.0/0 didn't use to work (Norbert Sendetzky)
</P
></LI
><LI
><P
> pdns_recursor would try to resolve IP address which to bind to, potentially causing chicken/egg problem
</P
></LI
><LI
><P
> gpgsql no longer reports as gmysql (Sherwin Daganoto)
</P
></LI
><LI
><P
> SRV would not be parsed right from disk (Christof Meerwald)
</P
></LI
><LI
><P
> An AXFR from a zone hosted on the LDAP backend no longer transmits all the reverse entries too (Norbert Sendetzky)
</P
></LI
><LI
><P
> PostgreSQL backend now does error checking. It would be a bit too trusting before.
</P
></LI
></UL
>
</P
><P
> Improvements, cleanups:
<P
></P
><UL
><LI
><P
> PowerDNS now reports the numerical IP addresses it binds to instead of the, possibly, alphanumeric names the operator passed.
</P
></LI
><LI
><P
> Removed only-soa hackery (noticed by Norbert Sendetzky)
</P
></LI
><LI
><P
> Debian packaging fixes (Wichert Akkerman)
</P
></LI
><LI
><P
> Some parameter descriptions were improved.
</P
></LI
><LI
><P
> Cleanups by Norbert: getAuth moved to chopOff, arguments::contains massive cleanup, more.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-9-11"
>1.3.17. Version 2.9.11</A
></H2
><P
> Yet another iteration, hopefully this will be the last silly release.
</P
><P
> <DIV
CLASS="WARNING"
><P
></P
><TABLE
CLASS="WARNING"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/warning.gif"
HSPACE="5"
ALT="Warning"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
> There has been a change in behaviour whereby <B
CLASS="COMMAND"
>disable-axfr</B
> does what it means now! From now
on, setting <B
CLASS="COMMAND"
>allow-axfr-ips</B
> automatically disables AXFR from unmentioned subnets.
</P
></TD
></TR
></TABLE
></DIV
>
</P
><P
> This release enables AXFR again, <B
CLASS="COMMAND"
>disable-axfr</B
> did the opposite of what it claimed. Furthermore, the pdns_recursor now cleans its cache, which should save some memory in the long run. Norbert contributed some small LDAP work which should come in useful in the future.
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-9-10"
>1.3.18. Version 2.9.10</A
></H2
><P
> Small bugfixes, LDAP update. Released 3rd of July 2003. Apologies for the long delay, real life keeps interfering.
</P
><P
> <DIV
CLASS="WARNING"
><P
></P
><TABLE
CLASS="WARNING"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/warning.gif"
HSPACE="5"
ALT="Warning"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
> Do not use or try to use 2.9.9, it was a botched release!
</P
></TD
></TR
></TABLE
></DIV
>
</P
><P
> <DIV
CLASS="WARNING"
><P
></P
><TABLE
CLASS="WARNING"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/warning.gif"
HSPACE="5"
ALT="Warning"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
> There has been a change in behaviour whereby <B
CLASS="COMMAND"
>disable-axfr</B
> does what it means now! From now
on, setting <B
CLASS="COMMAND"
>allow-axfr-ips</B
> automatically disables AXFR from unmentioned subnets.
</P
></TD
></TR
></TABLE
></DIV
>
</P
><P
> <P
></P
><UL
><LI
><P
> 2.9.8 was prone to crash on adding additional records. Thanks to excellent debugging by PowerDNS users worldwide, the bug was found
quickly and is in fact present in all earlier PowerDNS releases, but for some reason doesn't cause crashes there.
</P
></LI
><LI
><P
> Notifications now jump in front of the queue of domains that need to be checked for changes, giving much greater perceived performance.
This is needed if you have tens of thousands of slave domains and your master server is on a high latency link. Thanks to Mark Jeftovic
of EasyDNS for suggesting this change and testing it on their platform.
</P
></LI
><LI
><P
> Dean Mills reported that PowerDNS does confusing logging about changing GIDs and UIDs, fixed. Cosmetic only.
</P
></LI
><LI
><P
> pdns_recursor may have logged empty lines for some users, fixed. Solution suggested by Norbert Sendetzky.
</P
></LI
><LI
><P
> LDAP: DNS TTLs were random values (Norbert Sendetzky, Stefan Pfetzing). New <B
CLASS="COMMAND"
>ldap-default-ttl</B
>
option.
</P
></LI
><LI
><P
> LDAP: Now works with OpenLDAP 2.1 (Norbert Sendetzky)
</P
></LI
><LI
><P
> LDAP: error handling for invalid MX records implemented (Norbert Sendetzky)
</P
></LI
><LI
><P
> LDAP: better exception handling (Norbert Sendetzky)
</P
></LI
><LI
><P
> LDAP: code cleanup of lookup() (Norbert Sendetzky)
</P
></LI
><LI
><P
> LDAP: added support for scoped searches (Norbert Sendetzky)
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-9-8"
>1.3.19. Version 2.9.8</A
></H2
><P
> Queen's day release! 30th of April 2003.
</P
><P
> Added support for AIX, fixed negative SOA caching. Some other cleanups. Not a major release but enough reasons to upgrade.
</P
><P
> Bugs fixed:
<P
></P
><UL
><LI
><P
> Recursor had problems expiring negatively cached entries, which wasted memory and also led to the continued non-existence of
hosts that since had come into existence.
</P
></LI
><LI
><P
> The Generic SQL backends did not lowercase the names of records, which led to new records not being found by case sensitive
databases (notably PostgreSQL). Found by Volker Goetz.
</P
></LI
><LI
><P
> NS queries for zones for which we did not carry authority, but only had delegation information, had their NS records in the
wrong section. Minor detail, but a standards violation on etheless. Spotted by Stephane Bortzmeyer.
</P
></LI
></UL
>
</P
><P
> Improvements:
<P
></P
><UL
><LI
><P
> Removed crypt.h dependency from powerldap.hh, which was a problem on some platforms (Richard Arends)
</P
></LI
><LI
><P
> PowerDNS can't parse so called binary labels which we now detect and ignore, after printing a warning.
</P
></LI
><LI
><P
> Specifying allow-axfr-ips now automatically disables AXFR for all non-mentioned addresses.
</P
></LI
><LI
><P
> A Solaris ready init.d script is now part of the tar.gz (contributed, but I lost by whom).
</P
></LI
><LI
><P
> Added some fixes to PowerDNS can work on AIX (spotted by Markus Heimhilcher).
</P
></LI
><LI
><P
> Norbert Sendetzky contributed <TT
CLASS="FILENAME"
>zone2ldap</TT
>.
</P
></LI
><LI
><P
> Everybody's favorite compiler warning from <TT
CLASS="FILENAME"
>zone2sql.cc</TT
> was removed!
</P
></LI
><LI
><P
> Recursor now listens on TCP!
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-9-7"
>1.3.20. Version 2.9.7</A
></H2
><P
> Released on 2003-03-20.
</P
><P
> This is a sweeping release in the sense of cleanup. There are some new features but mostly a lot of cleanup going on. Hiding inside is the
<TT
CLASS="FILENAME"
>bind2backend</TT
>, the next generation of the bind backend. A work in progress. Those of you with overlapping zones,
as mentioned in the changelog of 2.9.6, are invited to check it out by replacing <B
CLASS="COMMAND"
>launch=bind</B
>
by <B
CLASS="COMMAND"
>launch=bind2</B
> and renaming all <B
CLASS="COMMAND"
>bind-</B
> parameters to
<B
CLASS="COMMAND"
>bind2-</B
>. Be aware that if you run with many small zones, this backend is faster, but if you run with a few large ones, it is slower. This will improve.
</P
><P
> Features:
<P
></P
><UL
><LI
><P
> Mark Bergsma contributed <B
CLASS="COMMAND"
>query-local-address</B
> which allows the operator to select which source address to
use. This is useful on servers with multiple source addresses and the operating system selecting an unintended one, leading to
remotes denying access.
</P
></LI
><LI
><P
> PowerDNS can now perform AAAA additional processing optionally, turned on by setting <B
CLASS="COMMAND"
>do-ipv6-additional-processing</B
>.
Thanks to Stephane Bortzmeyer for pointing out the need.
</P
></LI
><LI
><P
> Bind2backend, which is almost in compliance with the new IETF AXFR-clarify (some would say
'redefinition') draft.
</P
><P
> This backend is not ready for primetime but you may want to try it if you currently have overlapping
zones and note problems. An overlapping zone would be having "ipv6.powerdns.com" and "powerdns.com" zones
on one server.
</P
></LI
></UL
>
</P
><P
> Improvements:
<P
></P
><UL
><LI
><P
> Zone2sql would happily try to read from a directory and not give a useful error about this.
</P
></LI
><LI
><P
> PowerDNS now reports the case where it can't figure out any IP address of slave nameservers for a zone
</P
></LI
><LI
><P
> Removed <B
CLASS="COMMAND"
>receiver-threads</B
> setting which was experimental and in fact only made things worse.
</P
></LI
><LI
><P
> LDAP backend updates from its author Norbert Sendetzky. Reverse lookups should work now too.
</P
></LI
><LI
><P
> An error message about unparseable packets did not include the originating IP address (fixed by Mark Bergsma)
</P
></LI
><LI
><P
> PowerDNS can now be started via path resolution while running with a guardian. Suggested by Maurice Nonnekes.
</P
></LI
><LI
><P
> <TT
CLASS="FILENAME"
>pdns_recursor</TT
> moved to <TT
CLASS="FILENAME"
>sbin</TT
> (reported by Norbert Sendetzky)
</P
></LI
><LI
><P
> Retuned some logger errorlevels, a lot of master/slave chatter was logged as 'Error'. Reported by Willem de Groot.
</P
></LI
></UL
>
</P
><P
> Bugs fixed:
<P
></P
><UL
><LI
><P
> <TT
CLASS="FILENAME"
>zone2sql</TT
> did not remove trailing dots in SOA records.
</P
></LI
><LI
><P
> ldapbackend did not include <TT
CLASS="FILENAME"
>utility.hh</TT
> which caused compilation problems on Solaris (reported by Remco Post)
</P
></LI
><LI
><P
> <TT
CLASS="FILENAME"
>pdns_control</TT
> could leave behind remnants in case PowerDNS was not running (reported by dG)
</P
></LI
><LI
><P
> Incoming AXFR did not work on Solaris and other big-endian systems (Willem de Groot helped debugging this long standing problem).
</P
></LI
><LI
><P
> Recursor could crash on convoluted CNAME loops. Thanks to Dan Faerch for delivering coredumps.
</P
></LI
><LI
><P
> Silly 'wuh' debugging output in zone2sql and bindbackend removed (spotted by Ivo van der Wijk)
</P
></LI
><LI
><P
> Recursor neglected to differentiate between negative cache of NXDOMAIN and NOERROR, leading to problems
with IPv6 enabled Windows clients. Thanks to Stuart Walsh for reporting this and testing the fix.
</P
></LI
><LI
><P
> PowerDNS set the 'aa' bit on serving NS records in a zone for which it was authoritative. Most implementations
drop the 'aa' bit in this case and Stephane Bortzmeyer informed us of this. PowerDNS now also drops the 'aa'
bit in this case.
</P
></LI
><LI
><P
> The webserver tended to fail after prolonged operation on FreeBSD, this was due to an uninitialised timeout, other platforms were lucky. Thanks to G.P. de Boer for helping debug this.
</P
></LI
><LI
><P
> getAnswers() in dnspacket.cc could be forced to read bytes beyond the end of the packet, leading to crashes in the
PowerDNS recursor. This is an ongoing project that needs more work. Reported by Dan Faerch, with a coredump proving the problem.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-9-6"
>1.3.21. Version 2.9.6</A
></H2
><P
> Two new backends - Generic ODBC (windows only) and LDAP. Furthermore, a few important bugs have been fixed which may have hampered sites seeing a lot of
outgoing zonetransfers. Additionally, the pdns recursor now has 'query throttling' which is pretty cool. In short this makes sure that PowerDNS
does not send out heaps of queries if a nameserver is unable to provide an answer. Many operators of authoritative setups are all too aware of
recursing nameservers that hammer them for zones they don't have, PowerDNS won't do that anymore now, no matter what clients request of it.
</P
><P
> <DIV
CLASS="WARNING"
><P
></P
><TABLE
CLASS="WARNING"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/warning.gif"
HSPACE="5"
ALT="Warning"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
> There is an unresolved issue with the BIND backend and 'overlapping' slave zones. So if you have 'example.com' and also have a separate
slave zone called 'external.example.com', things may go wrong badly. Thanks to Christian Laursen for working with us a lot in finding
this issue. We hope to resolve it soon.
</P
></TD
></TR
></TABLE
></DIV
>
</P
><P
> <P
></P
><UL
><LI
><P
> BIND Backend now honours notifies, code to support this was accidentally left out. Thanks to Christian Laursen for noticing this.
</P
></LI
><LI
><P
> Massive speedup for those of you using the slightly deprecated MBOXFW records. Thanks to Jorn of <A
HREF="http://www.ISP-Services.nl"
TARGET="_top"
> ISP Services</A
> for helping and testing this improvement.
</P
></LI
><LI
><P
> $GENERATE had an off-by-one bug where it would omit the last record to be generated (Christian Laursen)
</P
></LI
><LI
><P
> Simultaneous AXFRs may have been problematic on some backends. Thanks to Jorn of ISP-Services again for helping us resolve this issue.
</P
></LI
><LI
><P
> Added LDAP backend by Norbert Sendetzky, see <A
HREF="ldap.html"
>Section A.12</A
>.
</P
></LI
><LI
><P
> Added Generic ODBC backend for Windows by Michel Stol.
</P
></LI
><LI
><P
> Simplified 'out of zone data' detection in incoming AXFR support, hopefully removing a case sensitivity bug there. Thanks again
to Christian Laursen for reporting this issue.
</P
></LI
><LI
><P
> $include in-zonefile was broken under some circumstances, losing the last character of a filename. Thanks to Joris Vandalon for noticing this.
</P
></LI
><LI
><P
> The zoneparser was more case-sensitive than BIND, refusing to accept 'in' as well as 'IN'. Thanks to Joris Vandalon for noticing this.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-9-5"
>1.3.22. Version 2.9.5</A
></H2
><P
> Released on 2002-02-03.
</P
><P
> This version is almost entirely about recursion with major changes to both the pdns recursor, which is renamed to
'<TT
CLASS="FILENAME"
>pdns_recursor</TT
>' and to the main PowerDNS binary to make it interact better with the recursing component.
</P
><P
> Sadly, due to <A
HREF="http://sources.redhat.com/ml/libc-alpha/2003-01/msg00245.html"
TARGET="_top"
>technical reasons</A
>, compiling
the pdns recursor and pdns authoritative nameserver into one binary is not immediately possible. During the release of 2.9.4 we
stated that the recursing nameserver would be integrated in the next release - this won't happen now.
</P
><P
> However, this turns out to not be that bad at all. The recursor can now be restarted without having to restart the rest of the nameserver,
for example. Cooperation between the both halves of PDNS is also almost seamless. As a result, 'non-lazy recursion' has been dropped. See
<A
HREF="recursion.html"
>Chapter 11</A
> for more details.
</P
><P
> Furthermore, the recursor only works on Linux, Windows and Solaris (not entirely). FreeBSD does not support the required functions.
If you know any important FreeBSD people, plea with them to support set/get/swapcontext! Alternatively, FreeBSD coders could read
the solution presented here <A
HREF="http://www.eng.uwaterloo.ca/~ejones/software/threading.html"
TARGET="_top"
>in figure 5</A
>.
</P
><P
> The 'Contributor of the Month' award goes to Mark Bergsma who has responded to our plea for help with the label compressor and contributed
a wonderfully simple and right fix that allows PDNS to compress just as well as Other namerervers out there. An honorary mention goes to
Ueli Heuer who, despite having no C++ experience, submitted an excellent SRV record implementation.
</P
><P
> Excellent work was also performed by Michel Stol, the Windows guy, in fixing all our non-portable stuff again. Christof Meerwald has also done
wonderful work in porting MTasker to Windows, which was then used by Michel to get the recursor functioning on Windows.
</P
><P
> Other changes:
<P
></P
><UL
><LI
><P
> dnspacket.cc was cleaned up by factoring out common operations
</P
></LI
><LI
><P
> Heaps of work on the recursing nameserver. Has now achieved *days* of uptime!
</P
></LI
><LI
><P
> Recursor renamed from syncres to <TT
CLASS="FILENAME"
>pdns_recursor</TT
>
</P
></LI
><LI
><P
> PowerDNS can now serve records it does not know about. To benefit from this slightly undocumented feature, add
1024 to the numerical type of a record and include the record in binary form in your database. Used internally by the
recursing nameserver but you can use it too.
</P
></LI
><LI
><P
> PowerDNS now knows about SIG and KEY records *names*. It does not support them yet but can at least report so now.
</P
></LI
><LI
><P
> HINFO records can now be transferred from a master to PowerDNS (thanks to Ueli Heuer for noticing it didn't work).
</P
></LI
><LI
><P
> Yet more UltraSPARC alignment issues fixed (Chris Andrews).
</P
></LI
><LI
><P
> Dropped non-lazy recursion, nobody was using it. Lazy recursion became even more lazy after Dan Bernstein pointed out that additional
processing is not vital, so PowerDNS does its best to do additional processing on recursive queries, but does not scream murder if it does
not succeed. Due to caching, the next identical query will be successfully additionally processed.
</P
></LI
><LI
><P
> Label compression was improved so we can now fit all . records in 436 bytes, this used to be 460! (Code & formal
proof of correctness by Mark Bergsma).
</P
></LI
><LI
><P
> SRV support (incoming and outgoing), submitted by Ueli Heuer.
</P
></LI
><LI
><P
> Generic backends do not support SOA serial autocalculation, it appears. Could lead to random SOA serials in case
of a serial of 0 in the database. Fixed so that 0 stays zero in that case. Don't set the SOA serial to 0 when using
Generic MySQL or Generic PostgreSQL!
</P
></LI
><LI
><P
> J root-server address was updated to its new location.
</P
></LI
><LI
><P
> SIGUSR1 now forces the recursor to print out statistics to the log.
</P
></LI
><LI
><P
> Meaning of recursor logging was changed a bit - a cache hit is now a question that was answered with 0 outgoing packets needed. Used to
be a weighted average of internal cache hits.
</P
></LI
><LI
><P
> MySQL compilation did not include -lz which causes problems on some platforms. Thanks to James H. Cloos Jr for reporting this.
</P
></LI
><LI
><P
> After a suggestion by Daniel Meyer and Florus Both, the built in webserver now reports the configuration name when multiple PowerDNS
instances are active.
</P
></LI
><LI
><P
> Brad Knowles noticed that zone2sql had problems with the root.zone, fixed. This also closes some other zone2sql annoyances with converting
single zones.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-9-4"
>1.3.23. Version 2.9.4</A
></H2
><P
> Yet another grand release. Big news is the addition of a recursing nameserver which has sprung into existence
over the past week. It is in use on several computers already but it is not ready for prime time. Complete integration
with PowerDNS is expected around 2.9.5, for now the recursor is a separate program.
</P
><P
> In preliminary tests, the recursor appears to be four times faster than BIND 9 on a naive benchmark starting from a cold cache. BIND 9
managed to get through to some slower nameservers however, which were given up on by PowerDNS. We will continue to tune the recursor.
See <A
HREF="built-in-recursor.html"
>Chapter 12</A
> for further details.
</P
><P
> The BIND Backend has also been tested (see the <B
CLASS="COMMAND"
>bind-domain-status</B
> item below) rather heavily by several parties. After some
discussion online, one of the BIND authors ventured that the newsgroup comp.protocols.dns.bind may now in fact be an appropriate venue
for discussing PowerDNS. Since this discussion, traffic to the PowerDNS pages has increased sixfold and shows no signs of slowing down.
</P
><P
> From this, it is apparent that far more people are interested in PowerDNS than yet know about it. So spread the word!
</P
><P
> In other news, we now have a security page at <A
HREF="security-policy.html"
>Section 1.4</A
>. Furthermore, Maurice Nonnekes contributed an OpenBSD
port! See <A
HREF="http://www.codeninja.nl/openbsd/powerdns/"
TARGET="_top"
>his page</A
> for more details!
</P
><P
> New features and improvements:
<P
></P
><UL
><LI
><P
> All SQL queries in the generic backends are now available for configuration. (Martin Klebermass/bert hubert).
See <A
HREF="generic-mypgsql-backends.html"
>Section A.5</A
>.
</P
></LI
><LI
><P
> A recursing nameserver! See <A
HREF="built-in-recursor.html"
>Chapter 12</A
>.
</P
></LI
><LI
><P
> An incoming AXFR now only starts a backend zone replacement transaction after the first record arrived successfully, thus making
sure no work is done when a remote nameserver is unable/unwilling to AXFR a zone to us.
</P
></LI
><LI
><P
> Zoneparser error messages were improved slightly (thanks to Stef van Dessel for spotting this shortcoming)
</P
></LI
><LI
><P
> XS4ALL's Erik Bos checked how PowerDNS reacted to a BIND installation with almost 60.000 domains, some of which
with >100.000 records, and he discovered the pdns_control <B
CLASS="COMMAND"
>bind-domain-status</B
> command
became very slow with larger numbers of domains. Fixed, 60.000 domains are now listed in under one second.
</P
></LI
><LI
><P
> If a remote nameserver disconnects during an incoming AXFR, the update is now rolled back, unless the AXFR was
properly terminated.
</P
></LI
><LI
><P
> The migration chapter mentioned the use of deprecated backends.
</P
></LI
></UL
>
</P
><P
> A tremendous number of bugs were discovered and fixed:
<P
></P
><UL
><LI
><P
> Zone parser would only accept $include and not $INCLUDE
</P
></LI
><LI
><P
> Zone parser had problems with $lines with comments on the end
</P
></LI
><LI
><P
> Wildcard ANY queries were broken (thanks Colemarcus for spotting this)
</P
></LI
><LI
><P
> A connection failure with the Generic backends would lead to a powerdns reload (cast of many)
</P
></LI
><LI
><P
> Generic backends had some semantic problems with slave support. Symptoms were oft-repeated notifications
and transfers (thanks to Mark Bergsma for helping resolve this).
</P
></LI
><LI
><P
> Solaris version compiles again. Thanks to Mohamed Lrhazi for reporting that it didn't.
</P
></LI
><LI
><P
> Some UltraSPARC alignment fixes. Thanks to Mohamed Lrhazi for being helpful in spotting these.
One problem is still outstanding, Mohamed sent a core dump that tells us where the problem is. Expect the
fix to be in 2.9.5. Volunteers can grep the source for 'UltraSPARC' to find where the problem is.
</P
></LI
><LI
><P
> Our support of IPv6 on FreeBSD had phase of moon dependent bugs, fixed by Peter van Dijk.
</P
></LI
><LI
><P
> Some crashes of and by pdns_control were fixed, thanks to Mark Bergsma for helping resolve these.
</P
></LI
><LI
><P
> Outgoing AXFR in pdns installations with multiple loaded backends was broken (thanks to Stuart Walsh for reporting this).
</P
></LI
><LI
><P
> A failed BIND Backend incoming AXFR would block the zone until it succeeded again.
</P
></LI
><LI
><P
> Generic PostgreSQL backend wouldn't compile with newer libpq++, fixed by Julien Lemoine/SpeedBlue.
</P
></LI
><LI
><P
> Potential bug (not observed) when listening on multiple interfaces fixed.
</P
></LI
><LI
><P
> Some typos in manpages fixed (reported by Marco Davids).
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-9-3"
>1.3.24. Version 2.9.3a</A
></H2
><P
> <DIV
CLASS="NOTE"
><P
></P
><TABLE
CLASS="NOTE"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>2.9.3a is identical to 2.9.3 except that zone2sql does work</P
></TD
></TR
></TABLE
></DIV
></P
><P
> Broad range of huge improvements. We now have an all-static .rpm and .deb for Linux users and a link to an OpenBSD port.
Major news is that work on the Bind backend has progressed to the point that we've just retired our last Bind server and
replaced it with PowerDNS in Bind mode! This server is operating a number of master and slave setups so it should stress the Bind backend
somewhat.
</P
><P
> This version is rapidly approaching the point where it is a better-Bind-than-Bind and nearly a drop-in replacement for authoritative
setups. PowerDNS is now equipped with a powerful
master/slave apparatus that offers a lot of insight and control to the user, even when operating from Bind zonefiles and a
Bind configuration. Observe.
</P
><P
> After the SOA of ds9a.nl was raised:
<PRE
CLASS="SCREEN"
>pdns[17495]: All slave domains are fresh
pdns[17495]: 1 domain for which we are master needs notifications
pdns[17495]: Queued notification of domain 'ds9a.nl' to 195.193.163.3
pdns[17495]: Queued notification of domain 'ds9a.nl' to 213.156.2.1
pdns[17520]: AXFR of domain 'ds9a.nl' initiated by 195.193.163.3
pdns[17520]: AXFR of domain 'ds9a.nl' to 195.193.163.3 finished
pdns[17521]: AXFR of domain 'ds9a.nl' initiated by 213.156.2.1
pdns[17521]: AXFR of domain 'ds9a.nl' to 213.156.2.1 finished
pdns[17495]: Removed from notification list: 'ds9a.nl' to 195.193.163.3 (was acknowledged)
pdns[17495]: Removed from notification list: 'ds9a.nl' to 213.156.2.1 (was acknowledged)
pdns[17495]: No master domains need notifications
</PRE
>
If however our slaves would ignore us, as some are prone to do, we can send some additional notifications:
<PRE
CLASS="SCREEN"
>$ sudo pdns_control notify ds9a.nl
Added to queue
pdns[17492]: Notification request for domain 'ds9a.nl' received
pdns[17492]: Queued notification of domain 'ds9a.nl' to 195.193.163.3
pdns[17492]: Queued notification of domain 'ds9a.nl' to 213.156.2.1
pdns[17495]: Removed from notification list: 'ds9a.nl' to 195.193.163.3 (was acknowledged)
pdns[17495]: Removed from notification list: 'ds9a.nl' to 213.156.2.1 (was acknowledged)
</PRE
>
Conversely, if PowerDNS needs to be reminded to retrieve a zone from a master, a command is provided:
<PRE
CLASS="SCREEN"
>$ sudo pdns_control retrieve forfun.net
Added retrieval request for 'forfun.net' from master 212.187.98.67
pdns[17495]: AXFR started for 'forfun.net', transaction started
pdns[17495]: Zone 'forfun.net' (/var/cache/bind/forfun.net) reloaded
pdns[17495]: AXFR done for 'forfun.net', zone committed
</PRE
>
Also, you can force PowerDNS to reload a zone from disk immediately with <B
CLASS="COMMAND"
>pdns_control bind-reload-now</B
>.
All this happens 'live', per your instructions. Without instructions, the right things also happen, but the operator is in charge.
</P
><P
> For more about all this coolness, see <A
HREF="pdns-internals.html#PDNSCONTROL"
>Section B.1.1</A
> and <A
HREF="bindbackend.html#BIND-CONTROL-COMMANDS"
>Section A.9.2</A
>.
</P
><P
> <DIV
CLASS="WARNING"
><P
></P
><TABLE
CLASS="WARNING"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/warning.gif"
HSPACE="5"
ALT="Warning"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
> Again some changes in compilation instructions. The hybrid pgmysql backend has been split up into 'gmysql' and 'gpgsql', sharing
a common base within the PowerDNS server itself. This means that you can no longer compile
<B
CLASS="COMMAND"
>--with-modules="pgmysql" --enable-mysql --enable-pgsql</B
> but that you should now use:
<B
CLASS="COMMAND"
>--with-modules="gmysql gpgsql"</B
>. The old launch-names remain available.
</P
><P
> If you launch the Generic PgSQL backend as gpgsql2, all parameters will have gpsql2 as a prefix, for example
<B
CLASS="COMMAND"
>pgsql2-dbname</B
>. If launched as gpsql, the regular names are in effect.
</P
></TD
></TR
></TABLE
></DIV
>
</P
><P
> <DIV
CLASS="WARNING"
><P
></P
><TABLE
CLASS="WARNING"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/warning.gif"
HSPACE="5"
ALT="Warning"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
> The pdns_control protocol was changed which means that older pdns_controls cannot talk to 2.9.3. The other way around is
broken too. This may lead to problems with automatic upgrade scripts, so pay attention if your daemon is truly restarted.
</P
><P
> Also make sure no old pdns_control command is around to confuse things.
</P
></TD
></TR
></TABLE
></DIV
>
</P
><P
> Improvements:
<P
></P
><UL
><LI
><P
> Bind backend can now deal with missing files and try to find them later.
</P
></LI
><LI
><P
> Bind backend is now explicitly master capable and triggers the sending of notifications.
</P
></LI
><LI
><P
> General robustness improvements in Bind backend - many errors are now non-fatal.
</P
></LI
><LI
><P
> Accessability, Serviceability. New <B
CLASS="COMMAND"
>pdns_server</B
> commands like <B
CLASS="COMMAND"
>bind-list-rejects</B
>
(lists zones that could not be loaded, and the reason why), <B
CLASS="COMMAND"
>bind-reload-now</B
> (reload a zone from disk NOW),
<B
CLASS="COMMAND"
>rediscover</B
> (reread named.conf NOW). More is coming up.
</P
></LI
><LI
><P
> Added support for retrieving RP (Responsible Person) records from remote masters. Serving them was already possible.
</P
></LI
><LI
><P
> Added support for LOC records, which encode the geographical location of a host, both serving and retrieving (thanks to Marco Davids
using them on our last Bind server, forcing us to implement this silly record).
</P
></LI
><LI
><P
> Configuration file parser now strips leading spaces too, allowing "chroot= /tmp" to work, as well as "chroot=/tmp"
(Thanks to Hub Dohmen for reporting this for months on end).
</P
></LI
><LI
><P
> Added <B
CLASS="COMMAND"
>bind-domain-status</B
> command that shows the status of all domains (when/if they were parsed, any errors
encountered while parsing them).
</P
></LI
><LI
><P
> Added <B
CLASS="COMMAND"
>bind-reload-now</B
> command that tries to reload a zone from disk NOW, and reports back errors to the operator
immediatly.
</P
></LI
><LI
><P
> Added <B
CLASS="COMMAND"
>retrieve</B
> command that queues a request to retrieve a zone from its master.
</P
></LI
><LI
><P
> Zones retrieved from masters are now stored way smaller on disk because the domain is stripped from records, which is derived
from the configuration file. Retrieved zones are now prefixed with some information on where they came from.
</P
></LI
></UL
>
</P
><P
> Changes:
<P
></P
><UL
><LI
><P
> gpgsql and gmysql backends split out of the hybrid pgmysqlbackend. This again changed compilation instructions!
</P
></LI
><LI
><P
> <B
CLASS="COMMAND"
>pdns_control</B
> now uses the rarely seen SOCK_STREAM Unix Domain socket variety so it can transport
large amounts of text, which is needed for the <B
CLASS="COMMAND"
>bind-domain-status</B
> command, for which see
<A
HREF="bindbackend.html#BIND-CONTROL-COMMANDS"
>Section A.9.2</A
>. This breaks compatability with older pdns_control and pdns_server binaries!
</P
></LI
><LI
><P
> Bind backend now ignores 'hint' and 'forward' and other unsupported zone types.
</P
></LI
><LI
><P
> AXFRs are now logged more heavily by default. An AXFR is a heavy operation anyhow, some more logging does not further
increase the load materially. Does help in clearing up what slaves are doing.
</P
></LI
><LI
><P
> A lot of master/slave chatter has been silenced, making output more relevant. No more repetitive 'No master domains need notifications' etc, only changes are reported now.
</P
></LI
></UL
>
</P
><P
> Bugfixes:
<P
></P
><UL
><LI
><P
> Windows version did not compile without minor changes.
</P
></LI
><LI
><P
> Confusing error reporting on Windows 98 (which does not support PowerDNS) fixed
</P
></LI
><LI
><P
> Potential crashes with shortened packets addressed. An upgrade is advised!
</P
></LI
><LI
><P
> <B
CLASS="COMMAND"
>notify</B
> (which was already there, just badly documented) no longer prints out debugging garbage.
</P
></LI
><LI
><P
> pgmysql backend had problems launching when not compiled in but available as a module. Workaround for 2.9.2 is 'load-modules=pgmysql',
but even then gpgsql would not work! gmysql would then, however. These modules are now split out, removing such issues.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-9-2"
>1.3.25. Version 2.9.2</A
></H2
><P
> Bugfixes galore. Solaris porting created some issues on all platforms. Great news is that PowerDNS is now in Debian 'sid' (unstable). The 2.9.1
packages in there currently aren't very good but the 2.9.2 ones will be. Many thanks to Wichert Akkerman, our 'downstream' for making this possible.
</P
><DIV
CLASS="WARNING"
><P
></P
><TABLE
CLASS="WARNING"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/warning.gif"
HSPACE="5"
ALT="Warning"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
> The Generic MySQL backend, part of the Generic MySQL & PostgreSQL backend, is now the DEFAULT! The previous default, the
'mysql' backend (note the lack of 'g') is now DEPRECATED. This was the source of much confusion. The 'mysql' backend
does not support MASTER or SLAVE operation. The Generic backends do.
</P
><P
> To get back the mysql backend, add --with-modules="mysql" or --with-dynmodules="mysql" if you prefer to load your modules at runtime.
</P
></TD
></TR
></TABLE
></DIV
><P
> Bugs fixed:
<P
></P
><UL
><LI
><P
> Silly debugging output removed from the webserver (found by Paul Wouters)
</P
></LI
><LI
><P
> SEVERE: due to Solaris portability fixes, qtypes<127 were broken.
These include NAPTR, ANY and AXFR. The upshot is that powerdns
wasn't performing outgoing AXFRs nor ANY queries. These were the
'question for type -1' warnings in the log
</P
></LI
><LI
><P
> incoming AXFR could theoretically miss some trailing records (not observed, but could happen)
</P
></LI
><LI
><P
> incoming AXFR did not support TXT records (spotted by Paul Wouters)
</P
></LI
><LI
><P
> with some remotes, an incoming AXFR would not terminate until a
timeout occured (observed by Paul Wouters)
</P
></LI
><LI
><P
> Documentation bug, pgmysql != mypgsql
</P
></LI
></UL
>
</P
><P
> Documentation:
<P
></P
><UL
><LI
><P
> Documented the 'random backend', see <A
HREF="randombackend.html"
>Section A.3</A
>.
</P
></LI
><LI
><P
> Wichert Akkerman contributed three manpages.
</P
></LI
><LI
><P
> Building PowerDNS on Unix is now documented somewhat more, see <A
HREF="compiling-powerdns.html#ON-UNIX"
>Section D.1</A
>.
</P
></LI
></UL
>
</P
><P
> Features:
<P
></P
><UL
><LI
><P
> pdns init.d script is now +x by default
</P
></LI
><LI
><P
> OpenBSD is on its way of becoming a supported platform! As of 2.9.2, PowerDNS compiles on OpenBSD but swiftly crashes.
Help is welcome.
</P
></LI
><LI
><P
> ODBC backend (for Windows only) was missing from the distribution, now added.
</P
></LI
><LI
><P
> xdb backend added - see <A
HREF="xdbbackend.html"
>Section A.11</A
>. Designed for use by root-server operators.
</P
></LI
><LI
><P
> Dynamic modules are back which is good news for distributors who want to make a pdns packages that does not
depend one every database under the sun.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-9-1"
>1.3.26. Version 2.9.1</A
></H2
><P
> Thanks to the great enthusiasm from around the world, powerdns is now available for Solaris and FreeBSD users again!
Furthermore, the Windows build is back. We are very grateful for the help of:
</P
><P
>
<P
></P
><UL
><LI
><P
>Michel Stol</P
></LI
><LI
><P
>Wichert Akkerman</P
></LI
><LI
><P
>Edvard Tuinder</P
></LI
><LI
><P
>Koos van den Hout</P
></LI
><LI
><P
>Niels Bakker</P
></LI
><LI
><P
>Erik Bos</P
></LI
><LI
><P
>Alex Bleker</P
></LI
><LI
><P
>steven stillaway</P
></LI
><LI
><P
>Roel van der Made</P
></LI
><LI
><P
>Steven Van Steen</P
></LI
></UL
>
</P
><P
> We are happy to have been able to work with the open source community to improve PowerDNS!
</P
><P
> Changes:
<P
></P
><UL
><LI
><P
> The monitor command <B
CLASS="COMMAND"
>set</B
> no longer allows the changing of non-existant variables.
</P
></LI
><LI
><P
> IBM Universal Database DB2 backend now included in source distribution (untested!)
</P
></LI
><LI
><P
> Oracle backend now included in source distribution (sligthly tested!)
</P
></LI
><LI
><P
> configure script now searches for postgresql and mysql includes
</P
></LI
><LI
><P
> Bind parser now no longer dies on records with a ' in them (Erik Bos)
</P
></LI
><LI
><P
> The pipebackend was accidentally left out of 2.9
</P
></LI
><LI
><P
> FreeBSD fixes (with help from Erik Bos, Alex Bleeker, Niels Bakker)
</P
></LI
><LI
><P
> Heap of Solaris work (with help from Edvard Tuinder, Stefan Van Steen, Koos van den Hout, Roel van der Made and
especially Mark Bakker).
Now compiles in 2.7 and 2.8, haven't tried 2.9. May be a bit dysfunctional on 2.7 though - it won't do IPv6 and it won't serve AAAA. Patches
welcome!
</P
></LI
><LI
><P
> Windows 32 build is back! Michel Stol updated his earlier work to the current version.
</P
></LI
><LI
><P
> S/Linux (Linux on Sparc) build works now (with help from steven stillaway).
</P
></LI
><LI
><P
> Silly debugging message ('sd.ttl from cache') removed
</P
></LI
><LI
><P
> .debs are back, hopefully in 'sid' soon! (Wichert Akkerman)
</P
></LI
><LI
><P
> Removal of bzero and other less portable constructs. Discovered that recent Linux glibc's need -D_GNU_SOURCE (Wichert Akkerman). </P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-9"
>1.3.27. Version 2.9</A
></H2
><P
> Open source release. Do not deploy unless you know what you are
doing. Stability is expected to return with 2.9.1, as are the binary builds.
</P
><P
>
<P
></P
><UL
><LI
><P
> License changed to the GNU General Public License version 2.
</P
></LI
><LI
><P
> Cleanups by Erik Bos @ xs4all.
</P
></LI
><LI
><P
> Build improvements by Wichert Akkerman
</P
></LI
><LI
><P
> Lots of work on the build system, entirely revamped. By PowerDNS.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-8"
>1.3.28. Version 2.8</A
></H2
><P
> From this release onwards, we'll concentrate on stabilising for the 3.0 release. So if you have any must-have features,
let us know soonest. The 2.8 release fixes a bunch of small stability issues and add two new features. In the spirit of the move to
stability, this release has already been running 24 hours on our servers before release.
</P
><P
> <P
></P
><UL
><LI
><P
> pipe backend gains the ability to restricts its invocation to a limited number of requests. This allows a very busy nameserver
to still serve packets from a slow perl backend.
</P
></LI
><LI
><P
> pipe backend now honors query-logging, which also documents which queries were blocked by the regex.
</P
></LI
><LI
><P
> pipe backend now has its own backend chapter.
</P
></LI
><LI
><P
> An incoming AXFR timeout at the wrong moment had the ability to crash the binary, forcing a reload. Thanks to our bug spotting
champions Mike Benoit and Simon Kirby of NetNation for reporting this.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-7"
>1.3.29. Version 2.7 and 2.7.1</A
></H2
><P
> This version fixes some very long standing issues and adds a few new features. If you are still running 2.6, upgrade yesterday. If you
were running 2.6.1, an upgrade is still strongly advised.
</P
><P
> Features:
<P
></P
><UL
><LI
><P
> The controlsocket is now readable and writable by the 'setgid' user. This allows for non-root
access to PDNS which is nice for mrtg or cricket graphs.
</P
></LI
><LI
><P
> MySQL backend (the non-generic one) gains the ability to read from a different table using the
<B
CLASS="COMMAND"
>mysql-table</B
> setting.
</P
></LI
><LI
><P
> pipe backend now has a configurable timeout using the <B
CLASS="COMMAND"
>pipe-timeout</B
> setting. Thanks fo Steve Bromwich
for pointing out the need for this.
</P
></LI
><LI
><P
> Experimental backtraces. If PowerDNS crashes, it will log a lot of numbers and sometimes more to the syslog.
If you see these, please report them to us. Only available under Linux.
</P
></LI
></UL
>
</P
><P
> Bugs:
<P
></P
><UL
><LI
><P
> 2.7 briefly broke the mysql backend, so don't use it if you use that. 2.7.1 fixes this.
</P
></LI
><LI
><P
> SOA records could sometimes have the wrong TTL. Thanks to Jonas Daugaard for reporting this.
</P
></LI
><LI
><P
> An ANY query might lead to duplicate SOA records being returned under exceptional circumstances.
Thanks to Jonas Daugaard for reporting this.
</P
></LI
><LI
><P
> Underlying the above bug, packet compression could sometimes suddenly be turned off, leading to
overly large responses and non-removal of duplicate records.
</P
></LI
><LI
><P
> The <B
CLASS="COMMAND"
>allow-axfr-ips</B
> setting did not accept IP ranges (1.2.3.0/24) which the
documentation claimed it did (thanks to Florus Both of Ascio technologies for being sufficiently persistent in reporting this).
</P
></LI
><LI
><P
> Killed backends were not being respawned, leading to suboptimal behaviour on intermittent database errors. Thanks to Steve Bromwich for
reporting this.
</P
></LI
><LI
><P
> Corrupt packets during an incoming AXFR when acting as a slave would cause a PowerDNS reload instead of just failing that AXFR.
Thanks to Mike Benoit and Simon Kirby of NetNation for reporting this.
</P
></LI
><LI
><P
> Label compression in incoming AXFR had problems with large offsets, causing the above mentioned errors. Thanks to Mike Benoit
and Simon Kirby of NetNation for reporting this.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-6-1"
>1.3.30. Version 2.6.1</A
></H2
><P
> Quick fix release for a big cache problem.
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-6"
>1.3.31. Version 2.6</A
></H2
><P
> Performance release. A lot of work has been done to raise PDNS performance to staggering levels in order to take part
in benchmarketing efforts. Together with our as yet unnamed partner, PDNS has been benchmarked at 60.000 mostly cached queries/second
on off the shelf PC hardware. Uncached performance was 17.000 uncached DNS queries/second on the .ORG domain.
</P
><P
> Performance has been increased by both making PDNS itself quicker but also by lowering the number of backend queries typically needed. Operators
will typically see PDNS taking less CPU and the backend seeing less load.
</P
><P
> Furthermore, some real bugs were fixed. A couple of undocumented performance switches may appear in --help output but you are advised to stay
away from these.
</P
><P
> Developers: this version needs the pdns-2.5.1 development kit, available on <A
HREF="http://downloads.powerdns.com/releases/dev"
TARGET="_top"
> http://downloads.powerdns.com/releases/dev</A
>. See also <A
HREF="backend-writers-guide.html"
>Appendix C</A
>.
</P
><P
> Performance:
<P
></P
><UL
><LI
><P
> A big error in latency calculations - cached packets were weighed 50 times less, leading to inflated latency reporting. Latency calculations
are now correct and way lower - often in the microseconds range.
</P
></LI
><LI
><P
> It is now possible to run with 0 second cache TTLs. This used to cause very frequent cache cleanups, leading
to performance degradation.
</P
></LI
><LI
><P
> Many tiny performance improvements, removing duplicate cache key calculations, etc. The cache itself has also been reworked
to be more efficient.
</P
></LI
><LI
><P
> First 'CNAME' backend query replaced by an 'ANY' query, which most of the time returns the actual record,
preventing the need for a separate CNAME lookup, halving query load.
</P
></LI
><LI
><P
> Much of the same for same-level-NS records on queries needing delegation.
</P
></LI
></UL
>
</P
><P
> Bugs fixed:
<P
></P
><UL
><LI
><P
> Incidentally, the cache count would show 'unknown' packets, which was harmless but confusing. Thanks to Mike and Simon of
NetNation for reporting this.
</P
></LI
><LI
><P
> SOA hostmaster with a . in the local-part would be cached wrongly, leading to a stray backslash
in case of multiple successively SOA queries. Thanks to Ascio Techologies for spotting this bug.
</P
></LI
><LI
><P
> zone2sql did not parse Verisign zonefiles correctly as these contained a $TTL statement in mid-record.
</P
></LI
><LI
><P
> Sometimes packets would not be accounted, leading to 'udp-queries' and 'udp-answers' divergence.
</P
></LI
></UL
>
</P
><P
> Features:
<P
></P
><UL
><LI
><P
> 'cricket' command added to init.d scripts that provides unadorned output for parsing by 'Cricket'.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-5-1"
>1.3.32. Version 2.5.1</A
></H2
><P
> <A
HREF="http://www.tuxedo.org/~esr/jargon/html/entry/brown-paper-bag-bug.html"
TARGET="_top"
>Brown paper bag</A
> release fixing
a huge memory leak in the new Query Cache.
</P
><P
> Developers: this version needs the new pdns-2.5.1 development kit, available on <A
HREF="http://downloads.powerdns.com/releases/dev"
TARGET="_top"
> http://downloads.powerdns.com/releases/dev</A
>. See also <A
HREF="backend-writers-guide.html"
>Appendix C</A
>.
</P
><P
> And some small changes:
<P
></P
><UL
><LI
><P
> Added support for RF<A
HREF="http://wiki.powerdns.com/projects/trac/changeset/2038"
TARGET="_top"
>2038</A
> compliant negative-answer caching. This allows remotes to cache the fact that
a domain does not exist and will not exist for a while. Thanks to Chris Thompson for <A
HREF="http://ops.ietf.org/lists/namedroppers/namedroppers.2002/msg01697.html"
TARGET="_top"
>pointing out how tiny our minds are</A
>. This feature may cause a noticeable reduction
in query load.
</P
></LI
><LI
><P
> Small speedup to non-packet-cached queries, incidentally fixing the huge memory leak.
</P
></LI
><LI
><P
> <B
CLASS="COMMAND"
>pdns_control ccounts</B
> command outputs statistics on what is in the cache, which is
useful to help optimize your caching strategy.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-5"
>1.3.33. Version 2.5</A
></H2
><P
> An important release which has seen quite a lot of trial and error testing. As a result, PDNS can now run with a huge cache
and concurrent invalidations. This is useful when running of a slower database or under high traffic load with a fast database.
</P
><P
> Furthermore, the gpgsql2 backend has been validated for use and will soon supplant the gpgsql backend entirely. This also bodes
well for the gmysql backend which is the same code.
</P
><P
> Also, a large amount of issues biting large scale slave operators were addressed. Most of these issues would only show up
after prolonged uptime.
</P
><P
> New features:
<P
></P
><UL
><LI
><P
> Query cache. The old Packet Cache only cached entire questions and their answers. This is very CPU efficient but
does not lead to maximum hitrate. Two packets both needing to resolve smtp.you.com internally would not benefit
from any caching. Furthermore, many different DNS queries lead to the same backend queries, like 'SOA for .COM?'.
</P
><P
> PDNS now also caches backend queries, but only those having no answer (the majority) and those having one answer
(almost the rest).
</P
><P
> In tests, these additional caches appear to halve the database backend load numerically and perhaps even more in terms
of CPU load. Often, queries with no answer are more expensive than those having one.
</P
><P
> The default <B
CLASS="COMMAND"
>ttl</B
>s for the query-cache and negquery-cache are set to safe values (20 and 60 seconds
respectively), you should be seeing an improvement in behaviour without sacrificing a lot in terms of quick updates.
</P
><P
> The webserver also displays the efficiency of the new Query Cache.
</P
><P
> The old Packet Cache is still there (and useful) but see <A
HREF="performance.html"
>Chapter 9</A
> for more details.
</P
></LI
><LI
><P
> There is now the ability to shut off some logging at a very early stage. High performance sites doing thousands of
queries/second may in fact spend most of their CPU time on attempting to write out logging, even though it is ignored
by syslog. The new flag <B
CLASS="COMMAND"
>log-dns-details</B
>, on by default, allows the operator to kill most
informative-only logging before it takes any cpu.
</P
></LI
><LI
><P
> Flags which can be switched 'on' and 'off' can now also be set to 'off' instead of only to 'no' to turn them off.
</P
></LI
></UL
>
</P
><P
> Enhancements:
<P
></P
><UL
><LI
><P
> Packet Cache is now case insensitive, leading to a higher hitrate because identical queries only differing in case
now both match. Care is taken to restore the proper case in the answer sent out.
</P
></LI
><LI
><P
> Packet Cache stores packets more efficiently now, savings are estimated at 50%.
</P
></LI
><LI
><P
> The Packet Cache is now asynchronous which means that PDNS continues to answer questions while the cache
is busy being purged or queried. Incidentally this will mean a cache miss where previously the question would
wait until the cache became available again.
</P
><P
> The upshot of this is that operators can call <B
CLASS="COMMAND"
>pdns_control purge</B
> as often as desired without
fearing performance loss. Especially the full, non-specific, purge was speeded up tremendously.
</P
><P
> This optimization is of little merit for small sites but is very important when running with a large packetcache, such
as when using recursion under high load.
</P
></LI
><LI
><P
> AXFR log messages now all contain the word 'AXFR' to ease grepping.
</P
></LI
><LI
><P
> Linux static version now compiled with gcc 3.2 which is known to output better and faster code than the previously
used 3.0.4.
</P
></LI
></UL
>
</P
><P
> Bugs fixed:
<P
></P
><UL
><LI
><P
> Packetcache would sometimes send packets back with slightly modified flags if these differed from the flags
of the cached copy.
</P
></LI
><LI
><P
> Resolver code did bad things with filedescriptors leading to fd exhaustion after prolonged uptimes and many slave
SOA currency checks.
</P
></LI
><LI
><P
> Resolver code failed to properly log some errors, leading to operator uncertainty regarding to AXFR problems with
remote masters.
</P
></LI
><LI
><P
> After prolonged uptime, slave code would try to use privileged ports for originating queries, leading to bad
replication efficiency.
</P
></LI
><LI
><P
> Masters sending back answers in differing case from questions would lead to bogus
'Master tried to sneak in out-of-zone data' errors and failing AXFRs.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-4"
>1.3.34. Version 2.4</A
></H2
><P
> Developers: this version is compatible with the pdns-2.1 development kit, available on <A
HREF="http://downloads.powerdns.com/releases/dev"
TARGET="_top"
> http://downloads.powerdns.com/releases/dev</A
>. See also <A
HREF="backend-writers-guide.html"
>Appendix C</A
>.
</P
><P
> This version fixes some stability issues with malformed or malcrafted packets. An upgrade is advised. Furthermore, there are interesting new
features.
</P
><P
> New features:
</P
><P
> <P
></P
><UL
><LI
><P
> Recursive queries are now also cached, but in a separate namespace so non-recursive queries don't get recursed answers and
vice versa. This should mean way lower database load for sites running with the current default lazy-recursion. Up to now,
each and every recursive query would lead to a large amount of SQL queries.
</P
><P
> To prevent the packetcache from becoming huge, a separate <B
CLASS="COMMAND"
>recursive-cache-ttl</B
> can be specified.
</P
></LI
><LI
><P
> The ability to change parameters at runtime was added. Currently, only the new <B
CLASS="COMMAND"
>query-logging</B
> flag
can be changed.
</P
></LI
><LI
><P
> Added <B
CLASS="COMMAND"
>query-logging</B
> flag which hints a backend that it should output a textual representation of queries
it receives. Currently only gmysql and gpgsql2 honor this flag.
</P
></LI
><LI
><P
> Gmysql backend can now also talk to PgSQL, leading to less code. Currently, the old postgresql driver ('gpgsql') is still the default,
the new driver is available as 'gpgsql2' and has the benefit that it does query logging. In the future, gpgsql2 will become the default
gpgsql driver.
</P
></LI
><LI
><P
> DNS recursing proxy is now more verbose in logging odd events which may be caused by buggy recursing backends.
</P
></LI
><LI
><P
> Webserver now displays peak queries/second 1 minute average.
</P
></LI
></UL
>
</P
><P
> Bugs fixed:
<P
></P
><UL
><LI
><P
> Failure to connect to database in master/slave communicator thread could lead to an unclean reload, fixed.
</P
></LI
></UL
>
</P
><P
> Documentation: added details for <B
CLASS="COMMAND"
>strict-rfc-axfrs</B
>. This feature can be used if very old clients need to be able
to do zone transfers with PDNS. Very slow.
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-3"
>1.3.35. Version 2.3</A
></H2
><P
> Developers: this version is compatible with the pdns-2.1 development kit, available on <A
HREF="http://downloads.powerdns.com/releases/dev"
TARGET="_top"
> http://downloads.powerdns.com/releases/dev</A
>. See also <A
HREF="backend-writers-guide.html"
>Appendix C</A
>.
</P
><P
> This release adds the Generic MySQL backend which allows full master/slave semantics with MySQL and InnoDB tables (or other tables that support
transactions). See <A
HREF="generic-mypgsql-backends.html"
>Section A.5</A
>.
</P
><P
> Other new features:
</P
><P
> <P
></P
><UL
><LI
><P
> Improved error messages in master/slave communicator will help down track problems.
</P
></LI
><LI
><P
> <B
CLASS="COMMAND"
>slave-cycle-interval</B
> setting added. Very large sites with thousands of slave domains may need to raise this value
above the default of 60. Every cycle, domains in undeterminate state are checked for their condition. Depending on the health of the masters,
this may entail many SOA queries or attempted AXFRs.
</P
></LI
></UL
>
</P
><P
> Bugs fixed:
</P
><P
> <P
></P
><UL
><LI
><P
> 'pdns_control purge <KBD
CLASS="USERINPUT"
>domain</KBD
>' and 'pdns_control purge <KBD
CLASS="USERINPUT"
>domain$</KBD
>' were broken in version 2.2 and
did not in fact purge the cache. There is a slight risk that domain-specific purge commands could force a reload in previous version.
Thanks to Mike Benoit of NetNation for discovering this.
</P
></LI
><LI
><P
> Master/slave communicator thread got confused in case of delayed answers from slow masters. While not causing harm, this caused inefficient
behaviour when testing large amounts of slave domains because additional 'cycles' had to pass before all domains would have their status
ascertained.
</P
></LI
><LI
><P
> Backends implementing special SOA semantics (currently only the undocumented 'pdns express backend', or homegrown backends) would
under some circumstances not answer the SOA record in case of an ANY query. This should put an end to the last DENIC problems. Thanks to
DENIC for helping us find the problem.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-2"
>1.3.36. Version 2.2</A
></H2
><P
> Developers: this version is compatible with the pdns-2.1 development kit, available on <A
HREF="http://downloads.powerdns.com/releases/dev"
TARGET="_top"
> http://downloads.powerdns.com/releases/dev</A
>. See also <A
HREF="backend-writers-guide.html"
>Appendix C</A
>.
</P
><P
> Again a big release. PowerDNS is seeing some larger deployments in more demanding environments and these are helping shake out remaining issues,
especially with recursing backends.
</P
><P
> The big news is that wildcard CNAMEs are now supported, an oft requested feature and nearly the only part in which PDNS differed from BIND in
authoritative capabilities.
</P
><P
> If you were seeing signal 6 errors in PDNS causing reloads and intermittent service disruptions, please upgrade to this version.
</P
><P
> For operators of PowerDNS Express trying to host .DE domains, the very special <B
CLASS="COMMAND"
>soa-serial-offset</B
> feature has been added
to placate the new DENIC requirement that the SOA serial be at least six digits. PowerDNS Express uses the SOA serial as an actual serial and
not to insert dates and hence often has single digit soa serial numbers, causing big problems with .DE redelegations.
</P
><P
> Bugs fixed:
<P
></P
><UL
><LI
><P
> Malformed or shortened TCP recursion queries would cause a signal 6 and a reload. Same for EOF from the TCP recursing backend.
Thanks to Simon Kirby and Mike Benoit of NetNation for helping debug this.
</P
></LI
><LI
><P
> Timeouts on the TCP recursing backend were far too long, leading to possible exhaustion of TCP resolving threads.
</P
></LI
><LI
><P
> <B
CLASS="COMMAND"
>pdns_control purge domain</B
> accidentally cleaned all packets with that name as a prefix. Thanks to Simon Kirby
for spotting this.
</P
></LI
><LI
><P
> Improved exception error logging - in some circumstances PDNS would not properly log the cause of an exception, which hampered problem
resolution.
</P
></LI
></UL
>
</P
><P
> New features:
<P
></P
><UL
><LI
><P
> Wildcard CNAMEs now work as expected!
</P
></LI
><LI
><P
> <B
CLASS="COMMAND"
>pdns_control purge</B
> can now also purge based on suffix, allowing operators to
purge an entire domain from the packet cache instead of only specific records. See also <A
HREF="pdns-internals.html#PDNSCONTROL"
>Section B.1.1</A
>
Thanks to Mike Benoit for this suggestion.
</P
></LI
><LI
><P
> <B
CLASS="COMMAND"
>soa-serial-offset</B
> for installations with small SOA serial numbers wishing to register .DE domains
with DENIC which demands six-figure SOA serial numbers. See also <A
HREF="all-settings.html"
>Chapter 15</A
>.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-1"
>1.3.37. Version 2.1</A
></H2
><P
> This is a somewhat bigger release due to pressing demands from customers. An upgrade is advised for installations using Recursion.
If you are using recursion, it is vital that you are aware of changes in semantics. Basically, local data will now override data in your
recursing backend under most circumstances. Old behaviour can be restored by turning <B
CLASS="COMMAND"
>lazy-recursion</B
> off.
</P
><P
> Developers: this version has a new pdns-2.1 development kit, available on <A
HREF="http://downloads.powerdns.com/releases/dev"
TARGET="_top"
> http://downloads.powerdns.com/releases/dev</A
>. See also <A
HREF="backend-writers-guide.html"
>Appendix C</A
>.
</P
><P
> <DIV
CLASS="WARNING"
><P
></P
><TABLE
CLASS="WARNING"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/warning.gif"
HSPACE="5"
ALT="Warning"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
> Most users will run a static version of PDNS which has no dependencies on external libraries. However, some may need to run the dynamic version.
This warning applies to these users.
</P
><P
> To run the dynamic version of PDNS, which is needed for backend drivers which are only available in source form, gcc 3.0 is required.
RedHat 7.2 comes with gcc 3.0 as an optional component, RedHat 7.3 does not. However, the RedHat 7.2 Update gcc rpms install just fine
on RedHat 7.3. For Debian, we suggest running 'woody' and installing the g++-3.0 package. We expect to release a FreeBSD dynamic version
shortly.
</P
></TD
></TR
></TABLE
></DIV
>
</P
><P
> Bugs fixed:
<P
></P
><UL
><LI
><P
> RPM releases sometimes overwrote previous configuration files. Thanks to Jorn Ekkelenkamp of Hubris/ISP Services for reporting this.
</P
></LI
><LI
><P
> TCP recursion sent out overly large responses due to a byteorder mistake, confusing some clients. Thanks to the capable engineers
of NetNation for bringing this to our attention.
</P
></LI
><LI
><P
> TCP recursion in combination with a recursing backend on a non-standard port did not work, leading to a
non-functioning TCP listener. Thanks to the capable engineers of NetNation for bringing this to our attention.
</P
></LI
></UL
>
</P
><P
> Unexpected behaviour:
<P
></P
><UL
><LI
><P
> Wildcard URL records where not implemented because they are a performance penalty. To turn these on, enable
<B
CLASS="COMMAND"
>wildcard-url</B
> in the configuration.
</P
></LI
><LI
><P
> Unlike other nameservers, local data did not override the internet for recursing queries. This has mostly been brought into conformance
with user expectations. If a recursive question can be answered entirely from local data, it is. To restore old behaviour, disable
<B
CLASS="COMMAND"
>lazy-recursion</B
>. Also see <A
HREF="recursion.html"
>Chapter 11</A
>.
</P
></LI
></UL
>
</P
><P
> Features:
<P
></P
><UL
><LI
><P
> Oracle support has been tuned, leading to the first public release of the Oracle backend. Zone2sql now outputs better SQL
and the backend is now fully documented. Furthermore, the queries are compatible with the PowerDNS XML-RPC product, allowing
PowerDNS express to run off Oracle. See <A
HREF="oracle.html"
>Section A.6</A
>.
</P
></LI
><LI
><P
> Zone2sql now accepts --transactions to wrap zones in a transaction for PostgreSQL and Oracle output. This is a major speedup and also
makes for better isolation of inserts. See <A
HREF="migration.html#ZONE2SQL"
>Section 10.1</A
>.
</P
></LI
><LI
><P
> <B
CLASS="COMMAND"
>pdns_control</B
> now has the ability to purge the PowerDNS cache or parts of it. This enables operators to
raise the TTL of the Packet Cache to huge values and only to invalidate the cache when changes are made. See also <A
HREF="performance.html"
>Chapter 9</A
> and
<A
HREF="pdns-internals.html#PDNSCONTROL"
>Section B.1.1</A
>.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-0-1"
>1.3.38. Version 2.0.1</A
></H2
><P
> Maintenance release, fixing three small issues.
</P
><P
> Developers: this version is compatible with 1.99.11 backends.
</P
><P
> <P
></P
><UL
><LI
><P
> PowerDNS ignored the <B
CLASS="COMMAND"
>logging-facility</B
> setting unless it was specified on the commandline.
Thanks to Karl Obermayer from WebMachine Technologies for noticing this.
</P
></LI
><LI
><P
> Zone2sql neglected to preserve 'slaveness' of domains when converting to the slave capable PostgreSQL backend. Thanks
to Mike Benoit of NetNation for reporting this. Zone2sql now has a <B
CLASS="COMMAND"
>--slave</B
> option.
</P
></LI
><LI
><P
> SOA Hostmaster addresses with dots in them before the @-sign were mis-encoded on the wire.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-0"
>1.3.39. Version 2.0</A
></H2
><P
> Two bugfixes, one stability/security related. No new features.
</P
><P
> Developers: this version is compatible with 1.99.11 backends.
</P
><P
> Bugfixes:
</P
><P
> <P
></P
><UL
><LI
><P
> zone2sql refused to work under some circumstances, taking 100% cpu and not functioning. Thanks to Andrew Clark and Mike Benoit
for reporting this.
</P
></LI
><LI
><P
> Fixed a stability issue where malformed packets could force PDNS to reload. Present in all earlier 2.0 versions.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-0-RC2"
>1.3.40. Version 2.0 Release Candidate 2</A
></H2
><P
> Mostly bugfixes, no really new features.
</P
><P
> Developers: this version is compatible with 1.99.11 backends.
</P
><P
> Bugs fixed:
</P
><P
> <P
></P
><UL
><LI
><P
> chroot() works again - 2.0rc1 silently refused to chroot. Thanks to Hub Dohmen for noticing this.
</P
></LI
><LI
><P
> setuid() and setgid() security features were silently not being performed in 2.0rc1. Thanks to Hub Dohmen for noticing this.
</P
></LI
><LI
><P
> MX preferences over 255 now work as intended. Thanks to Jeff Crowe for noticing this.
</P
></LI
><LI
><P
> IPv6 clients can now also benefit from the recursing backend feature. Thanks to Andy Furnell for proving beyond any doubt that this
did not work.
</P
></LI
><LI
><P
> Extremely bogus code removed from DNS notification reception code - please test! Thanks to Jakub Jermar for working with us
in figuring out just how broken this was.
</P
></LI
><LI
><P
> AXFR code improved to handle more of the myriad different zonetransfer dialects available. Specifically, interoperability
with Bind 4 was improved, as well as Bind 8 in 'strict rfc conformance' mode. Thanks again for Jakub Jermar for running many tests for us.
If your transfers failed with 'Unknown type 14!!' or words to that effect, this was it.
</P
></LI
></UL
>
</P
><P
> Features:
<P
></P
><UL
><LI
><P
> Win32 version now has a zone2sql tool.
</P
></LI
><LI
><P
> Win32 version now has support for specifying how urgent messages should be before they go to the NT event log.
</P
></LI
></UL
>
</P
><P
> Remaining issues:
<P
></P
><UL
><LI
><P
> One persistent report of the default 'chroot=./' configuration not working.
</P
></LI
><LI
><P
> One report of disable-axfr and allow-axfr-ips not working as intended.
</P
></LI
><LI
><P
> Support for relative paths in zones and in Bind configuration is not bug-for-bug compatible with bind yet.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-2-0-RC1"
>1.3.41. Version 2.0 Release Candidate 1</A
></H2
><P
> The MacOS X release! A very experimental OS X 10.2 build has been added. Furthermore, the Windows version is now in line with Unix with
respect to capabilities. The ODBC backend now has the code to function as both a master and a slave.
</P
><P
> Developers: this version is compatible with 1.99.11 backends.
</P
><P
> <P
></P
><UL
><LI
><P
> Implemented native packet response parsing code, allowing Windows to perform AXFR and NS and SOA queries.
</P
></LI
><LI
><P
> This is the first version for which we have added support for Darwin 6.0, which is part of the forthcoming Mac OS X 10.2.
Please note that although this version is marked RC1, that we have not done extensive testing yet. Consider this a technology
preview.
</P
><P
> <P
></P
><UL
><LI
><P
> The Darwin version has been developed on Mac OS X 10.2 (6<A
HREF="http://wiki.powerdns.com/projects/trac/changeset/35"
TARGET="_top"
>35</A
>). Other versions may or may not work.
</P
></LI
><LI
><P
> Currently only the random, bind, mysql and pdns backends are included.
</P
></LI
><LI
><P
> The menu based installer script does not work, you will have to edit pathconfig by hand as outlined in chapter 2.
</P
></LI
><LI
><P
> On Mac OS X Client, PDNS will fail to start because a system service is already bound to port 53.
</P
></LI
></UL
>
</P
><P
> This version is distributed as a compressed tar file. You should follow the generic UNIX installation instructions.
</P
></LI
></UL
>
</P
><P
> Bugs fixed:
<P
></P
><UL
><LI
><P
> Zone2sql PostgreSQL mode neglected to lowercase $ORIGIN. Thanks to Maikel Verheijen of Ladot for spotting this.
</P
></LI
><LI
><P
> Zone2sql PostgreSQL mode neglected to remove a trailing dot from $ORIGIN if present.
Thanks to Thanks to Maikel Verheijen of Ladot for spotting this.
</P
></LI
><LI
><P
> Zonefile parser was not compatible with bind when $INCLUDING non-absolute filenames. Thanks to Jeff Miller for working out
how this should work.
</P
></LI
><LI
><P
> Bind configuration parser was not compatible with bind when including non-absolute filenames. Thanks to Jeff Miller for working out
how this should work.
</P
></LI
><LI
><P
> Documentation incorrectly listed the Bind backend as 'slave capable'. This is not yet true, now labeled 'experimental'.
</P
></LI
></UL
>
</P
><P
> Windows changes. We are indebted to Dimitry Andric who educated us in the ways of distributing Windows software.
<P
></P
><UL
><LI
><P
> <TT
CLASS="FILENAME"
>pdns.conf</TT
> is now read if available.
</P
></LI
><LI
><P
> Console version responds to ^c now.
</P
></LI
><LI
><P
> Default pdns.conf added to distribution
</P
></LI
><LI
><P
> Uninstaller missed several files, leaving remnants behind
</P
></LI
><LI
><P
> DLLs are now installed locally, with the pdns executable.
</P
></LI
><LI
><P
> pdns_control is now also available on Windows
</P
></LI
><LI
><P
> ODBC backend can now act as master and slave. Experimental.
</P
></LI
><LI
><P
> The example zone missed indexes and had other faults.
</P
></LI
><LI
><P
> A runtime DLL that is present on most windows systems (but not all!) was missing.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-1-99-12"
>1.3.42. Version 1.99.12 Prerelease</A
></H2
><P
> The Windows release! See <A
HREF="windows.html"
>Chapter 3</A
>. Beware, windows support is still very fresh and untested. Feedback is very welcome.
</P
><P
> Developers: this version is compatible with 1.99.11 backends.
</P
><P
> <P
></P
><UL
><LI
><P
> Windows 2000 codebase merge completed. This resulted in quite some changes on the Unix end of things, so this may impact reliability
</P
></LI
><LI
><P
> ODBC backend added for Windows. See <A
HREF="odbc.html"
>Section A.10</A
>.
</P
></LI
><LI
><P
> IBM DB2 Universal Database backend available for Linux. See <A
HREF="db2.html"
>Section A.8</A
>.
</P
></LI
><LI
><P
> Zone2sql now understands $INCLUDE. Thanks to Amaze Internet for nagging about this
</P
></LI
><LI
><P
> The SOA Mininum TTL now has a configurable default (<B
CLASS="COMMAND"
>soa-minimum-ttl</B
>)value to placate the DENIC requirements.
</P
></LI
><LI
><P
> Added a limit on the simultaneous numbers of TCP connections to accept (<B
CLASS="COMMAND"
>max-tcp-connections</B
>). Defaults to 10.
</P
></LI
></UL
>
</P
><P
> Bugs fixed:
<P
></P
><UL
><LI
><P
> When operating in virtual hosting mode (See <A
HREF="virtual.html"
>Chapter 8</A
>), the additional init.d scripts would not function correctly
and interface with other pdns instances.
</P
></LI
><LI
><P
> PDNS neglected to conserve case on answers. So a query for WwW.PoWeRdNs.CoM would get an answer listing the address of www.powerdns.com.
While this did not confuse resolvers, it is better to conserve case. This has semantical concequences for all backends, which the documentation
now spells out.
</P
></LI
><LI
><P
> PostgreSQL backend was case sensitive and returned only answers in case an exact match was found. The Generic PostgreSQL backend is now
officially all lower case and zone2sql in PostgreSQL mode enforces this.
Documentation has been been updated to reflect the case change. Thanks to Maikel Verheijen of Ladot for
spotting this!
</P
></LI
><LI
><P
> Documentation bug - postgresql create/index statements created a duplicate index. If you've previously copy pasted the commands and
not noticed the error, execute <B
CLASS="COMMAND"
>CREATE INDEX rec_name_index ON records(name)</B
> to remedy. Thanks to Jeff Miller for reporting
this. This also lead to depressingly slow 'ANY' lookups for those of you doing benchmarks.
</P
></LI
></UL
>
</P
><P
> Features:
<P
></P
><UL
><LI
><P
> pdns_control (see <A
HREF="pdns-internals.html#PDNSCONTROL"
>Section B.1.1</A
>) now opens the local end of its socket in <TT
CLASS="FILENAME"
>/tmp</TT
> instead of next to the
remote socket (by default <TT
CLASS="FILENAME"
>/var/run</TT
>). This eases the way for allowing non-root access to pdns_control. When running chrooted
(see <A
HREF="security.html"
>Chapter 7</A
>), the local socket again moves back to <TT
CLASS="FILENAME"
>/var/run</TT
>.
</P
></LI
><LI
><P
> pdns_control now has a 'version' command. See <A
HREF="pdns-internals.html#PDNSCONTROL"
>Section B.1.1</A
>.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-1-99-11"
>1.3.43. Version 1.99.11 Prerelease</A
></H2
><P
> This release is important because it is the first release which is accompanied by an Open Source Backend Development Kit, allowing external
developers to write backends for PDNS. Furthermore, a few bugs have been fixed:
</P
><P
> <P
></P
><UL
><LI
><P
> Lines with only whitespace in zone files confused PDNS (thanks Henk Wevers)
</P
></LI
><LI
><P
> PDNS did not properly parse TTLs with symbolic sufixes in zone files, ie 2H instead of 7200 (thanks Henk Wevers)
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-1-99-10"
>1.3.44. Version 1.99.10 Prerelease</A
></H2
><P
> IMPORTANT: there has been a tiny license change involving free public webbased dns hosting, check out the changes before deploying!
</P
><P
> PDNS is now feature complete, or very nearly so. Besides adding features, a lot of 'fleshing out' work is done now. There is an important
performance bug fix which may have lead to disappointing benchmarks - so if you saw any of that, please try either this version or 1.99.8 which
also does not have the bug.
</P
><P
> This version has been very stable for us on multiple hosts, as was 1.99.9.
</P
><P
> PostgreSQL users should be aware that while 1.99.10 works with the schema as presented in earlier versions, advanced features
such as master or slave support will not work unless you create the new 'domains' table as well.
</P
><P
> Bugs fixed:
<P
></P
><UL
><LI
><P
> Wildcard AAAA queries sometimes received an NXDOMAIN error where they should have gotten an empty NO ERROR. Thanks to Jeroen Massar
for spotting this on the .TK TLD!
</P
></LI
><LI
><P
> Do not disable the packetcache for 'recursion desired' packets unless a recursor was configured. Thanks to Greg Schueler for noticing this.
</P
></LI
><LI
><P
> A failing backend would not be reinstated. Thanks to 'Webspider' for discovering this problem with PostgreSQL connections that die after
prolonged inactivity.
</P
></LI
><LI
><P
> Fixed loads of IPv6 transport problems. Thanks to Marco Davids and others for testing. Considered ready for production now.
</P
></LI
><LI
><P
> <B
CLASS="COMMAND"
>Zone2sql</B
> printed a debugging statement on range $GENERATE commands. Thanks to Rene van Valkenburg for spotting this.
</P
></LI
></UL
>
</P
><P
> Features:
<P
></P
><UL
><LI
><P
> PDNS can now act as a master, sending out notifications in case of changes and allowing slaves to AXFR. Big rewording of replication support,
domains are now either 'native', 'master' or 'slave'. See <A
HREF="replication.html"
>Chapter 13</A
> for lots of details.
</P
></LI
><LI
><P
> <B
CLASS="COMMAND"
>Zone2sql</B
> in PostgreSQL mode now populates the 'domains' table for easy master, slave or native replication support.
</P
></LI
><LI
><P
> Ability to disable those annoying Windows DNS Dynamic Update messages from appearing in the log. See <CODE
CLASS="FUNCTION"
>log-failed-updates</CODE
>
in <A
HREF="all-settings.html"
>Chapter 15</A
>.
</P
></LI
><LI
><P
> Ability to run on IPv6 transport only
</P
></LI
><LI
><P
> Logging can now happen under a 'facility' so all PDNS messages appear in their own file. See <A
HREF="syslog.html"
>Section 6.3</A
>.
</P
></LI
><LI
><P
> Different OS releases of PDNS now get different install path defaults. Thanks to Mark Lastdrager for nagging about this and to Nero Imhard and
Frederique Rijsdijk for suggesting saner defaults.
</P
></LI
><LI
><P
> Infrastructure for 'also-notify' statements added.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-1-99-9"
>1.3.45. Version 1.99.9 Early Access Prerelease</A
></H2
><P
> This is again a feature and an infrastructure release. We are nearly feature complete and will soon start
work on the backends to make sure that they are all master, slave and 'superslave' capable.
</P
><P
> Bugs fixed:
<P
></P
><UL
><LI
><P
> PDNS sometimes sent out duplicate replies for packets passed to the recursing backend. Mostly a problem on SMP systems. Thanks to Mike Benoit
for noticing this.
</P
></LI
><LI
><P
> Out-of-bailiwick CNAMES (ie, a CNAME to a domain not in PDNS) caused a 'ServFail' packet in 1.99.8, indicating failure, leading to hosts not
resolving. Thanks to Martin Gillstrom for noticing this.
</P
></LI
><LI
><P
> Zone2sql balked at zones editted under operating sytems terminating files with ^Z (Windows). Thanks Brian Willcott for reporting this.
</P
></LI
><LI
><P
> PostgreSQL backend logged the password used to connect. Now only does so in case of failure to connect. Thanks to 'Webspider' for noticing this.
</P
></LI
><LI
><P
> Debian unstable distribution wrongly depended on home compiled PostgreSQL libraries. Thanks to Konrad Wojas for noticing this.
</P
></LI
></UL
>
</P
><P
> Features:
<P
></P
><UL
><LI
><P
> When operating as a slave, AAAA records are now supported in the zone. They were already supported in master zones.
</P
></LI
><LI
><P
> IPv6 transport support - PDNS can now listen on an IPv6 socket using the <B
CLASS="COMMAND"
>local-ipv6</B
> setting.
</P
></LI
><LI
><P
> Very silly randombackend added which appears in the documentation as a sample backend. See <A
HREF="backend-writers-guide.html"
>Appendix C</A
>.
</P
></LI
><LI
><P
> When transferring a slave zone from a master, out of zone data is now rejected. Malicious operators might try to insert bad records otherwise.
</P
></LI
><LI
><P
> 'Supermaster' support for automatic provisioning from masters. See <A
HREF="slave.html#SUPERMASTER"
>Section 13.2.1</A
>.
</P
></LI
><LI
><P
> Recursing backend can now live on a non-standard (!=53) port. See <A
HREF="recursion.html"
>Chapter 11</A
>.
</P
></LI
><LI
><P
> Slave zone retrieval is now queued instead of immediate, which scales better and is more resilient to temporary failures.
</P
></LI
><LI
><P
> <B
CLASS="COMMAND"
>max-queue-length</B
> parameter. If this many packets are queued for database attention, consider the situation hopeless and
respawn.
</P
></LI
></UL
>
</P
><P
> Internal:
<P
></P
><UL
><LI
><P
> SOA records are now 'special' and each backend can optionally generate them in special ways. PostgreSQL backend does so
when operating as a slave.
</P
></LI
><LI
><P
> Writing backends is now a lot easier. See <A
HREF="backend-writers-guide.html"
>Appendix C</A
>.
</P
></LI
><LI
><P
> Added Bindbackend to internal regression tests, confirming that it is compliant.
</P
></LI
></UL
>
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-1-99-8"
>1.3.46. Version 1.99.8 Early Access Prerelease</A
></H2
><P
> A lot of infrastructure work gearing up to 2.0. Some stability bugs fixed and a lot of new features.
</P
><P
> Bugs fixed:
<P
></P
><UL
><LI
><P
> Bindbackend was overly complex and crashed on some systems on startup. Simplified launch code.
</P
></LI
><LI
><P
> SOA fields were not always properly filled in, causing default values to go out on the wire
</P
></LI
><LI
><P
> Obscure bug triggered by malicious packets (we know who you are) in SOA finding code fixed.
</P
></LI
><LI
><P
> Magic serial number calculation contained a double free leading to instability.
</P
></LI
><LI
><P
> Standards violation, questions for domains for which PDNS was unauthoritative now get a SERVFAIL answer.
Thanks to the IETF Namedroppers list for helping out with this.
</P
></LI
><LI
><P
> Slowly launching backends were being relaunched at a great rate when queries were coming in while launching backends.
</P
></LI
><LI
><P
> MySQL-on-unix-domain-socket on SMP systems was overwhelmed by the quick connection rate on launch, inserted a small 50ms delay.
</P
></LI
><LI
><P
> Some SMP problems appear to be compiler related. Shifted to GCC 3.0.4 for Linux.
</P
></LI
><LI
><P
> Ran ispell on documentation.
</P
></LI
></UL
>
</P
><P
> Feature enhancements:
<P
></P
><UL
><LI
><P
> Recursing backend. See <A
HREF="recursion.html"
>Chapter 11</A
>. Allows recursive and authoritative DNS on the same IP address.
</P
></LI
><LI
><P
> <A
HREF="types.html#NAPTR"
>NAPTR support</A
>, which is especially useful for the ENUM/E.164 community.
</P
></LI
><LI
><P
> Zone transfers can now be allowed per <A
HREF="all-settings.html#ALLOW-AXFR-IPS"
>netmask instead of only per IP address</A
>.
</P
></LI
><LI
><P
> Preliminary support for slave operation included. Only for the adventurous right now! See <A
HREF="slave.html"
>Section 13.2</A
>
</P
></LI
><LI
><P
> All record types now documented, see <A
HREF="types.html"
>Chapter 17</A
>.
</P
></LI
></UL
>
</P
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN2231"
>1.3.46.1. Known bugs</A
></H3
><P
> Wildcard CNAMES do not work as they do with bind.
</P
><P
> Recursion sometimes sends out duplicate packets (fixed in 1.99.9 snapshots)
</P
><P
> Some stability issues which are caught by the guardian
</P
></DIV
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN2236"
>1.3.46.2. Missing features</A
></H3
><P
> Features present in this document, but disabled or withheld from the current release:
<P
></P
><UL
><LI
><P
> gmysqlbackend, oraclebackend
</P
></LI
></UL
>
</P
></DIV
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CHANGELOG-1-99-7"
>1.3.47. Version 1.99.7 Early Access Prerelease</A
></H2
><P
> Named.conf parsing got a lot of work and many more bind configurations can now be parsed. Furthermore, error reporting was improved.
Stability is looking good.
</P
><P
> Bugs fixed:
<P
></P
><UL
><LI
><P
> Bind parser got confused by filenames with underscores and colons.
</P
></LI
><LI
><P
> Bind parser got confused by spaces in quoted names
</P
></LI
><LI
><P
> FreeBSD version now stops and starts when instructed to do so.
</P
></LI
><LI
><P
> Wildcards were off by default, which violates standards. Now on by default.
</P
></LI
><LI
><P
> --oracle was broken in zone2sql
</P
></LI
></UL
>
</P
><P
> Feature enhancements:
<P
></P
><UL
><LI
><P
> Line number counting goes on as it should when including files in named.conf
</P
></LI
><LI
><P
> Added --no-config to enable users to start the pdns daemon without parsing the configuration file.
</P
></LI
><LI
><P
> zone2sql now has --bare for unformatted output which can be used to generate insert statements for different database layouts
</P
></LI
><LI
><P
> zone2sql now has --gpgsql, which is an alias for --mysql, to output in a format useful for the default Generic PgSQL backend
</P
></LI
><LI
><P
> zone2sql is now documented.
</P
></LI
></UL
>
</P
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN2269"
>1.3.47.1. Known bugs</A
></H3
><P
> Wildcard CNAMES do not work as they do with bind.
</P
></DIV
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN2272"
>1.3.47.2. Missing features</A
></H3
><P
> Features present in this document, but disabled or withheld from the current release:
<P
></P
><UL
><LI
><P
> gmysqlbackend, oraclebackend
</P
></LI
></UL
>
Some of these features will be present in newer releases.
</P
></DIV
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2278"
>1.3.48. Version 1.99.6 Early Access Prerelease</A
></H2
><P
> This version is now running on dns-eu1.powerdns.net and working very well for us. But please remain cautious before
deploying!
</P
><P
> Bugs fixed:
<P
></P
><UL
><LI
><P
> Webserver neglected to show log messages
</P
></LI
><LI
><P
> TCP question/answer miscounted multiple questions over one socket. Fixed misnaming of counter
</P
></LI
><LI
><P
> Packetcache now detects clock skew and times out entries
</P
></LI
><LI
><P
> named.conf parser now reports errors with line number and offending token
</P
></LI
><LI
><P
> Filenames in named.conf can now contain :
</P
></LI
></UL
>
</P
><P
> Feature enhancements:
<P
></P
><UL
><LI
><P
> The webserver now by default does not print out configuration statements, which might contain database backends. Use
<B
CLASS="COMMAND"
>webserver-print-arguments</B
> to restore the old behaviour.
</P
></LI
><LI
><P
> Generic PostgreSQL backend is now included. Still rather beta.
</P
></LI
></UL
>
</P
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN2300"
>1.3.48.1. Known bugs</A
></H3
><P
> FreeBSD version does not stop when requested to do so.
</P
><P
> Wildcard CNAMES do not work as they do with bind.
</P
></DIV
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN2304"
>1.3.48.2. Missing features</A
></H3
><P
> Features present in this document, but disabled or withheld from the current release:
<P
></P
><UL
><LI
><P
> gmysqlbackend, oraclebackend
</P
></LI
></UL
>
Some of these features will be present in newer releases.
</P
></DIV
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2310"
>1.3.49. Version 1.99.5 Early Access Prerelease</A
></H2
><P
> The main focus of this release is stability and TCP improvements. This is the first release PowerDNS-the-company actually considers for running
on its production servers!
</P
><P
> Major bugs fixed:
<P
></P
><UL
><LI
><P
> Zone2sql received a floating point division by zero error on named.confs with less than 100 domains.
</P
></LI
><LI
><P
> Huffman encoder failed without specific error on illegal characters in a domain
</P
></LI
><LI
><P
> Fixed huge memory leaks in TCP code.
</P
></LI
><LI
><P
> Removed further file descriptor leaks in guardian respawning code
</P
></LI
><LI
><P
> Pipebackend was too chatty.
</P
></LI
><LI
><P
> pdns_server neglected to close fds 0, 1 & 2 when daemonizing
</P
></LI
></UL
>
</P
><P
> Feature enhancements:
<P
></P
><UL
><LI
><P
> bindbackend can be instructed not to check the ctime of a zone by specifying <B
CLASS="COMMAND"
>bind-check-interval=0</B
>,
which is also the new default.
</P
></LI
><LI
><P
> <B
CLASS="COMMAND"
>pdns_server --list-modules</B
> lists all available modules.
</P
></LI
></UL
>
</P
><P
> Performance enhancements:
<P
></P
><UL
><LI
><P
> TCP code now only creates a new database connection for AXFR.
</P
></LI
><LI
><P
> TCP connections timeout rather quickly now, leading to less load on the server.
</P
></LI
></UL
>
</P
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN2341"
>1.3.49.1. Known bugs</A
></H3
><P
> FreeBSD version does not stop when requested to do so.
</P
><P
> Wildcard CNAMES do not work as they do with bind.
</P
></DIV
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN2345"
>1.3.49.2. Missing features</A
></H3
><P
> Features present in this document, but disabled or withheld from the current release:
<P
></P
><UL
><LI
><P
> gmysqlbackend, oraclebackend, gpgsqlbackend
</P
></LI
></UL
>
Some of these features will be present in newer releases.
</P
></DIV
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2351"
>1.3.50. Version 1.99.4 Early Access Prerelease</A
></H2
><P
> A lot of new named.confs can now be parsed, zone2sql & bindbackend have gained features and stability.
</P
><P
> Major bugs fixed:
<P
></P
><UL
><LI
><P
> Label compression was not always enabled, leading to large reply packets sometimes.
</P
></LI
><LI
><P
> Database errors on TCP server lead to a nameserver reload by the guardian.
</P
></LI
><LI
><P
> MySQL backend neglected to close its connection properly.
</P
></LI
><LI
><P
> BindParser miss parsed some IP addresses and netmasks.
</P
></LI
><LI
><P
> Truncated answers were also truncated on the packetcache, leading to truncated TCP answers.
</P
></LI
></UL
>
</P
><P
> Feature enhancements:
<P
></P
><UL
><LI
><P
> Zone2sql and the bindbackend now understand the Bind $GENERATE{} syntax.
</P
></LI
><LI
><P
> Zone2sql can optionally gloss over non-existing zones with <B
CLASS="COMMAND"
>--on-error-resume-next</B
>.
</P
></LI
><LI
><P
> Zone2sql and the bindbackend now properly expand @ also on the right hand side of records.
</P
></LI
><LI
><P
> Zone2sql now sets a default TTL.
</P
></LI
><LI
><P
> DNS UPDATEs and NOTIFYs are now logged properly and sent the right responses.
</P
></LI
></UL
>
</P
><P
> Performance enhancements:
<P
></P
><UL
><LI
><P
> 'Fancy records' are no longer queried for on ANY queries - this is a big speedup.
</P
></LI
></UL
>
</P
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN2383"
>1.3.50.1. Known bugs</A
></H3
><P
> FreeBSD version does not stop when requested to do so.
</P
><P
> Zone2sql refuses named.confs with less than 100 domains.
</P
><P
> Wildcard CNAMES do not work as they do with bind.
</P
></DIV
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN2388"
>1.3.50.2. Missing features</A
></H3
><P
> Features present in this document, but disabled or withheld from the current release:
<P
></P
><UL
><LI
><P
> gmysqlbackend, oraclebackend, gpgsqlbackend
</P
></LI
></UL
>
Some of these features will be present in newer releases.
</P
></DIV
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2394"
>1.3.51. Version 1.99.3 Early Access Prerelease</A
></H2
><P
> The big news in this release is the BindBackend which is now capable of parsing many more named.conf Bind configurations.
Furthermore, PDNS has successfully parsed very large named.confs with large numbers of small domains, as well as small numbers of
large domains (TLD).
</P
><P
> Zone transfers are now also much improved.
</P
><P
> Major bugs fixed:
<P
></P
><UL
><LI
><P
> zone2sql leaked file descriptors on each domain, used wrong Bison recursion leading to
parser stack overflows. This limited the amount of domains that could be parsed to 1024.
</P
></LI
><LI
><P
> zone2sql can now read all known zonefiles, with the exception of those containing $GENERATE
</P
></LI
><LI
><P
> Guardian relaunching a child lost two file descriptors
</P
></LI
><LI
><P
> Don't die on a connection reset by peer during zone transfer.
</P
></LI
><LI
><P
> Webserver does not crash anymore on ringbuffer resize
</P
></LI
></UL
>
</P
><P
> Feature enhancements:
<P
></P
><UL
><LI
><P
> AXFR can now be disabled, and re-enabled per IP address
</P
></LI
><LI
><P
> --help accepts a parameter, will then show only help items with that prefix.
</P
></LI
><LI
><P
> zone2sql now accepts a --zone-name parameter
</P
></LI
><LI
><P
> BindBackend maturing - 9500 zones parsed in 3.5 seconds. No longer case sensitive.
</P
></LI
></UL
>
</P
><P
> Performance enhancements:
<P
></P
><UL
><LI
><P
> Implemented RFC-breaking AXFR format (which is the industry standard). Zone transfers now zoom along
at wirespeed (many megabits/s).
</P
></LI
></UL
>
</P
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN2424"
>1.3.51.1. Known bugs</A
></H3
><P
> FreeBSD version does not stop when requested to do so.
</P
><P
> BindBackend cannot parse zones with $GENERATE statements.
</P
></DIV
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN2428"
>1.3.51.2. Missing features</A
></H3
><P
> Features present in this document, but disabled or withheld from the current release:
<P
></P
><UL
><LI
><P
> gmysqlbackend, oraclebackend, gpgsqlbackend
</P
></LI
></UL
>
Some of these features will be present in newer releases.
</P
></DIV
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2434"
>1.3.52. Version 1.99.2 Early Access Prerelease</A
></H2
><P
> Major bugs fixed:
<P
></P
><UL
><LI
><P
> Database backend reload does not hang the daemon anymore
</P
></LI
><LI
><P
> Buffer overrun in local socket address initialisation may have caused binding problems
</P
></LI
><LI
><P
> setuid changed the uid to the gid of the selected user
</P
></LI
><LI
><P
> zone2sql doesn't coredump on invocation anymore. Fixed lots of small issues.
</P
></LI
><LI
><P
> Don't parse configuration file when creating configuration file. This was a problem with reinstalling.
</P
></LI
></UL
>
Performance improvements:
<P
></P
><UL
><LI
><P
> removed a lot of unnecessary gettimeofday calls
</P
></LI
><LI
><P
> removed needless select(2) call in case of listening on only one address
</P
></LI
><LI
><P
> removed 3 useless syscalls in the fast path
</P
></LI
></UL
>
Having said that, more work may need to be done. Testing on a 486 saw packet rates in a simple setup
(question/wait/answer/question..) improve from 200 queries/second to over 400.
</P
><P
> Usability improvements:
<P
></P
><UL
><LI
><P
> Fixed error checking in init.d script (<B
CLASS="COMMAND"
>show</B
>, <B
CLASS="COMMAND"
>mrtg</B
>)
</P
></LI
><LI
><P
> Added 'uptime' to the mrtg output
</P
></LI
><LI
><P
> removed further GNUisms from installer and init.d scripts for use on FreeBSD
</P
></LI
><LI
><P
> Debian package and apt repository, thanks to Wichert Akkerman.
</P
></LI
><LI
><P
> FreeBSD /usr/ports, thanks to Peter van Dijk (in progress).
</P
></LI
></UL
>
</P
><P
> Stability may be an issue as well as performance. This version has a tendency to log a bit too much which slows
the nameserver down a lot.
</P
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN2470"
>1.3.52.1. Known bugs</A
></H3
><P
> Decreasing a ringbuffer on the website is a sure way to crash the daemon. Zone2sql, while improved, still
has problems with a zone in the following format:
<PRE
CLASS="PROGRAMLISTING"
>name IN A 1.2.3.4
IN A 1.2.3.5
</PRE
>
To fix, add 'name' to the second line.
</P
><P
> Zone2sql does not close filedescriptors.
</P
><P
> FreeBSD version does not stop when requested via the init.d script.
</P
></DIV
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN2476"
>1.3.52.2. Missing features</A
></H3
><P
> Features present in this document, but disabled or withheld from the current release:
<P
></P
><UL
><LI
><P
> gmysqlbackend, oraclebackend, gpgsqlbackend
</P
></LI
><LI
><P
> fully functioning bindbackend - will try to parse named.conf, but probably fail
</P
></LI
></UL
>
Some of these features will be present in newer releases.
</P
></DIV
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2484"
>1.3.53. Version 1.99.1 Early Access Prerelease</A
></H2
><P
> This is the first public release of what is going to become PDNS 2.0. As such, it is not of production quality.
Even PowerDNS-the-company does not run this yet.
</P
><P
> Stability may be an issue as well as performance. This version has a tendency to log a bit too much which slows
the nameserver down a lot.
</P
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN2488"
>1.3.53.1. Known bugs</A
></H3
><P
> Decreasing a ringbuffer on the website is a sure way to crash the daemon. Zone2sql is very buggy.
</P
></DIV
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="AEN2491"
>1.3.53.2. Missing features</A
></H3
><P
> Features present in this document, but disabled or withheld from the current release:
<P
></P
><UL
><LI
><P
> gmysqlbackend, oraclebackend, gpgsqlbackend
</P
></LI
><LI
><P
> fully functioning bindbackend - will not parse configuration files
</P
></LI
></UL
>
Some of these features will be present in newer releases.
</P
></DIV
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="about.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="security-policy.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>About this document</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="powerdns.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Security</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
distrib
>
Mandriva
>
2010.1
>
i586
>
media
>
contrib-updates
>
by-pkgid
>
563affe035311228f138962d4d47d4fd
>
files
>
27
