1.3. Release notes
Before proceeding, it is advised to check the release notes for your PDNS version, as specified in the name of the distribution file.
Beyond PowerDNS 2.9.20, the Authoritative Server and Recursor are released separately.
1.3.1. Authoritative Server version 2.9.22
 | UNRELEASED! |
DNSSEC records were part of 2.9.21, but were not actually hooked up. Please note that while PowerDNS can serve most DNSSEC records, it does not do DNSSEC processing. Implemented in 1046.
Andre Lorbach of Adiscon discovered the microsoft windows 2003 nameserver adds out of zone data to zonetransfers, which we need to ignore, instead of rejecting the entire zone. Implemented in 1048.
Direct queries for 'fancy records' would lead to errors, such queries now fail early. Spotted by Jorn Ekkelenkamp, implemented in 1051.
Address issues found by more recent g++ versions. Spotted and/or fixed by Jorn Ekkelenkamp (commit 1051), Marcus Rueckert (commit 1094), Norbert Sendetzky (commit 1107), Serge Belyshev (commit 1171).
The Intel C Compiler implements certain things differently, causing the master/slave communicator to malfunction. Spotted by Marcus Rueckert, implemented in 1052, plus fallout in 1105.
Zone2sql now reads source files in performance enhancing inode order. Additionally, zone2sql no longer dies on a missing zone file if --on-error-resume-next was specified. Finally, statistics of zone2sql confersion have been improved. Implemented in 1055.
Zoneparser improvements mean $TTL and $INCLUDES now work a lot better. Additionally, trailing spaces no longer confuse the parser. Implemented in 1056, 1062.
Jelte Jansen of Stichting NLNetLabs discovered PowerDNS couldn't operate as a root-server! Fixed in 1057.
Move from select() to poll()-based multiplexing, allowing PowerDNS to listen on more than 1024 sockets simultaneously. One big PowerDNS user needs this. Implemented in 1072.
'DPS' discovered there was a rare opportunity for PowerDNS to lock up waiting for new data. Addressed in 1076.
Implemented a notification proxy, see Section 19.1. This work was sponsored by UPC Broadband. Implemented in commits commit 1075, commit 1077, commit 1082, commit 1083, commit 1085, commit 1086.
Several memory leaks on bad data in the database or other errors have been fixed. Addressed in 1078 and 1079.
In contravention to the documentation, the domain type as specified in the database ('MASTER', 'SLAVE' or 'NATIVE') was interpreted case sensitively. 1084.
BIND backend could crash on processing information about slave zones to be checked. Spotted by Stefan Schmidt, fixed in 1089.
Fix typo in geobackend, closing ticket 157, implemented in 1090.
Fix handling of TCP timeouts to not cause a reload of the backends. Implemented in commit 1092.
Treat invalid WWW requests better. Spotted by Maikel Verheijen, implemented in commit 1092.
Documentation errors and typos, spotted by Marco Davids (commit 1097) and Rejo Zengers (commit 1119)
Properly fill out the 'recursion available'-flag. Spotted by Augie Schwer in ticket 167.
Initial work on TSIG support - not done yet. Spurred on by Marco Davids.
IXFR queries are now support in the sense that we treat them as AXFR queries, silencing warning in other nameservers. Suggested in ticket 131.
BIND backend speedups in commit 1108, measured at around a 20% improvement, possibly more on very large setups.
The PIPE backend has been extended by David Apgar to allow the reporting of errors using the 'FAIL' command, plus support for responses with whitespace. Implemented in commit 1114.
PowerDNS Authoritative server now parses incoming EDNS options, like maximum allowed packet size. Implemented in commit 1123.
Embarrassingly, the 'master' configuration setting was not documented in the list of all settings!
Added support for DHCID, IPSECKEY and KX records, thanks Norbert Sendetzky for the hint. Implemented in commit 1144.
Fix subtle CNAME and wildcard interactions reported by 'zzyzz', implemented in commit 1147.
Norbert Sendetzky has has added support for all record types supported by PowerDNS to the LDAPBackend. Furthermore, the detection of OpenLDAP in autoconf has been improved. Finally, debian has supplied some fixes to PowerLDAP. Implemented in commit 1152 and commit 1153.
Norbert has updated OpenDBX so that SQLite reads and writes no longer deadlock, plus compliation fixes on Solaris, plus the addition of autoserials to backends that support triggers. Implemented in commit 1154.
Labels are compressed more efficiently (case-insensitively), leading to smaller packets. Implemented in commit 1156.
Random generator is now based on AES, improving the security of certain proxy operations. This is the same random generator that is in the recursor.
The generic backends did not honour the default-ttl setting. Spotted and implemented by Matti Hiljanen.
Matti Hiljanen discovered that the OpenDBX backend did not fill out the SOA ttl value properly. Matti also improved the SQL statements for better compatability. Implemented in commit 1181.
Documentation for 'supermaster' mode was improved due to popular demand.
PowerDNS Authoritative caches were completely redone, and are now based on the same cache that is in the resolver. This work has been sponsored by Directi. In large benchmarks, PowerDNS performance has improved by an order of magnitude or more. This new version allows for near-instantaneous cache purging, plus very rapid purging based on suffix. Purge commands can also be batched. This work is partially based on an innovative reverse-string comparison function authored by Aki Tuomi.
Implemented EDNS NSID option for retrieving the nameserver ID out of band. Defaults to hostname, can be specified using the server-id setting. Code in commit 1232.
Implemented experimental EDNS PING for enhanced forgery resilience. Code in commit 1232.
Shawn Starr migrated all his domains to PowerDNS in one evening, from an installation that had been used since BIND4. In doing so, he found 3 bugs in as many hours. An IN statement in the BIND named.conf with a zone with a trailing dot was misparsed, fixed in commit 1233. Secondly, the zonefile parser tripped over a line consisting of nothing but comments in the wrong place. Finally '$ORIGIN .' was misparsed. Last two issues fixed in commit 1234.
The zoneparser error messages were vastly improved, partially inspired by Shawn's cowboy migration. Code in commit 1235.
Tyler Hall discovered the PowerDNS configuration file parser had problems with trailing tabs. This turned out to be a wider problem in PowerDNS. Buggy code replaced by a library call in commit 1237 and commit 1240.
PowerDNS used to ignore certain queries it could not answer. These queries are no longer ignored, but get a SERVFAIL response. Implemented in commit 1239.
Connection reset by peer events in the TCP nameserver no longer lead to the cycling of database connections. Code in commit 1241.
1.3.2. Authoritative Server version 2.9.21.1
Released on the 6th of August 2008.
This release consists of a single patch to PowerDNS Authoritative Server version 2.9.21. Brian J. Dowling of Simplicity Communications has discovered a security implication of the previous PowerDNS behaviour to drop queries it considers malformed. We are grateful that Brian notified us quickly about this problem.
This issue has been assigned CVE-2008-3337. The single patch is in commit 1239. More detail can be found in Section 1.8.
The implication is that while the PowerDNS Authoritative server itself does not face a security risk because of dropping these malformed queries, other resolving nameservers run a higher risk of accepting spoofed answers for domains being hosted by PowerDNS Authoritative Servers before 2.9.21.1.
While the dropping of queries does not aid sophisticated spoofing attempts, it does facilitate simpler attacks.
It may be good to know that several large sites already run with this patch applied, as it has been in the public codebase for some weeks already.
1.3.3. Recursor version 3.1.7
Released the 25th of June 2008.
This version contains powerful scripting abilities, allowing operators to modify DNS responses in many interesting ways. Among other things, these abilities can be used to filter out malware domains, to perform load balancing, to comply with legal and other requirements and finally, to implement 'NXDOMAIN' redirection.
It is hoped that the addition of Lua scripting will enable responsible DNS modification for those that need it.
For more details about the Lua scripting, which can be modified, loaded and unloaded at runtime, see Section 12.6. Many thanks are due to the #lua irc channel, for excellent near-realtime Lua support. In addition, a number of PowerDNS users have been enthousiastically testing prereleases of the scripting support, and have found and solved many issues.
In addition, 3.1.7 fixes a number of bugs:
In 3.1.5 and 3.1.6, an authoritative server could continue to renew its authority, even though a domain had been delegated to other servers in the meantime.
In the rare cases where this happened, and the old servers were not shut down, the observed effect is that users were fed outdated data.
Bug spotted and analysed by Darren Gamble, fix in commit 1182 and commit 1183.
Thanks to long time PowerDNS contributor Stefan Arentz, for the first time, Mac OS X 10.5 users can compile and run the PowerDNS Recursor! Patch in commit 1185.
Sten Spans spotted that for outgoing TCP/IP queries, the query-local-address setting was not honored. Fixed in commit 1190.
rec_control wipe-cache now also wipes domains from the negative cache, hurrying up the expiry of negatively cached records. Suggested by Simon Kirby, implemented in commit 1204.
When a forwarder server is configured for a domain, using the forward-zones setting, this server IP address was filtered using the dont-query setting, which is generally not what is desired: the server to which queries are forwarded will often live in private IP space, and the operator should be trusted to know what he is doing. Reported and argued by Simon Kirby, fix in commit 1211.
Marcus Rueckert of OpenSUSE reported that very recent gcc versions emitted a (correct) warning on an overly complicated line in syncres.cc, fixed in commit 1189.
Stefan Schmidt discovered that the netmask matching code, used by the new Lua scripts, but also by all other parts of PowerDNS, had problems with explicit '/32' matches. Fixed in commit 1205.
1.3.4. Recursor version 3.1.6
Released on the 1st of May 2008.
This version fixes two important problems, each on its own important enough to justify a quick upgrade.
Version 3.1.5 had problems resolving several slightly misconfigured domains, including for a time 'juniper.net'. Nameserver timeouts were not being processed correctly, leading PowerDNS to not update the internal clock, which in turn meant that any queries immediately following an error would time out as well. Because of retries, this would usually not be a problem except on very busy servers, for domains with different nameservers at different levels of the DNS-hierarchy, like 'juniper.net'.
This issue was fixed rapidly because of the help of XS4ALL (Eric Veldhuyzen, Kai Storbeck), Brad Dameron and Kees Monshouwer. Fix in commit 1178.
The new high-quality random generator was not used for all random numbers, especially in source port selection. This means that 3.1.5 is still a lot more secure than 3.1.4 was, and its algorithms more secure than most other nameservers, but it also means 3.1.5 is not as secure as it could be. A quick upgrade is recommended. Discovered by Thomas Biege of Novell (SUSE), fixed in commit 1179.
1.3.5. Recursor version 3.1.5
Released on the 31st of March 2008.
Much like 3.1.4, this release does not add a lot of major features. Instead, performance has been improved significantly (estimated at around 20%), and many rare and not so rare issues were addressed. Multi-part TXT records now work as expected - the only significant functional bug found in 15 months. One of the oldest feature requests was fulfilled: version 3.1.5 can finally forward queries for designated domains to multiple servers, on differing port numbers if needed. Previously only one forwarder address was supported. This lack held back a number of migrations to PowerDNS.
We would like to thank Amit Klein of Trusteer for bringing a serious vulnerability to our attention which would enable a smart attacker to 'spoof' previous versions of the PowerDNS Recursor into accepting possibly mallicious data.
Details can be found on this Trusteer page.
It is recommended that all users of the PowerDNS Recursor upgrade to 3.1.5 as soon as practicable, while we simultaneously note that busy servers are less susceptible to the attack, but not immune.
The PowerDNS Security Advisory can be found in Section 1.7.
This version can properly benefit from all IPv4 and IPv6 addresses in use at the root-servers as of early February 2008. In order to implement this, changes were made to how the Recursor deals internally with A and AAAA queries for nameservers, see below for more details.
Additionally, newer releases of the G++ compiler required some fixes (see ticket 173).
This release was made possible by the help of Wichert Akkerman, Winfried Angele, Arnoud Bakker (Fox-IT), Niels Bakker (no relation!), Leo Baltus (Nederlandse Publieke Omroep), Marco Davids (SIDN), David Gavarret (Neuf Cegetel), Peter Gervai, Marcus Goller (UPC), Matti Hiljanen (Saunalahti/Elisa), Ruben Kerkhof, Alex Kiernan, Amit Klein (Trusteer), Kenneth Marshall (Rice University), Thomas Rietz, Marcus Rueckert (OpenSUSE), Augie Schwer (Sonix), Sten Spans (Bit), Stefan Schmidt (Freenet), Kai Storbeck (xs4all), Alex Trull, Andrew Turnbull (No Wires) and Aaron Thompson, and many more who filed bugs anonymously, or who we forgot to mention.
Security related issues:
Amit Klein has informed us that System random generator output can be predicted based on its past behaviour, allowing a smart attacker to 'spoof' our nameserver. Full details in Section 1.7.
The Recursor will by default no longer query private-space nameservers. This closes a slight security risk and simultaneously improves performance and stability. For more information, see dont-query in Section 12.1. Implemented in commit 923.
Applied fix for ticket 110 ('PowerDNS should change directory to '/' in chroot), implemented in commit 944.
Performance:
The DNS packet writing and parsing infrastructure performance was improved in several ways, see commits 925, 926, 928, 931, 1021, 1050.
Remove multithreading overhead from the Recursor (commit 999).
Bug fixes:
Built-in authoritative server now properly derives the TTL from the SOA record if not specified. Implemented in commit 1165. Additionally, even when TTL was specified for the built-in authoritative server, it was ignored. Reported by Stefan Schmidt, closing ticket 147.
Empty TXT record components can now be served. Implemented in commit 1166, closing ticket 178. Spotted by Matti Hiljanen.
The Recursor would not properly override old data with new, sometimes serving old and new data concurrently. Fixed in commit 1137.
SOA records with embedded carriage-return characters are now parsed correctly. Implemented in commit 1167, closing ticket 162.
Some routing conditions could cause UDP connected sockets to generate an error which PowerDNS did not deal with properly, leading to a leaked file descriptor. As these run out over time, the recursor could crash. This would also happen for IPv6 queries on a host with no IPv6 connectivity. Thanks to Kai of xs4all and Wichert Akkerman for reporting this issue. Fix in commit 1133.
Empty unknown record types can now be stored without generating a scary error (commit 1129)
Applied fix for ticket 111, ticket 112 and ticket 153 - large (multipart) TXT records are now retrieved and served properly. Fix in commit 996.
Solaris compilation instructions in Recursor documentation were wrong, leading to an instant crash on startup. Luckily nobody reads the documentation, except for Marcus Goller who found the error. Fixed in commit 1124.
On Solaris, finally fix the issue where queries get distributed strangely over CPUs, or not get distributed at all. Much debugging and analysing performed by Alex Kiernan, who also supplied fixes. Implemented in commit 1091, commit 1093.
Various fixes for modern G++ versions, most spotted by Marcus Rueckert (commits 964, 965, 1028, 1052), and Ruben Kerkhof (commit 1136, closing ticket 175).
Recursor would not properly clean up pidfile and control socket, closing ticket 120, code in commit 988, commit 1098 (part of fix by Matti Hiljanen, spotted by Leo Baltus)
Recursor can now serve multi-line records from its limited authoritative server (commit 1014).
When parsing zones, the 'm' time specification stands for minutes, not months! Closing Debian bug 406462 (commit 1026)
Authoritative zone parser did not support '@' in the content of records. Spotted by Marco Davids, fixed in commit 1030.
Authoritative zone parser could be confused by trailing TABs on record lines (commit 1062).
EINTR error code could block entire server if received at the wrong time. Spotted by Arnoud Bakker, fix in commit 1059.
Fix crash on NetBSD on Alpha CPUs, might improve startup behaviour on empty caches on other architectures as well (commit 1061).
Outbound TCP queries were being performed sub-optimally because of an interaction with the 'Mplexer'. Fixes in commit 1115, commit 1116.
New features:
Implemented rec_control command get uptime, as suggested by Niels Bakker (commit 935). Added to default rrdtool scripts in commit 940.
The Recursor Authorative component, meant for having the Recursor serve some zones authoritatively, now supports $INCLUDE and $GENERATE. Implemented in commit 951 and commit 952, commit 967 (discovered by Thomas Rietz),
Implemented forward-zones-file option in order to support larger amounts of zones which should be forwarded to another nameserver (commit 963).
Both forward-zones and forward-zones-file can now specify multiple forwarders per domain, implemented in commit 1168, closing ticket 81. Additionally, both these settings can also specify non-standard port numbers, as suggested in ticket ticket 122. Patch authored by Aaron Thompson, with additional work by Augie Schwer.
Sten Spans contributed allow-from-file, implemented in commit 1150. This feature allows the Recursor to read access rules from a (large) file.
General improvements:
Ruben Kerkhof fixed up weird permission bits as well as our SGML documentation code in commit 936 and commit 937.
Full IPv6 parity. If configured to use IPv6 for outgoing queries (using query-local-address6=::0 for example), IPv6 and IPv4 addresses are finally treated 100% identically, instead of 'mostly'. This feature is implemented using 'ANY' queries to find A and AAAA addresses in one query, which is a new approach. Treat with caution.
Now perform EDNS0 root refreshing queries, so as to benefit from all returned addresses. Relevant since early February 2008 when the root-servers started to respond with IPv6 addresses, which made the default non-EDNS0 maximum packet length reply no longer contain all records. Implemented in commit 1130. Thanks to dns-operations AT mail.oarc.isc.org for quick suggestions on how to deal with this change.
rec_control now has a timeout in case the Recursor does not respond. Implemented in commit 945.
(Error) messages are now logged with saner priorities (commit 955).
Outbound query IP interface stemmed from 1997 (!) and was in dire need of a cleanup (commit 1117).
L.ROOT-SERVERS.NET moved (commit 1118).
1.3.6. PowerDNS Authoritative Server version 2.9.21
Released the 21st of April 2007.
This is the first release the PowerDNS Authoritative Server since the Recursor was split off to a separate product, and also marks the transfer of the new technology developed specifically for the recursor, back to the authoritative server.
This move has reduced the amount of code of the Authoritative server by over 2000 lines, while improving the quality of the program enormously.
However, since so much has been changed, care should be taken when deploying 2.9.21.
To signify the magnitude of the underlying improvements, the next release of the PowerDNS Authoritative Server will be called 3.0.
This release would not have been possible without large amounts of help and support from the PowerDNS Community. We specifically want to thank Massimo Bandinelli of Italy's Register.it, Dave Aaldering of Aaldering ICT, True BV, XS4ALL, Daniel Bilik of Neosystem, EasyDNS, Heinrich Ruthensteiner of Siemens, Augie Schwer, Mark Bergsma, Marco Davids, Marcus Rueckert of OpenSUSE, Andre Muraro of Locaweb, Antony Lesuisse, Norbert Sendetzky, Marco Chiavacci, Christoph Haas, Ralf van der Enden and Ruben Kerkhof.
Security issues:
The previous packet parsing and generating code contained no known bugs, but was however very lengthy and overly complex, and might have had security problems. The new code is 'inherently safe' because it relies on bounds-checking C++ constructs. Therefore, a move to 2.9.21 is highly recommended.
Pre-2.9.21, communication between master and server nameservers was not checked as rigidly as possible, possibly allowing third parties to disrupt but not modify such communications.
| The 'bind1' legacy version of our BIND backend has been dropped! There should be no need to rely on this old version anymore, as the main BIND backend has been very well tested recently. |
Bugs:
Multi-part TXT records weren't supported. This has been fixed, and regression tests have been added. Code in commits 1016, 996, 994.
Email addresses with embedded dots in SOA records were not parsed correctly, nor were other embedded dots. Noted by 'Bastiaan', fixed in commit 1026.
BIND backend treated the 'm' TTL modifier as 'months' and not 'minutes'. Closes Debian bug 406462. Addressed in commit 1026.
Our snapshots were built against a static version of PosgreSQL that was incompatible with many Linux distributions, leading to instant crashes on startup. Fixed in 1022 and 1023.
CNAME referrals to child zones gave improper responses. Noted by Augie Schwer in ticket 123, fixed in commit 992.
When passing a port number with the recursor setting, this would sometimes generate errors during additional processing. Switched off overly helpful additional processing for recursive queries to remove this problem. Implemented in commit 1031, spotted by Ralf van der Enden.
NS to a nameserver with the name of the zone itself generated problems. Spotted by Augie Schwer, fixed in commit 947.
Multi-line records in the BIND backend were not always parsed correctly. Fixed in commit 1014.
The LOC-record had problems operating outside of the eastern hemisphere of the northern part of the world! Fixed in commit 1011.
Backends were compiled without multithreading preprocessor flags. As far as we can determine, this would only cause problems for the BIND backend, but we cannot rule out this caused instability in other backends. Fixed in commit 1001.
The BIND backend was highly unstable under reloads, and leaked memory and file descriptors. Thanks to Mark Bergsma and Massimo Bandinelli for respectively pointing this out to us and testing large amounts of patches to fix the problem. The fixes have resulted in better performance, less code, and a remarkable simplification of this backend. Commits 1039, 1034, 1035, 1006, 999, 905 and previous.
BIND backend gave convincing NXDOMAINS on unloaded zones in some cases. Spotted and fixed by Daniel Bilik in commit 984.
SOA records in zone transfers sometimes contained the wrong SOA TTL. Spotted by Christian Kuehn, fixed in commit 902.
PowerDNS could get confused by very high SOA serial numbers. Spotted and fixed by Dan Billik, fixed in commit 626.
Some versions of FreeBSD perform very strict checks on socket address sizes passed to 'connect', which could lead to problems retrieving zones over AXFR. Fixed in commit 891.
Some versions of FreeBSD perform very strict checks on IPv6 socket addresses, leading to problems. Discovered by Sten Spans, fixed in commit 885 and commit 886.
IXFR requests were not logged properly. Noted by Ralf van der Enden, fixed in commit 990.
Some NAPTR records needed an additional space character to encode correctly. Spotted by Heinrich Ruthensteiner, fixed in commit 1029.
Many bugs in the TCP nameserver, leading to a PowerDNS process that did not respond to TCP queries over time. Many fixes provided by Dan Bilik, other problems were fixed by rewriting our TCP handling code. Commits 982 and 980, 950, 924, 889, 874, 869, 685, 684.
Fix crashes on the ARM processor due to alignment errors. Thanks to Sjoerd Simons. Closes Debian bug 397031.
Missing data in generic SQL backends would sometimes lead to faked SOA serial data. Spotted by Leander Lakkas from True. Fix in commit 866.
When receiving two quick notifications in succession, the packet cache would sometimes "process" the second one, leading PowerDNS to ignore it. Spotted by Dan Bilik, fixed in commit 686.
Geobackend (by Mark Bergsma) did not properly override the getSOA method, breaking non-overlay operation of this fine backend. The geobackend now also skips '.hidden' configuration files, and now properly disregards empty configuration files. Additionally, the overlapping abilities were improved. Details available in commit 876, by Mark.
Features:
Thanks to EasyDNS, PowerDNS now supports multiple masters per domain. For configuration details, see Section 13.2. Implemented in commit 1018, commit 1017.
Thanks to EasyDNS, PowerDNS now supports the KEY record type, as well the SPF record. In commit 976.
Added support for CERT, SSHFP, DNSKEY, DS, NSEC, RRSIG record types, as part of the move to the new DNS parsing/generating code.
Support for the AFSDB record type, as requested by 'Bastian'. Implemented in commit 978, closing ticket 129.
Support for the MR record type. Implemented in commit 941 and commit 1019.
Gsqlite3 backend was added by Antony Lesuisse in commit 942;
Added the ability to send out light-weight root-referrals that save bandwidth yet still placate mediocre resolver implementations. Implemented in commit 912, enable with 'root-referral=lean'.
Improvements:
Miscellaneous OpenDBX and LDAP backend improvements by Norbert Sendetzky. Applied in commit 977 and commit 1040.
SGML source of the documentation was cleaned up by Ruben Kerkhof in commit 936.
Speedups in core DNS label processing code. Implemented in commit 928, commit 654, commit 1020.
When communicating with master servers and encountering errors, more useful details are logged. Reported by Stefan Arentz in ticket 137, closed by commit 1015.
Database errors are now logged with more details. Addressed in commit 1004.
pdns_control problems are now logged more verbosely. Change in commit 910.
Erroneous address configuration was logged unclearly. Spotted by River Tarnell, fixed in commit 888.
Example configuration shipped with PowerDNS was very old. Noted by Leen Besselink, fixed in commit 946.
PowerDNS neglected to chdir to the root when chrooted. This closes ticket 110, fixed in commit 944.
Microsoft resolver had problems with responses we generated for CNAMEs pointing out of our bailiwick. Fixed in commit 983 and expedited by Locaweb.com.br.
Built-in webserver logs errors more verbosely. Closes ticket 82, gixed in commit 991.
Queries containing '@' no longer flood the logs. Addressed in commit 1014.
The build process now looks for PostgreSQL in more places. Implemented in commit 998, closes ticket 90.
Speedups in the BIND backend now mean large installations enjoy startup times up to 30 times faster than with the original BIND nameserver. Many thanks to Massimo Bandinelli.
BIND backend now offers full support for query logging, implemented in commit 1026, commit 1029.
BIND backend named.conf parsing is now fully case-insensitive for domain names. This closes Debian bug 406461, fixed in commit 1027.
IPv6 and IPv4 address parsing routines have been replaced, which should result in prettier output in some cases. commit 962, commit 1012 and others.
5 new regression tests have been added to insure old bugs do not return.
Fix small issues with very modern compilers and BOOST snapshots. Noted by Marcus Rueckert, addressed in commit 954, commit 964 commit 965, commit 1003.
1.3.7. Recursor version 3.1.4
Released the 13th of November 2006.
This release contains almost no new features, but consists mostly of minor and major bug fixes. It also addresses two major security issues, which makes this release a highly recommended upgrade.
Security issues:
Large TCP questions followed by garbage could cause the recursor to crash. This critical security issue has been assigned CVE-2006-4251, and is fixed in commit 915. More information can be found in Section 1.5.
CNAME loops with zero second TTLs could cause crashes in some conditions. These loops could be constructed by malicious parties, making this issue a potential denial of service attack. This security issue has been assigned CVE-2006-4252 and is fixed by commit 919. More information can be found in Section 1.6. Many thanks to David Gavarret for helping pin down this problem.
Bugs:
On certain error conditions, PowerDNS would neglect to close a socket, which might therefore eventually run out. Spotted by Stefan Schmidt, fixed in commits 892, 897, 899.
Some nameservers (including PowerDNS in rare circumstances) emit a SOA record in the authority section. The recursor mistakenly interpreted this as an authoritative "NXRRSET". Spotted by Bryan Seitz, fixed in commit 893.
In some circumstances, PowerDNS could end up with a useless (not working, or no longer working) set of nameserver records for a domain. This release contains logic to invalidate such broken NSSETs, without overloading authoritative servers. This problem had previously been spotted by Bryan Seitz, 'Cerb' and Darren Gamble. Invalidations of NSSETs can be plotted using the "nsset-invalidations" metric, available through rec_control get. Implemented in commit 896 and commit 901.
PowerDNS could crash while dumping the cache using rec_control dump-cache. Reported by Wouter of WideXS and Stefan Schmidt and many others, fixed in commit 900.
Under rare circumstances (depleted TCP buffers), PowerDNS might send out incomplete questions to remote servers. Additionally, on big-endian systems (non-Intel and non-AMD generally), sending out large TCP answers questions would not work at all, and possibly crash. Brought to our attention by David Gavarret, fixed in commit 903.
The recursor contained the potential for a dead-lock processing an invalid domain name. It is not known how this might be triggered, but it has been observed by 'Cerb' on #powerdns. Several dead-locks where PowerDNS consumed all CPU, but did not answer questions, have been reported in the past few months. These might be fixed by commit 904.
IPv6 'allow-from' matching had problems with the least significant bits, sometimes allowing disallowed addresses, but mostly disallowing allowed addresses. Spotted by Wouter from WideXS, fixed in commit 916.
PowerDNS has support to drop answers from so called 'delegation only' zones. A statistic ("dlg-only-drops") is now available to plot how often this happens. Implemented in commit 890.
Hint-file parameter was mistakenly named "hints-file" in the documentation. Spotted by my Marco Davids, fixed in commit 898.
rec_control quit should be near instantaneous now, as it no longer meticulously cleans up memory before exiting. Problem spotted by Darren Gamble, fixed in commit 914, closing ticket 84.
init.d script no longer refers to the Recursor as the Authoritative Server. Spotted by Wouter of WideXS, fixed in commit 913.
A potentially serious warning for users of the GNU C Library version 2.5 was fixed. Spotted by Marcus Rueckert, fixed in commit 920.
1.3.8. Recursor version 3.1.3
Released the 12th of September 2006.
Compared to 3.1.2, this release again consists of a number of mostly minor bug fixes, and some slight improvements.
Many thanks are again due to Darren Gamble who together with his team has discovered many misconfigured domains that do work with some other name servers. DNS has long been tolerant of misconfigurations, PowerDNS intends to uphold that tradition. Almost all of the domains found by Darren now work as well in PowerDNS as in other name server implementations.
Thanks to some recent migrations, this release, or something very close to it, is powering over 40 million internet connections that we know of. We appreciate hearing about succesful as well as unsuccesful migrations, please feel free to notify pdns.bd@powerdns.com of your experiences, good or bad.
Bug-fixes:
The MThread default stack size was too small, which led to problems, mostly on 64-bit platforms. This stack size is now configurable using the stack-size setting should our estimate be off. Discovered by Darren Gamble, Sten Spans and a number of others. Fixed in commit 868.
Plug a small memory leak discovered by Kai and Darren Gamble, fixed in commit 870.
Switch from the excellent nedmalloc to dlmalloc, based on advice by the nedmalloc author. Nedmalloc is optimised for multithreaded operation, whereas the PowerDNS recursor is single threaded. The version of nedmalloc shipped contained a number of possible bugs, which are probably resolved by moving to dlmalloc. Some reported crashes on hitting 2G of allocated memory on 64 bit systems might be solved by this switch, which should also increase performance. See commit 873 for details.
Improvements:
The cache is now explicitly aware of the difference between authoritative and unauthoritative data, allowing it to deal with some domains that have different data in the parent zone than in the authoritative zone. Patch in commit 867.
No longer try to parse DNS updates as if they were queries. Discovered and fixed by Jan Gyselinck, fix in commit 871.
Rebalance logging priorities for less log cluttering and add IP address to a remote server error message. Noticed and fixed by Jan Gyselinck (commit 877).
Add logging-facility setting, allowing syslog to send PowerDNS logging to a separate file. Added in commit 871.
1.3.9. Recursor version 3.1.2
Released Monday 26th of June 2006.
Compared to 3.1.1, this release consists almost exclusively of bug-fixes and speedups. A quick update is recommended, as some of the bugs impact operators of authoritative zones on the internet. This version has been tested by some of the largest internet providers on the planet, and is expected to perform well for everybody.
Many thanks are due to Darren Gamble, Stefan Schmidt and Bryan Seitz who all provided excellent feedback based on their large-scale tests of the recursor.
Bug-fixes:
Internal authoritative server did not differentiate between 'NXDOMAIN' and 'NXRRSET', in other words, it would answer 'no such host' when an AAAA query came in for a domain that did exist, but did not have an AAAA record. This only affects users with auth-zones configured. Discovered by Bryan Seitz, fixed in commit 848.
ANY queries for hosts where nothing was present in the cache would not work. This did not cause real problems as ANY queries are not reliable (by design) for anything other than debugging, but did slow down the nameserver and cause unnecessary load on remote nameservers. Fixed in commit 854.
When exceeding the configured maximum amount of TCP sessions, TCP support would break and the nameserver would waste CPU trying to accept TCP connections on UDP ports. Noted by Bryan Seitz, fixed in commit 849.
DNS queries come in two flavours: recursion desired and non-recursion desired. The latter is not very useful for a recursor, but is sometimes (erroneously) used by monitoring software or loadbalancers to detect nameserver availability. A non-rd query would not only not recurse, but also not query authoritative zones, which is confusing. Fixed in commit 847.
Non-standard DNS TCP queries, that did occur however, could drive the recursor to 100% CPU usage for extended periods of time. This did not disrupt service immediately, but does waste a lot of CPU, possibly exhausting resources. Discovered by Bryan Seitz, fixed in commit 858, which is post-3.1.2-rc1.
The PowerDNS recursor did not honour the rare but standardised 'ANY' query class (normally 'ANY' refers to the query type, not class), upsetting the Wildfire Jabber server. Discovered and debugged by Daniel Nauck, fixed in commit 859, which is post-3.1.2-rc1.
Everybody's favorite, when starting up under high load, a bogus line of statistics was sometimes logged. Fixed in commit 851.
Remove some spurious debugging output on dropping a packet by an unauthorized host. Discovered by Kai. Fixed in commit 854.
Improvements:
Misconfigured domains, with a broken nameserver in the parent zone, should now work better. Changes motivated and suggested by Darren Gamble. This makes PowerDNS more compliant with RFC 2181 by making it prefer authoritative data over non-authoritative data. Implemented in commit 856.
PowerDNS can now listen on multiple ports, using the local-address setting. Added in commit 845.
A number of speedups which should have a noticeable impact, implemented in commits 850, 852, 853, 855
The recursor now works around an issue with the Linux kernel 2.6.8, as shipped by Debian. Fixed by Christof Meerwald in commit 860, which is post 3.1.2-rc1.
1.3.10. Recursor version 3.1.1
| 3.1.1 is identical to 3.1 except for a bug in the packet chaining code which would mainly manifest itself for IPv6 enabled Konqueror users with very fast connections to their PowerDNS installation. However, all 3.1 users are urged to upgrade to 3.1.1. Many thanks to Alessandro Bono for his quick aid in solving this problem. |
Released on the 23rd of May 2006. Many thanks are due to the operators of some of the largest internet access providers in the world, each having many millions of customers, who have tested the various 3.1 pre-releases for suitability. They have uncovered and helped fix bugs that could impact us all, but are only (quickly) noticeable with such vast amounts of DNS traffic.
After version 3.0.1 has proved to hold up very well under tremendous loads, 3.1 adds important new features:
Ability to serve authoritative data from 'BIND' style zone files (using auth-zones statement).
Ability to forward domains so configured to external servers (using forward-zones).
Possibility of 'serving' the contents of /etc/hosts over DNS, which is very well suited to simple domestic router/DNS setups. Enabled using export-etc-hosts.
As recommended by recent standards documents, the PowerDNS recursor is now authoritative for RFC-1918 private IP space zones by default (suggested by Paul Vixie).
Full outgoing IPv6 support (off by default) with IPv6 servers getting equal treatment with IPv4, nameserver addresses are chosen based on average response speed, irrespective of protocol.
Initial Windows support, including running as a service ('NET START "POWERDNS RECURSOR"'). rec_channel is still missing, the rest should work. Performance appears to be below that of the UNIX versions, this situation is expected to improve.
Bug fixes:
No longer send out SRV and MX record priorities as zero on big-endian platforms (UltraSPARC). Discovered by Eric Sproul, fixed in commit 773.
SRV records need additional processing, especially in an Active Directory setting. Reported by Kenneth Marshall, fixed in commit 774.
The root-records were not being refreshed, which could lead to problems under inconceivable conditions. Fixed in commit 780.
Fix resolving domain names for nameservers with multiple IP addresses, with one of these addresses being lame. Other nameserver implementations were also unable to resolve these domains, so not a big bug. Fixed in commit 780.
For a period of 5 minutes after expiring a negative cache entry, the domain would not be re-cached negatively, leading to a lot of duplicate outgoing queries for this short period. This fix has raised the average cache hit rate of the recursor by a few percent. Fixed in commit 783.
Query throttling was not aggressive enough and not all sorts of queries were throttled. Implemented in commit 786.
Fix possible crash during startup when parsing empty configuration lines (commit 807).
Fix possible crash when the first query after wiping a cache entry was for the just deleted entry. Rare in production servers. Fixed in commit 820.
Recursor would send out differing TTLs when receiving a misconfigured, standards violating, RRSET with different TTLs. Implement fix as mandated by RFC 2181, paragraph 5.2. Reported by Stephen Harker (commit 819).
The top-remotes would list remotes duplicately, once per source port. Discovered by Jorn Ekkelenkamp, fixed in commit 827, which is post 3.1-pre1.
Default allow-from allowed queries from fe80::/16, corrected to fe80::/10. Spotted by Niels Bakker, fixed in commit 829, which is post 3.1-pre1.
While PowerDNS blocks failing queries quickly, multiple packets could briefly be in flight for the same domain and nameserver. This situation is now explicitly detected and queries are chained to identical queries already in flight. Fixed in commit 833 and commit 834, post 3.1-pre1.
Improvements:
ANY queries are now implemented as in other nameserver implementations, leading to a decrease in outgoing queries. The RFCs are not very clear on desired behaviour, what is implemented now saves bandwidth and CPU and brings us in line with existing practice. Previously ANY queries were not cached by the PowerDNS recursor. Implemented in commit 784.
rec_control was very sparse in its error reporting, and user unfriendly as well. Reported by Erik Bos, fixed in commit 818 and commit 820.
IPv6 addresses were printed in a non-standard way, fixed in commit 788.
TTLs of records are now capped at two weeks, commit 820.
allow-from IPv4 netmasks now automatically work for IP4-to-IPv6 mapper IPv4 addresses, which appear when running on the wildcard :: IPv6 address. Lack of feature noted by Marcus 'darix' Rueckert. Fixed in commit 826, which is post 3.1-pre1.
Errors before daemonizing are now also sent to syslog. Suggested by Marcus 'darix' Rueckert. Fixed in commit 825, which is post 3.1-pre1.
When launching without any form of configured network connectivity, all root-servers would be cached as 'down' for some time. Detect this special case and treat it as a resource-constraint, which is not accounted against specific nameservers. Spotted by Seth Arnold, fixed in commit 835, which is post 3.1-pre1.
The recursor now does not allow authoritative servers to keep supplying its own NS records into perpetuity, which causes problems when a domain is redelegated but the old authorative servers are not updated to this effect. Noticed and explained at length by Darren Gamble of Shaw Communications, addressed by commit 837, which is post 3.1-pre2.
Some operators may want to follow RFC 2181 paragraph 5.2 and 5.4. This harms performance and does not solve any real problem, but does make PowerDNS more compliant. If you want this, enable auth-can-lower-ttl. Implemented in commit 838, which is post 3.1-pre2.
1.3.11. Recursor version 3.0.1
Released 25th of April 2006, download.
This release consists of nothing but tiny fixes to 3.0, including one with security implications. An upgrade is highly recommended.
Compilation used both cc and gcc, leading to the possibility of compiling with different compiler versions (commit 766).
rec_control would leave files named lsockXXXXXX around in the configured socket-dir. Operators may wish to remove these files from their socket-dir (often /var/run), quite a few might have accumulated already (commit 767).
Certain malformed packets could crash the recursor. As far as we can determine these packets could only lead to a crash, but as always, there are no guarantees. A quick upgrade is highly recommended (commits 760, 761). Reported by David Gavarret.
Recursor would not distinguish between NXDOMAIN and NXRRSET (commit 756). Reported and debugged by Jorn Ekkelenkamp.
Some error messages and trace logging statements were improved (commits 756, 758, 759).
stderr was closed during daemonizing, but not dupped to /dev/null, leading to slight chance of odd behaviour on reporting errors (commit 757)
The stock Debian sarge Linux kernel, 2.6.8, claims to support epoll but fails at runtime. The epoll self-testing code has been improved, and PowerDNS will fall back to a select based multiplexer if needed (commit 758) Reported by Michiel van Es.
Solaris 8 compilation and runtime issues were addressed. See the README for details (commit 765). Reported by Juergen Georgi and Kenneth Marshall.
Solaris 10 x86_64 compilation issues were addressed (commit 755). Reported and debugged by Eric Sproul.
1.3.12. Recursor version 3.0
Released 20th of April 2006, download.
This is the first separate release of the PowerDNS Recursor. There are many reasons for this, one of the most important ones is that previously we could only do a release when both the recursor and the authoritative nameserver were fully tested and in good shape. The split allows us to release new versions when each part is ready.
Now for the real news. This version of the PowerDNS recursor powers the network access of over two million internet connections. Two large access providers have been running pre-releases of 3.0 for the past few weeks and results are good. Furthermore, the various pre-releases have been tested nearly non-stop with DNS traffic replayed at 3000 queries/second.
As expected, the 2 million househoulds shook out some very rare bugs. But even a rare bug happens once in a while when there are this many users.
We consider this version of the PowerDNS recursor to be the most advanced resolver publicly available. Given current levels of spam, phishing and other forms of internet crime we think no recursor should offer less than the best in spoofing protection. We urge all operators of resolvers without proper spoofing countermeasures to consider PowerDNS, as it is a Better Internet Nameserver Daemon.
A good article on DNS spoofing can be found here. Some more information, based on a previous version of PowerDNS, can be found on the PowerDNS development blog.
| Because of recent DNS based denial of service attacks, running an open recursor has become a security risk. Therefore, unless configured otherwise this version of PowerDNS will only listen on localhost, which means it does not resolve for hosts on your network. To fix, configure the local-address setting with all addresses you want to listen on. Additionally, by default service is restricted to RFC 1918 private IP addresses. Use allow-from to selectively open up the recursor for your own network. See Section 12.1 for details. |
Important new features of the PowerDNS recursor 3.0:
Best spoofing protection and detection we know of. Not only is spoofing made harder by using a new network address for each query, PowerDNS detects when an attempt is made to spoof it, and temporarily ignores the data. For details, see Section 12.4.1.
First nameserver to benefit from epoll/kqueue/Solaris completion ports event reporting framework, for stellar performance.
Best statistics of any recursing nameserver we know of, see Section 12.5.
Last-recently-used based cache cleanup algorithm, keeping the 'best' records in memory
First class Solaris support, built on a 'try and buy' Sun CoolThreads T 2000.
Full IPv6 support, implemented natively.
Access filtering, both for IPv4 and IPv6.
Experimental SMP support for nearly double performance. See Section 12.3.
Many people helped package and test this release. Jorn Ekkelenkamp of ISP-Services helped find the '8000 SOAs' bug and spotted many other oddities and XS4ALL internet funded a lot of the recent development. Joaquín M López Muñoz of the boost::multi_index_container was again of great help.
1.3.13. Version 2.9.20
Released the 15th of March 2006
Besides adding OpenDBX, this release is mostly about fixing problems and speeding up the recursor. This release has been made possible by XS4ALL and True. Thanks!
Furthermore, we are very grateful for the help of Andrew Pinski, who hacks on gcc, and of Joaquín M López Muñoz, the author of boost::multi_index_container. Without their near-realtime help this release would've been delayed a lot. Thanks!
Bugs fixed in the recursor:
Possible stability issues in the recursor on encountering errors (commit 532, commit 533)
Memory leaks in recursor fixed (commit 534, commit 572). In a test 800 million real life DNS packets have been sent to the recursor, representing several days of traffic from a major ISP, memory use was high (500MB), but stable.
Prune all data in PowerDNS - previously per-nameserver and per-query performance statistics were kept around forever (commit 535)
IPv6 additional processing was broken. Reported by Lionel Elie Mamane, who also provided a fix. The problem was fixed differently in the end. commit 562.
pdns_recursor did not shuffle answers since 2.9.19, leading to problems sending mail to the Hotmail servers. Reported in ticket 54, fixed in commit 567.
If a single nameserver had multiple IP addresses listed, PowerDNS would only use one of them. Noted by Mark Martin, fixed in commit 570, who depends on a domain with 4 nameserver IP addresses of which 2 are broken.
Commits 535, 540, 541, 542, 543, 544, 545, 547 and 548, 574 all speed up the recursor by a large factor, without altering the DNS algorithm.
Move recursor to the incredible boost::multi_index_container (commit 580). This brings a huge improvement in cache pruning times.
commit 549 and commit 550 work around gcc bug 24704 if requested, which speeds up the recursor a lot, but involves a dirty hack. Enable with ./configure --enable-gcc-skip-locking. No guarantees!
PowerDNS would no longer allow a '/' in domain names, fixed by commit 537, reported in ticket 48.
Parameters to pdns_control notify-host were not checked, leading to possible crashes. Reported in ticket 24, fixed in commit 565.
On some compilers, processing of NAPTR records could cause the server to crash. Reported by Bernd Froemel in ticket 29, fixed in commit 538.
Backend errors could make the whole nameserver exit under some circumstances, notably using the LDAP backend. Fixed in commit 583, reported in ticket 62.
Referrals were subtly broken by recent CNAME/Wildcard improvements, fixed in commit 539. Fix and other improvements sponsored by True.
PowerDNS would try to insert records it has no knowledge about in slave zones, which did not work. Reported in ticket 60, fixed in commit 566. A superior fix would be to implement the relevant unknown record standard.
Pipebackend did not properly propagate the ABI version to its children, fixed in commit 546, reported by kickdaddy@gmail.com in ticket 45.
OpenDBX backend added (commit 559, commit 560, commit 561) by Norbert Sendetzky. From the website: " The OpenDBX backend enables it to fetch DNS information from every DBMS supported by the OpenDBX library and combines the power of one of the best DNS server implementations with the flexibility of the OpenDBX library. " OpenDBX adds some other features like database failover. Thanks Norbert!
LDAP fixes as reported in ticket 37, fixed in commit 558, which maked pdns_control notify work.
Arjo Hooimeijer added support for soa-refresh-default, soa-retry-default, soa-expire-default, which were previously hardcoded. commit 563 and fallout in commit 573 (thanks to Wolfram Schlich).
Fixes for g++ 4.1. Compiling with 4.1 realizes notable speedups. commit 568, commit 569.
PowerDNS now reports if it is running in 32 or 64 bit mode, useful for bi-arch users that need to know if they are benefitting from their great processor. commit 571.
dnsscope compiles again, commit 551, commit 564 (FreeBSD 64-bit time_t).
dnsreplay_mindex compiles again, fixed by commit 572. Its performance, and the performance of the recursor was improved by commit 559.
Build scripts were added, mostly for internal use but we know some PowerDNS users build their own packages too. commit 553, commit 554, commit 555, commit 556, commit 557.
bootstrap script was not included in release. Thanks to Stefan Arentz for noticing. Fixed in commit 574.
1.3.14. Version 2.9.19
Released 29th of October 2005.
As with other recent releases, the usage of PowerDNS appears to have skyrocketed. Informal, though strict, measurements show that PowerDNS now powers around 50% of all German domains, and somewhere in the order of 10-15% of the rest of the world. Furthermore, DNS is set to take a central role in connecting Voice over IP providers, with PowerDNS offering a very good feature set for these ENUM deployments. PowerDNS is already powering the E164.info ENUM zone and also acts as the backend for a major VoIP provisioning platform.
Included in this release is the now complete packet parsing/generating, record parsing/generating infrastructure. Furthermore, this framework is used by the recursor, hopefully making it very fast, memory efficient and robust. Many records are now processed using a single line of code. This has made the recursor a lot stricter in packet parsing, you will see some error messages which did not appear before. Rest assured however that these only happen for queries which have no valid answer in any case.
Furthermore, support for DNSSEC records is available in the new infrastructure, although is should be emphasised that there is more to DNSSEC than parsing records. There is no real support for DNSSEC (yet).
Additionally, the BIND Backend has been replaced by what was up to now known as the 'Bind2Backend'. Initial benchmarking appears to show that this backend is faster, uses less memory and has shorter startup times. The code is also shorter.
This release fixes a number of embarassing bugs and is a recommended upgrade.
Thanks are due to XS4ALL who are supporting continuing development of PowerDNS, the fruits of which can be found in this release already. Furthermore, a remarkable number of people have helped report bugs, validate solutions or have submitted entire patches. Many thanks!
Improvements:
dnsreplay now has a help message and has received further massive updates, making the code substantially faster. It turns out that dnsreplay is often 'heavier' than the PowerDNS process being benchmarked.
PowerDNS recursor no longer prints out its queries by default as most recursor deployments have too much traffic for this to be useful.
PowerDNS recursor is now able to read its root-hints from disk, which is useful to operate with alternate roots, like the Open Root Server Network. See Chapter 12.
PowerDNS can now send out old-fashioned root-referrals when queried for domains for which it is not authoritative. Wastes some bandwidth but may solve incoming query floods if domains are delegated to you for which you are not authoritative, but which are queried by broken recursors.
PowerDNS now prints out a warning when running with legacy LinuxThreads implementation instead of the high performance NPTL library, see Section 9.2. commit 455.
A lot of superfluous calls to gettimeofday() have been removed, making PowerDNS and especially the recursor faster. Suggested by Kai.
SPF records are now supported natively. commit 472, closing ticket 22.
Improved IPv6 'bound to' messages. Thanks to Niels Bakker, Wichert Akkerman and Gerty de Wolf for suggestions.
Separate graphs can now be made of IPv6 queries and answers. commit 485.
Out of zone additional processing is now on by default to better comply with standards. commit 487.
Regression tests have been expanded to deal with more record types (SRV, NAPTR, TXT, duplicate SRV).
Improved query-logging in Bindbackend, which can be used for debugging purposes.
Dropped libpcap dependency, making compilation easier
pdns_control now has a help message.
Add RRSIG, DNSKEY, DS and NSEC records for DNSSEC-bis to new parser infrastructure.
Recursor now honours EDNS0 allowing it to send out larger answers.
Bugs fixed:
Domain name validation has been made a lot stricter - it turns out PostgreSQL was interpreting some (corrupt) domain names as unicode. Tested and suggested by Register.com (commit 451).
LDAP backend did not compile (commits 452, 453) due to partially applied patch (Norbert Sendetzky)
Incoming zone transfers work reliably again. Fixed in commit 460 and beyond. And commit 523 - closing Debian bug 330184.
Recent g++ versions exposed a mistake in the PowerDNS recursor cache pruning code, causing random crashes. Fixed in commit 465. Reported by several Red Hat users.
PowerDNS recursor, and MTasker in general, did not work on Solaris. Patch by Juergen Ilse, commit 471. Also moved most of PowerDNS over to uint32_t style typedefs, which eases compilation problems on Solaris, commit 477.
Bindbackend2 did not properly search its include path for $INCLUDE statements. Noted by Mark Bergsma, commit 474.
Bindbackend did not notice changed zones, this problem has been fixed by the move to Bind2.
Pipebackend did not clean up, leading to an additional pipe backend per AXFR or pdns_control reload. Discovered by Marc Jauvin, fixed by commit 525.
Bindbackend (both old and current versions) did not honour 'include' statements in named.conf on pdns_control rediscover. Noted by Marc Jauvin, fixed by commit 526.
Zone transfers were sometimes shuffled, which wastes useless time, commit 478.
CNAMEs and Wildcards now work as in Bind, fixing many complaints, commit 487.
NAPTR records were compressed, which would work, but was in violation of the RFC, commit 493.
NAPTR records were not always parsed correctly from BIND zonefiles, fixed, commit 494.
Geobackend needed additional include statement to compile on more recent Linux distrbutions, commit 496.
1.3.15. Version 2.9.18
Released on the 16th of July 2005.
The '8 million domains' release, which also marks the battle readiness of the PowerDNS Recursor. The latest improvements have been made possible by financial support and contributions by Register.com and XS4ALL. Thanks!
This release brings a number of new features (vastly improved recursor, Generic Oracle Support, DNS analysis and replay tools, and more) but also has a new build dependency, the Boost library (version 1.31 or higher).
Currently several big ISPs are evaluating the PowerDNS recursor for their resolving needs, some of them have switched already. In the course of testing, over 350 million actual queries have been recorded and replayed, the answers turn out to be satisfactorily.
This testing has verified that the pdns recursor, as shipped in this release, can stand up to heavy duty ISP loads (over 20000 queries/second) and in fact does so better than major other nameservers, giving more complete answers and being faster to boot.
We invite ISPs who note recursor problems to record their problematic traffic and replay it using the tools described in Chapter 20 to discover if PowerDNS does a better job, and to let us know the results.
Additionally, the bind2backend is almost ready to replace the stock bind backend. If you run with Bind zones, you are cordially invited to substitute 'launch=bind2' for 'launch=bind'. This will happen automatically in 2.9.19!
In other news, the entire Wikipedia constellation now runs on PowerDNS using the Geo Backend! Thanks to Mark Bergsma for keeping us updated.
There are two bugs with security implications, which only apply to installations running with the LDAP backend, or installations providing recursion to a limited range of IP addresses. If any of these apply to you, an upgrade is highly advised:
The LDAP backend did not properly escape all queries, allowing it to fail and not answer questions. We have not investigated further risks involved, but we advise LDAP users to update as quickly as possible (Norbert Sendetzky, Jan de Groot)
Questions from clients denied recursion could blank out answers to clients who are allowed recursion services, temporarily. Reported by Wilco Baan. This would've made it possible for outsiders to blank out a domain temporarily to your users. Luckily PowerDNS would send out SERVFAIL or Refused, and not a denial of a domain's existence.
General bugs fixed:
TCP authoritative server would not relaunch a backend after failure (reported by Norbert Sendetzky)
Fix backend restarting logic (reported, and fix suggested by Norbert Sendetzky)
Launching identical backends multiple times, with different settings, did not work. Reported by Mario Manno.
Master/slave queries did not honour the query-local-address setting. Spotted by David Levy of Register.com. The fix also randomises the local port used, slightly improving security.
Compilation fixes:
Fix compile on Solaris, they define 'PC' for some reason. Reported by Eric Yiu.
PowerDNS recursor would not compile on FreeBSD due to Linux specific defines, as reported in cvstrac ticket 26 (Ralf van der Enden)
Several 64 bits issues have been fixed, especially in the Logging subsystem.
SSQLite would fail to compile on recent Debian systems (Matthijs Mohlmann)
Generic MySQL would not compile on 64-bit platforms.
Improvements:
PowerDNS now reports stray command line arguments, like when running '--local-port 5300' instead of '--local-port=5300'. Reported by Christian Welzel.
We now warn against erroneous logging-facility specification, ie specifying an unknown facility.
--version now outputs gcc version used, so we can tell people 2.95 is no longer supported.
Extended regression tests, moved them to the new 'sdig' tool (see below).
Bind2backend is now blazingly fast, and highly memory efficient to boot. As a special bonus it can read gzipped zones directly. The '.NET' zone is hosted using 401MB of memory, the same size as the zone on disk.
The Pipe Backend has been improved such that it can send out different answers based on the IP address the question was received ON. See Section A.1.1 for how this changed the Pipe Backend protocol. Note that you need to set pipebackend-abi-version to benefit from this change, existing clients are not affected. Change and documentation contributed by Marc Jauvin of Register4Less.
LDAP backend has been updated (Norbert Sendetzky).
Recursor improvements and fixes. See Chapter 11 for details. The changes below mean that all of the caveats listed for the recursor have now been addressed.
After half an hour of uptime, the entire cache would be pruned for each packet, which is a tad slow. It now appears the pdns recursor is among the faststest around.
Under high loads, or when unlucky, some query mthreads would get 'stuck', and show up in the statistics as eternally running queries.
Lots of redundant gettimeofday() and time() calls were removed, which has resulted in a measurable speedup.
pdns_recursor can now listen on several addresses simultaneously.
Now supports setuid and setgid operation to allow running as a less privileged user (Bram Vandoren)
Return code of pdns_recursor binary did not make sense (Matthijs Mohlmann and Thomas Hood)
Timeouts and errors are now split out in statistics.
Many people reported broken statistics, it turned out that no statistics were being reported if there had been no questions to base them on. We now log a message to that effect.
Add query-local-address support, which allows the recursor to send questions from a specific IP address. Useful for anycast setups.
Add outgoing TCP query support and proper truncated answer support. Needed for Worldnic Denial of Service protection, which sends out truncated packets to force clients to connect over TCP, which prevents spoofing.
Properly truncate our own answers.
Improve our TCP answers by using writev, which is slightly friendlier to the network.
On FreeBSD, TCP errors could cause the recursor to exit suddenly due to a SIGPIPE signal.
Maximum number of simultaneous client TCP connections can now be limited with the max-tcp-clients setting.
Add agressive timeouts for TCP clients to make sure resources are not wasted. Defaults to two seconds, can be configured with the client-tcp-timeout setting.
Backend fixes:
SQLite backend would not slave properly (Darron Broad)
Generic MySQL would not compile on 64-bit platforms.
New technology:
Added the new DNS parser logic, called MOADNSParser. Completely modular, every memory access checked.
'sdig', a simple dig workalike with 'canonical' output, which is used for the regression tests. Based on the new DNS parser logic.
dnswasher, dnsreplay and dnsscope, all DNS analysis tools. See Chapter 20 for more details.
Generic Oracle Backend, sponsored by Register.COM. See Section A.5.3.
1.3.16. Version 2.9.17
See the new timeline for progress reports.
The 'million domains' release - PowerDNS has now firmly established itself as a major player with the unofficial count (ie, guesswork) now at over two million PowerDNS domains! Also, the GeoBackend has been tested by a big website and may soon see wider deployment. Thanks to Mark Bergsma for spreading the word!
It is also a release with lots of changes and fixes. Take care when deploying!
Security issues:
PowerDNS could be temporarily DoSed using a random stream of bytes. Reported cause of this has been fixed.
Enhancements:
Reported version can be changed, or removed - see the "version-string" setting.
Duplicate MX records are now no longer considered duplicate if their priorities differ. Some people need this feature for spam filtering.
Bug fixes:
NAPTR records can now be slaved, patch by Lorens Kockum.
GMySQL now works on Solaris
PowerDNS could be confused by questions with a %-sign in them - fixing cvstrac ticket #16 (reported by dilinger at voxel.net)
An authentication bug in the webserver was possibly fixed, please report if you were suffering from this. Being unable to authenticate to the webserver was what you would've noticed.
Fix for cvstrac ticket #2, PowerDNS could lose sync when sending out a very large number of notifications. Excellent bug report by Martin Hoffman, who also improved our original bugfix.
Fix the oldest PowerDNS bug in existence - under some circumstances, PowerDNS would log to syslog one character at a time. This was cvstrac ticket #4
HINFO records can now be slaved, fixing cvstrac ticket #8.
pdns_recursor could block under some circumstances, especially in case of corrupt UDP packets. Reported by Wichert Akkerman. Fix by Christopher Meer. This was cvstrac ticket #13.
Large SOA serial numbers would sometimes be logged as a signed integer, leading to negative numbers in the log.
PowerDNS now fully supports 32 bit SOA serial numbers (thanks to Mark Bergsma), closing cvstrac ticket #5.
pdns_recursor --local-address help text was wrong.
Very devious bug - PowerDNS did not clear its cache before sending out update notifications, leading slaves to conclude there was no update to AXFR. Excellent debugging by mkuchar at wproduction.cz.
Probably fixed cvstrac ticket #26, which caused pdns_recursor to fail on recent FreeBSD 5.3 systems. Please check, I have no such system to test on.
Geobackend did not get built for Debian.
1.3.17. Version 2.9.16
The 'it must still be Friday somewhere' release. Massive number of fixes, portability improvements and the new Geobackend by Mark Bergsma & friends.
New:
The Geobackend which makes it possible to send different answers to different IP ranges. Initial documentation can be found in pdns/modules/geobackend/README.
qgen query generation tool. Nearly completely undocumented and hard to build too, it requires Boost. But very spiffy. Use cd pdns; make qgen to build it.
Bugfixes:
The most reported bug ever was fixed. Zone2sql required the inclusion of unistd.h, except on Debian unstable.
PowerDNS tried to listen on its control "pipe" which does not work. Probably harmless, but might have caused some oddities.
The Packet Cache did not always set its TTL immediately, causing some packets to be inserted, even when running with the cache disabled (Mark Bergsma).
Valgrind found some unitialized reads, causing bogus values in the priority field when it was not needed
Valgrind found a bug in MTasker where we used delete instead of delete[].
SOA serials and other parameters are unsigned. This means that very large SOA serial numbers would be messed up (Michel Stol, Stefano Straus)
PowerDNS left its controlsocket around after exit and reported confusing errors if a socket was already in use.
The recursor proxy did not work on big endian systems like SPARC and some MIPS processors (Remco Post)
We no longer dump core on processing LOC records on UltraSPARC (Andrew Mulholland supplied a testing machine)
Improvements:
MySQL can now connect to a specified port again (Chris Anderton)
When running chroot()ed and with master or slave support active, PowerDNS needs to resolve domain names to find slaves. This in turn may require access to certain libraries. Previously, these needed to be available in the chroot directory but by forcing an initial lookup, these libraries are now loaded before the chrooting.
pdns_recursor was very slow after having done a larger number of queries because of the checks to see if a query should be throttled. This is now done using a set which is a lot faster than the previous full sequential scan.
The throttling code may not have throttled as much as was configured.
Yet another big LDAP update. The LDAP backend now loadbalances connections over several hosts (Norbert Sendetzky)
Updated b.root-servers.net address in the recursor
1.3.18. Version 2.9.15
This release fixes up some of the shortcomings in 2.9.14, and adds some new features too.
Bugfixes:
allow-recursion-override was on by default, it was meant to be off.
Logging was still off in daemon mode, fixed.
debian/rules forgot to build an sqllite package
Recursor accidentally linked in MySQL - this was the result of an experiment with a persistent recursor cache.
The PowerDNS recursor had stability problems. It now sorts nameservers (roughly) by responsiveness. The 'roughly' part upset the sorting algorithm used, the speeds being sorted on changed during sorting.
The recursor now outputs the nameserver average response times in trace mode
LDAP compiles again.
Improvements:
zone2sql can now accept - as a filename which causes it to read stdin. This allows the following to work: dig axfr ds9a.nl | zone2sql --gmysql --zone=- | mysql pdns, which is a nice way to import a zone.
zone2sql now ignores duplicate SOA records which are identical - which also makes the above possible.
Remove libpqpp dependencies - since we now use the native C API for PostgreSQL
1.3.19. Version 2.9.14
Big release with the fix for the all important 2^30 seconds problem and a lot of other news.
errno problems would cause compilation problems when using LDAP (Norbert Sendetzky)
The Generic SQL backend could cause crashes on PostgreSQL when using pdns_control notify (Georg Bauer)
Debian compatible init.d script (Wichert Akkerman)
If using the master or slave features, pdns had the notion of eternity ending in 2038, except that due to a thinko, eternity ended out to be the 10th of January 2004. This caused a loop to timeout immediately. Many thanks to Jasper Spaans for spotting the bug within five minutes.
Parts of the SOA field were not cannonicalized
The loglevel could in fact cause nothing to be logged (Norbert Sendetzky)
Improvements:
The recursor now chooses the fastest nameserver, which causes a big speedup!
LDAP now has different lookup models
Cleanups, better load distribution, better exception handling, zone2ldap improvements
The recursor was somewhat chatty about TCP connections
PostgreSQL now only depends on the C API and not on the deprecated C++ one
PowerDNS can now fully overrule external zones when doing recursion. See Chapter 11.
1.3.20. Version 2.9.13
Big news! Windows is back! Our great friend Michel Stol found the time to update the PowerDNS code so it works again under windows.
Furthermore, big thanks go out to Dell who quickly repaired my trusty laptop.
His changes:
Generic SQLite support added
Removed the ODBC backend, replaced it by the Generic ODBC Backend, which has all the cool configurability of the Generic MySQL and PostgreSQL backends.
The PowerDNS Recursor now runs as a Service. It defaults to running on port 5300, PowerDNS itself is configured to expect the Recursor on port 5300 now.
The PowerDNS Service is now known as 'PowerDNS' to Windows.
The Installer was redone, this time with NSIS2.
General updates and fixes.
Other news:
 | There appears to be a problem with PowerDNS on Red Hat 7.3 with GCC 2.96 and self-compiled binaries. The symptoms are that PowerDNS works on the foreground but fails as a daemon. We're working on it. If you do note problems, let the list know, if you don't, please do so as well. Tell us if you use the RPM or compiled yourself. It is known that not compiling in MySQL support helps solve the problem, but then you don't have MySQL. |
There have been a number of reports on MySQL connections being dropped on FreeBSD 4.x, which sometimes causes PowerDNS to give up and reload itself. To combat this, MySQL error messages have been improved in some places in hopes of figuring out what is up. The initial indication is that MySQL itself sometimes terminates the connection and, amazingly, that switching to a Unix domain socket instead of TCP solves the problem.
Bug fixes:
allow-axfr-ips did not work for individual IP addresses (bug & fix by Norbert Sendetzky)
Improvements:
Opteron support! Thanks to Jeff Davey for providing a shell on an Opteron. The fixes should also help PowerDNS on other platforms with a 64 bit userspace.
Btw, the PowerDNS team has a strong desire for an Opteron :-)
pdns_recursor jumbles answers now. This means that you can do poor man's roundrobin by supplying multiple A, MX or AAAA records for a service, and get a random one on top each time. Interestingly, this feature appeared out of nowhere, this change was made to the authoritative code but due to the wonders of code-reuse had an effect on pdns_recursor too.
Big LDAP cleanup. Support for TLS was added. Zone2LDAP also gained the ability to generate ldif files containing a tree or a list of entries. (Norbert Sendetzky)
Zone2sql is now somewhat clearer when reporting malformed line errors - it did not always include the name of the file causing a problem, especially for big installations. Problem noted by Thom May.
pdns_recursor now survives the expiration of all its root records, most often caused by prolonged disconnection from the net.
1.3.21. Version 2.9.12
Release rich in features. Work on Verisign oddities, addition of SQLite backend, pdns_recursor maturity.
New features:
--version command (requested by Mike Benoit)
delegation-only, a Verisign special.
Generic SQLite support, by Michel 'Who da man?' Stol. See Section A.7.
init.d script for pdns_recursor
Recursor now actually purges its cache, saving memory.
Slave configuration now no longer falls over when presented with a NULL master
Bindbackend2 now has supermaster support (Mark Bergsma, untested)
Answers are now shuffled! It turns out a few recursors don't do shuffling (pdns_recursor, djbdns), so we do it now. Requested by Jorn Ekkelenkamp of ISP-Services. This means that if you have multiple IP addresses for one host, they will be returned in differing order every once in a while.
Bugs:
0.0.0.0/0 didn't use to work (Norbert Sendetzky)
pdns_recursor would try to resolve IP address which to bind to, potentially causing chicken/egg problem
gpgsql no longer reports as gmysql (Sherwin Daganoto)
SRV would not be parsed right from disk (Christof Meerwald)
An AXFR from a zone hosted on the LDAP backend no longer transmits all the reverse entries too (Norbert Sendetzky)
PostgreSQL backend now does error checking. It would be a bit too trusting before.
Improvements, cleanups:
PowerDNS now reports the numerical IP addresses it binds to instead of the, possibly, alphanumeric names the operator passed.
Removed only-soa hackery (noticed by Norbert Sendetzky)
Debian packaging fixes (Wichert Akkerman)
Some parameter descriptions were improved.
Cleanups by Norbert: getAuth moved to chopOff, arguments::contains massive cleanup, more. <