[packages/pdns.git] / pdns.txt

PowerDNS manual

   PowerDNS BV

             <pdns.bd@powerdns.com>

         It is a book about a Spanish guy called Manual. You shou
     ld read it.
            -- Dilbert
     __________________________________________________________

   Table of Contents
   1. The PowerDNS dynamic nameserver

        1.1. Function & design of PDNS
        1.2. About this document
        1.3. Release notes

              1.3.1. Authoritative Server version 2.9.22
              1.3.2. Authoritative Server version 2.9.21.2
              1.3.3. Authoritative Server version 2.9.21.1
              1.3.4. Recursor version 3.1.7
              1.3.5. Recursor version 3.1.6
              1.3.6. Recursor version 3.1.5
              1.3.7. PowerDNS Authoritative Server version 2.9.21
              1.3.8. Recursor version 3.1.4
              1.3.9. Recursor version 3.1.3
              1.3.10. Recursor version 3.1.2
              1.3.11. Recursor version 3.1.1
              1.3.12. Recursor version 3.0.1
              1.3.13. Recursor version 3.0
              1.3.14. Version 2.9.20
              1.3.15. Version 2.9.19
              1.3.16. Version 2.9.18
              1.3.17. Version 2.9.17
              1.3.18. Version 2.9.16
              1.3.19. Version 2.9.15
              1.3.20. Version 2.9.14
              1.3.21. Version 2.9.13
              1.3.22. Version 2.9.12
              1.3.23. Version 2.9.11
              1.3.24. Version 2.9.10
              1.3.25. Version 2.9.8
              1.3.26. Version 2.9.7
              1.3.27. Version 2.9.6
              1.3.28. Version 2.9.5
              1.3.29. Version 2.9.4
              1.3.30. Version 2.9.3a
              1.3.31. Version 2.9.2
              1.3.32. Version 2.9.1
              1.3.33. Version 2.9
              1.3.34. Version 2.8
              1.3.35. Version 2.7 and 2.7.1
              1.3.36. Version 2.6.1
              1.3.37. Version 2.6
              1.3.38. Version 2.5.1
              1.3.39. Version 2.5
              1.3.40. Version 2.4
              1.3.41. Version 2.3
              1.3.42. Version 2.2
              1.3.43. Version 2.1
              1.3.44. Version 2.0.1
              1.3.45. Version 2.0
              1.3.46. Version 2.0 Release Candidate 2
              1.3.47. Version 2.0 Release Candidate 1
              1.3.48. Version 1.99.12 Prerelease
              1.3.49. Version 1.99.11 Prerelease
              1.3.50. Version 1.99.10 Prerelease
              1.3.51. Version 1.99.9 Early Access Prerelease
              1.3.52. Version 1.99.8 Early Access Prerelease
              1.3.53. Version 1.99.7 Early Access Prerelease
              1.3.54. Version 1.99.6 Early Access Prerelease
              1.3.55. Version 1.99.5 Early Access Prerelease
              1.3.56. Version 1.99.4 Early Access Prerelease
              1.3.57. Version 1.99.3 Early Access Prerelease
              1.3.58. Version 1.99.2 Early Access Prerelease
              1.3.59. Version 1.99.1 Early Access Prerelease

        1.4. Security
        1.5. PowerDNS Security Advisory 2006-01: Malformed TCP
                queries can lead to a buffer overflow which might
                be exploitable

        1.6. PowerDNS Security Advisory 2006-02: Zero second CNAME
                TTLs can make PowerDNS exhaust allocated stack
                space, and crash

        1.7. PowerDNS Security Advisory 2008-01: System random
                generator can be predicted, leading to the
                potential to 'spoof' PowerDNS Recursor

        1.8. PowerDNS Security Advisory 2008-02: By not responding
                to certain queries, domains become easier to spoof

        1.9. PowerDNS Security Advisory 2008-02: Some PowerDNS
                Configurations can be forced to restart remotely

        1.10. Acknowledgements

   2. Installing on Unix

        2.1. Possible problems at this point
        2.2. Testing your install

              2.2.1. Typical errors

        2.3. Running PDNS on unix

   3. Installing on Microsoft Windows

        3.1. Configuring PDNS on Microsoft Windows
        3.2. Running PDNS on Microsoft Windows

   4. Basic setup: configuring database connectivity

        4.1. Example: configuring MySQL

              4.1.1. Common problems

   5. Dynamic resolution using the PipeBackend

        5.1. Deploying the PipeBackend with the BindBackend

   6. Logging & Monitoring Authoritative Server performance

        6.1. Webserver
        6.2. Via init.d commands
        6.3. Operational logging using syslog

   7. Security settings & considerations

        7.1. Settings

              7.1.1. Running as a less privileged identity
              7.1.2. Jailing the process in a chroot

        7.2. Considerations

   8. Virtual hosting
   9. Performance

        9.1. General advice
        9.2. Native Posix Thread Library vs LinuxThreads
        9.3. Performance related settings

              9.3.1. Packet Cache
              9.3.2. Query Cache

   10. Migrating to PDNS

        10.1. Zone2sql

   11. Recursion

        11.1. Details

   12. PowerDNS resolver/recursing nameserver

        12.1. pdns_recursor settings
        12.2. Controlling and querying the recursor
        12.3. PowerDNS Recursor performance
        12.4. Details

              12.4.1. Anti-spoofing
              12.4.2. Throttling

        12.5. Statistics
        12.6. Scripting

              12.6.1. Configuring Lua scripts
              12.6.2. Writing Lua PowerDNS Recursor scripts

        12.7. Design and Engineering of the PowerDNS Recursor

              12.7.1. The PowerDNS Recursor
              12.7.2. Synchronous code using MTasker
              12.7.3. MPlexer
              12.7.4. MOADNSParser
              12.7.5. The C++ Standard Library / Boost
              12.7.6. Actual DNS Algorithm
              12.7.7. The non-cached case
              12.7.8. Some of the things we glossed over
              12.7.9. The Recursor Cache
              12.7.10. Some small things

   13. Master/Slave operation & replication

        13.1. Native replication
        13.2. Slave operation

              13.2.1. Supermaster automatic provisioning of slaves

        13.3. Master operation

   14. Fancy records for seamless email and URL integration
   15. Index of all Authoritative Server settings
   16. Index of all Authoritative Server metrics

        16.1. Counters & variables

              16.1.1. Counters
              16.1.2. Ring buffers

   17. Supported record types and their storage
   18. HOWTO & Frequently Asked Questions

        18.1. Getting support, free and paid FAQ
        18.2. Using and Compiling PowerDNS FAQ
        18.3. Backend developer HOWTO
        18.4. About PowerDNS.COM BV, 'the company'

   19. Other tools included with PowerDNS

        19.1. Notification proxy (nproxy)

   20. Tools to analyse DNS traffic
   A. Backends in detail

        A.1. PipeBackend

              A.1.1. PipeBackend protocol

        A.2. MySQL backend

              A.2.1. Configuration settings
              A.2.2. Notes

        A.3. Random Backend
        A.4. MySQL PDNS backend

              A.4.1. Notes

        A.5. Generic MySQL and PgSQL backends

              A.5.1. MySQL specifics
              A.5.2. PostgresSQL specifics
              A.5.3. Oracle specifics
              A.5.4. Basic functionality
              A.5.5. Master/slave queries
              A.5.6. Fancy records
              A.5.7. Settings and specifying queries
              A.5.8. Native operation
              A.5.9. Slave operation
              A.5.10. Superslave operation
              A.5.11. Master operation

        A.6. Oracle backend

              A.6.1. Setting up Oracle for use with PowerDNS

        A.7. Generic SQLite backend (2 and 3)

              A.7.1. Compiling the SQLite backend
              A.7.2. Setting up the database
              A.7.3. Using the SQLite backend

        A.8. DB2 backend
        A.9. Bind zone file backend

              A.9.1. Operation
              A.9.2. Pdns_control commands
              A.9.3. Performance
              A.9.4. Master/slave configuration
              A.9.5. Commands

        A.10. ODBC backend
        A.11. XDB Backend
        A.12. LDAP backend
        A.13. OpenDBX backend
        A.14. Geo backend

   B. PDNS internals

        B.1. Controlsocket

              B.1.1. pdns_control

        B.2. Guardian
        B.3. Modules & Backends
        B.4. How PDNS translates DNS queries into backend queries

   C. Backend writers' guide

        C.1. Simple read-only native backends

              C.1.1. A sample minimal backend
              C.1.2. Interface definition

        C.2. Reporting errors
        C.3. Declaring and reading configuration details
        C.4. Read/write slave-capable backends

              C.4.1. Supermaster/Superslave capability

        C.5. Read/write master-capable backends

   D. Compiling PowerDNS

        D.1. Compiling PowerDNS on Unix

              D.1.1. AIX
              D.1.2. FreeBSD
              D.1.3. Linux
              D.1.4. MacOS X
              D.1.5. OpenBSD
              D.1.6. Solaris

        D.2. Compiling PowerDNS on Windows

              D.2.1. Assumptions
              D.2.2. Prequisites
              D.2.3. Nullsoft Installer
              D.2.4. Setting up the build-environment
              D.2.5. Compilation
              D.2.6. Miscellaneous

   E. PowerDNS license (GNU General Public License version 2)
   F. Further copyright statements

        F.1. AES implementation by Brian Gladman

   List of Tables
   1-1. PowerDNS Security Advisory
   1-2. PowerDNS Security Advisory
   1-3. PowerDNS Security Advisory
   1-4. PowerDNS Security Advisory
   1-5. PowerDNS Security Advisory
   17-1. SOA fields
   A-1. PipeBackend capabilities
   A-2. MySQL backend capabilities
   A-3. Random Backend capabilities
   A-4. MySQL backend capabilities
   A-5. Generic PgSQL and MySQL backend capabilities
   A-6. Oracle backend capabilities
   A-7. Generic SQLite backend capabilities
   A-8. DB2 backend capabilities
   A-9. Bind zone file backend capabilities
   A-10. ODBC backend capabilities
   A-11. LDAP backend capabilities
   A-12. OpenDBX backend capabilities
   A-13. Geo backend capabilities
   C-1. DNSResourceRecord class
   C-2. SOAData struct
   C-3. DomainInfo struct
     __________________________________________________________

Chapter 1. The PowerDNS dynamic nameserver

   The PowerDNS daemon is a versatile nameserver which supports a
   large number of backends. These backends can either be plain
   zonefiles or be more dynamic in nature. Additionally, through
   use of clever programming techniques, PowerDNS offers very high
   domain resolution performance.

   Prime examples of backends include relational databases, but
   also (geographical) loadbalancing and failover algorithms.

   The company is called PowerDNS.COM BV, the nameserver daemon is
   called PDNS.
     __________________________________________________________

1.1. Function & design of PDNS

   PowerDNS consists of two parts: the Authoritative Server and
   the Recursor. Other nameservers fully combine these functions,
   PowerDNS offers them separately, but can mix both authoritative
   and recursive usage seamlessly. The Authoritative Server will
   answer questions about domains it knows about, but will not go
   out on the net to resolve queries about other domains. However,
   it can use a recursing backend to provide that functionality.
   Depending on your needs, this backend can either be the
   PowerDNS recursor or an external one.

   When the Authoritative Server answers a question, it comes out
   of the database, and can be trusted as being authoritative.
   There is no way to pollute the cache or to confuse the daemon.

   The Recursor, conversely, by default has no knowledge of
   domains itself, but will always consult other authoritative
   servers to answer questions given to it.

   PDNS has been designed to serve both the needs of small
   installations by being easy to setup, as well as for serving
   very large query volumes on large numbers of domains.

   Another prime goal is security. By the use of language
   features, the PDNS source code is very small (in the order of
   10.000 lines) which makes auditing easy. In the same way,
   library features have been used to mitigate the risks of buffer
   overflows.

   Finally, PDNS is able to give a lot of statistics on its
   operation which is both helpful in determining the scalability
   of an installation as well as for spotting problems.
     __________________________________________________________

1.2. About this document

   If you are reading this document from disk, you may want to
   check http://doc.powerdns.com for updates. The PDF version is
   available on http://doc.powerdns.com/pdf, a text file is on
   http://doc.powerdns.com/txt/.
     __________________________________________________________

1.3. Release notes

   Before proceeding, it is advised to check the release notes for
   your PDNS version, as specified in the name of the distribution
   file.

   Beyond PowerDNS 2.9.20, the Authoritative Server and Recursor
   are released separately.
     __________________________________________________________

1.3.1. Authoritative Server version 2.9.22

   Warning

           Released on the 27th of January 2009.

   This is a huge release, spanning almost 20 months of
   development. Besides fixing a lot of bugs, of note is the
   addition of the so called 'Notification Proxy', which allows
   PowerDNS to function as a master server behind a firewall, plus
   the huge performance improvement of the internal caches.

   This work has been made possible by UPC Broadband and Directi,
   respectively.

   Finally, the release candidates of this version have been
   tested & improved by Jorn Ekkelenkamp, Ton van Rosmalen, Jeff
   Sipek, Tyler Hall, Christof Meerwald and Stefan Schmidt.

   Fixed between rc1 and rc2, but not an issue in 2.9.21.

     * pdns_control ccounts again outputs proper cache statistics.
       Implemented in commit 1304.
     * Negative query caching was reinstated, leading to 6 times
       fewer backend queries than rc1 on the Express.powerdns.com
       servers.
     * Packetcache no longer needlessly parses outgoing packets
       before sending them.
     * Fancy records work again. This work has been sponsored by
       ISP Services. Implemented in commit 1302 and commit 1299.

   New features:

     * pdns_control can now also work over TCP/IP. Sponsored by
       Directi. Commits 1246, 1251, 1254, 1255.
     * Implemented a notification proxy, see Section 19.1. This
       work was sponsored by UPC Broadband. Implemented in commits
       1075, 1077, 1082, 1083, 1085 and 1086.
     * IXFR queries are now supported in the sense that we treat
       them as AXFR queries, silencing warnings in other
       nameservers. Suggested in ticket 131.
     * The PIPE backend has been extended by David Apgar to allow
       the reporting of errors using the 'FAIL' command, plus
       support for responses with whitespace. Implemented in
       commit 1114.
     * PowerDNS Authoritative server now parses incoming EDNS
       options, like maximum allowed packet size. Implemented in
       commit 1123 and commit 1281.
     * Added support for DHCID, IPSECKEY and KX records, thanks
       Norbert Sendetzky for the hint. Implemented in commit 1144.
     * Norbert Sendetzky has has added support for all record
       types supported by PowerDNS to the LDAPBackend.
       Furthermore, the detection of OpenLDAP in autoconf has been
       improved. Finally, debian has supplied some fixes to
       PowerLDAP. Implemented in commit 1152 and commit 1153.
     * Implemented EDNS NSID option for retrieving the nameserver
       ID out of band. Defaults to hostname, can be specified
       using the server-id setting. Code in commit 1232.
     * Implemented experimental EDNS PING for enhanced forgery
       resilience. Code in commit 1232.

   Performance:

     * Improve packet generation performance, in some cases by
       25%. Code in 1258, 1259.
     * Improved access list checking performance. commit 1261.
     * PowerDNS Authoritative caches were completely redone, and
       are now based on the same cache that is in the resolver.
       This work has been sponsored by Directi. In large
       benchmarks, PowerDNS performance has improved by an order
       of magnitude or more. This new version allows for
       near-instantaneous cache purging, plus very rapid purging
       based on suffix. Purge commands can also be batched. This
       work is partially based on an innovative reverse-string
       comparison function authored by Aki Tuomi.
     * Installations which run with very high cache hitrates can
       now benefit from multiple CPUs by setting receiver-threads
       to the number of desired CPUs to utilize in cache
       operations. Implemented in commit 1316.
     * BIND backend speedups in commit 1108, measured at around a
       20% improvement, possibly more on very large setups.

   Bugs fixed:

     * Tyler Hall discovered the PowerDNS configuration file
       parser had problems with trailing tabs. This turned out to
       be a wider problem in PowerDNS. Buggy code replaced by a
       library call in commit 1237 and commit 1240.
     * David Apgar of Yahoo discovered that our 'guardian' method
       of restarting PowerDNS in case of problems was not fool
       proof, and submitted a fix. A variation of this fix can be
       found in commit 1323. Also reported by Directi.
     * Connection reset by peer events in the TCP nameserver no
       longer lead to the cycling of database connections. Code in
       commit 1241.
     * FreeBSD compilation with Generic PostgreSQL backend was
       fixed. Reported by Wouter de Jong of WideXS, fixed in
       commit 1305, closes ticket 95.
     * Webserver no longer prints '1e2%'. Finally closes ticket
       26. Much friendly nagging for over 3 years by Jeff Sipek,
       code in commit 1303.
     * PowerDNS used to ignore certain queries it could not
       answer. These queries are no longer ignored, but get a
       SERVFAIL response. Implemented in commit 1239.
     * Fix subtle CNAME and wildcard interactions reported by
       'zzyzz', implemented in commit 1147.
     * The generic backends did not honour the default-ttl
       setting. Spotted and implemented by Matti Hiljanen.
     * Matti Hiljanen discovered that the OpenDBX backend did not
       fill out the SOA ttl value properly. Matti also improved
       the SQL statements for better compatibility. Implemented in
       commit 1181.
     * Treat invalid WWW requests better. Spotted by Maikel
       Verheijen, implemented in commit 1092.
     * Documentation errors and typos, spotted by Marco Davids
       (commit 1097) and Rejo Zengers (commit 1119)
     * Properly fill out the 'recursion available'-flag. Spotted
       by Augie Schwer in ticket 167.
     * Several memory leaks on bad data in the database or other
       errors have been fixed. Addressed in 1078 and 1079.
     * In contravention to the documentation, the domain type as
       specified in the database ('MASTER', 'SLAVE' or 'NATIVE')
       was interpreted case sensitively. 1084.
     * BIND backend could crash on processing information about
       slave zones to be checked. Spotted by Stefan Schmidt, fixed
       in 1089.
     * Jelte Jansen of Stichting NLNetLabs discovered PowerDNS in
       BIND mode couldn't operate as a root-server! Fixed in 1057.
     * 'DPS' discovered there was a rare opportunity for PowerDNS
       to lock up waiting for new data. Addressed in 1076.
     * Make singlethreaded mode more resilient against errors.
       commit 1272.
     * DNSSEC records were part of 2.9.21, but were not actually
       hooked up. Please note that while PowerDNS can serve most
       DNSSEC records, it does not do DNSSEC processing.
       Implemented in 1046.
     * Shawn Starr migrated all his domains to PowerDNS in one
       evening, from an installation that had been used since
       BIND4. In doing so, he found 3 bugs in as many hours. An IN
       statement in the BIND named.conf with a zone with a
       trailing dot was misparsed, fixed in commit 1233. Secondly,
       the zonefile parser tripped over a line consisting of
       nothing but comments in the wrong place. Finally '$ORIGIN
       .' was misparsed. Last two issues fixed in commit 1234.
     * Our statistics counters did not wrap correctly after the
       2.15 billion mark. Spotted by Stefan Schmidt, reported in
       ticket 179, fixed in commit 1284.
     * Bindbackend could sometimes generate very strange error
       messages while processing a malformed zone file. Sometimes
       such error messages could cause a crash (reported on
       HP-UX). Addressed by commit 1279. This could not be
       triggered remotely. Closes ticket ticket 203.
     * Pipe backend did not clean up killed coprocesses. Found and
       fixed by Daniel Drown
     * Installations with tens of thousands of slave domains would
       never complete the cycle to check the freshness of all
       zones as each incoming notification disrupted this cycle.
       Addressed in cooperation with Tyler Hall of EditDNS.

   Improvements:

     * Zoneparser improvements mean $TTL and $INCLUDES now work a
       lot better. Implemented in 1056, 1062.
     * No longer report temporary recvfrom errors, which used to
       spam the log on many systems. Addressed in commit 1320.
     * Direct queries for 'fancy records' would lead to errors,
       such queries now fail early. Spotted by Jorn Ekkelenkamp,
       implemented in 1051.
     * Fix typo in geobackend, closing ticket 157, implemented in
       1090.
     * Initial work on TSIG support - not done yet. Spurred on by
       Marco Davids.
     * Embarrassingly, the 'master' configuration setting was not
       documented in the list of all settings!
     * Norbert has updated OpenDBX so that SQLite reads and writes
       no longer deadlock, plus compliation fixes on Solaris, plus
       the addition of autoserials to backends that support
       triggers. Implemented in commit 1154.
     * Random generator is now based on AES, improving the
       security of certain proxy operations. This is the same
       random generator that is in the recursor. Implemented in
       commit 1256.
     * Documentation for 'supermaster' mode was improved due to
       popular demand.
     * When binding to a UDP port failed, supply a more precise
       error message (commit 1245)
     * The zoneparser error messages were vastly improved,
       partially inspired by Shawn's cowboy migration. Code in
       commit 1235.
     * Labels are compressed more efficiently
       (case-insensitively), leading to smaller packets.
       Implemented in commit 1156.
     * Fix handling of TCP timeouts to not cause a reload of the
       backends. Implemented in commit 1092.
     * TCP Receiver no longer spams the log with common network
       errors. Implemented in commit 1306.
     * Move from select() to poll()-based multiplexing, allowing
       PowerDNS to listen on more than 1024 sockets
       simultaneously. One big PowerDNS user needs this.
       Implemented in 1072.
     * Zone2sql now reads source files in performance enhancing
       inode order. Additionally, zone2sql no longer dies on a
       missing zone file if --on-error-resume-next was specified.
       Finally, statistics of zone2sql conversion have been
       improved. Implemented in 1055.
     * Address issues found by more recent g++ versions. Spotted
       and/or fixed by Jorn Ekkelenkamp (commit 1051), Marcus
       Rueckert (commit 1094), Norbert Sendetzky (commit 1107),
       Serge Belyshev (commit 1171).
     * The Intel C Compiler implements certain things differently,
       causing the master/slave communicator to malfunction.
       Spotted by Marcus Rueckert, implemented in 1052, plus
       fallout in 1105.
     * PowerDNS can now be compiled with Boost 1.37.0.
     * Andre Lorbach of Adiscon discovered the microsoft windows
       2003 nameserver adds out of zone data to zonetransfers,
       which we need to ignore, instead of rejecting the entire
       zone. Implemented in 1048.
     * PowerDNS now skips remote master servers which consistently
       generate timeout messages, improving the master checking
       cycle time tremendously. Developed in cooperation with
       Tyler Hall. Implemented in commit 1278.
     * When binding to a UDP port failed, supply a more precise
       error message (commit 1245)
     * dnsreplay now waits for the final answers to arrive, making
       it possible to process even small pcap files and get
       meaningful statistics. commit 1268.
     * dnsreplay has a more sane default timeout now, which can be
       configured too. Suggested by Augie Schwer in ticket 163,
       implemented in commit 1287.
     __________________________________________________________

1.3.2. Authoritative Server version 2.9.21.2

   Released on the 18th of November 2008.

   This release consists of a single patch to PowerDNS
   Authoritative Server version 2.9.21.1. In some configurations,
   notably with configuration option 'distributor-threads=1', the
   PowerDNS Authoritative Server crashes easily in some error
   conditions.

   All users are urged to upgrade. Even though PowerDNS restarts
   itself on encountering such error conditions, and even though
   most PowerDNS configurations do not run in single threaded
   mode, an upgrade is recommended.

   More detail can be found in Section 1.9.
     __________________________________________________________

1.3.3. Authoritative Server version 2.9.21.1

   Released on the 6th of August 2008.

   This release consists of a single patch to PowerDNS
   Authoritative Server version 2.9.21. Brian J. Dowling of
   Simplicity Communications has discovered a security implication
   of the previous PowerDNS behaviour to drop queries it considers
   malformed. We are grateful that Brian notified us quickly about
   this problem.

   This issue has been assigned CVE-2008-3337. The single patch is
   in commit 1239. More detail can be found in Section 1.8.

   The implication is that while the PowerDNS Authoritative server
   itself does not face a security risk because of dropping these
   malformed queries, other resolving nameservers run a higher
   risk of accepting spoofed answers for domains being hosted by
   PowerDNS Authoritative Servers before 2.9.21.1.

   While the dropping of queries does not aid sophisticated
   spoofing attempts, it does facilitate simpler attacks.

   It may be good to know that several large sites already run
   with this patch applied, as it has been in the public codebase
   for some weeks already.
     __________________________________________________________

1.3.4. Recursor version 3.1.7

   Released the 25th of June 2008.

   This version contains powerful scripting abilities, allowing
   operators to modify DNS responses in many interesting ways.
   Among other things, these abilities can be used to filter out
   malware domains, to perform load balancing, to comply with
   legal and other requirements and finally, to implement
   'NXDOMAIN' redirection.

   It is hoped that the addition of Lua scripting will enable
   responsible DNS modification for those that need it.

   For more details about the Lua scripting, which can be
   modified, loaded and unloaded at runtime, see Section 12.6.
   Many thanks are due to the #lua irc channel, for excellent
   near-realtime Lua support. In addition, a number of PowerDNS
   users have been enthousiastically testing prereleases of the
   scripting support, and have found and solved many issues.

   In addition, 3.1.7 fixes a number of bugs:

     * In 3.1.5 and 3.1.6, an authoritative server could continue
       to renew its authority, even though a domain had been
       delegated to other servers in the meantime.
       In the rare cases where this happened, and the old servers
       were not shut down, the observed effect is that users were
       fed outdated data.
       Bug spotted and analysed by Darren Gamble, fix in commit
       1182 and commit 1183.
     * Thanks to long time PowerDNS contributor Stefan Arentz, for
       the first time, Mac OS X 10.5 users can compile and run the
       PowerDNS Recursor! Patch in commit 1185.
     * Sten Spans spotted that for outgoing TCP/IP queries, the
       query-local-address setting was not honored. Fixed in
       commit 1190.
     * rec_control wipe-cache now also wipes domains from the
       negative cache, hurrying up the expiry of negatively cached
       records. Suggested by Simon Kirby, implemented in commit
       1204.
     * When a forwarder server is configured for a domain, using
       the forward-zones setting, this server IP address was
       filtered using the dont-query setting, which is generally
       not what is desired: the server to which queries are
       forwarded will often live in private IP space, and the
       operator should be trusted to know what he is doing.
       Reported and argued by Simon Kirby, fix in commit 1211.
     * Marcus Rueckert of OpenSUSE reported that very recent gcc
       versions emitted a (correct) warning on an overly
       complicated line in syncres.cc, fixed in commit 1189.
     * Stefan Schmidt discovered that the netmask matching code,
       used by the new Lua scripts, but also by all other parts of
       PowerDNS, had problems with explicit '/32' matches. Fixed
       in commit 1205.
     __________________________________________________________

1.3.5. Recursor version 3.1.6

   Released on the 1st of May 2008.

   This version fixes two important problems, each on its own
   important enough to justify a quick upgrade.

     * Version 3.1.5 had problems resolving several slightly
       misconfigured domains, including for a time 'juniper.net'.
       Nameserver timeouts were not being processed correctly,
       leading PowerDNS to not update the internal clock, which in
       turn meant that any queries immediately following an error
       would time out as well. Because of retries, this would
       usually not be a problem except on very busy servers, for
       domains with different nameservers at different levels of
       the DNS-hierarchy, like 'juniper.net'.
       This issue was fixed rapidly because of the help of XS4ALL
       (Eric Veldhuyzen, Kai Storbeck), Brad Dameron and Kees
       Monshouwer. Fix in commit 1178.
     * The new high-quality random generator was not used for all
       random numbers, especially in source port selection. This
       means that 3.1.5 is still a lot more secure than 3.1.4 was,
       and its algorithms more secure than most other nameservers,
       but it also means 3.1.5 is not as secure as it could be. A
       quick upgrade is recommended. Discovered by Thomas Biege of
       Novell (SUSE), fixed in commit 1179.
     __________________________________________________________

1.3.6. Recursor version 3.1.5

   Released on the 31st of March 2008.

   Much like 3.1.4, this release does not add a lot of major
   features. Instead, performance has been improved significantly
   (estimated at around 20%), and many rare and not so rare issues
   were addressed. Multi-part TXT records now work as expected -
   the only significant functional bug found in 15 months. One of
   the oldest feature requests was fulfilled: version 3.1.5 can
   finally forward queries for designated domains to multiple
   servers, on differing port numbers if needed. Previously only
   one forwarder address was supported. This lack held back a
   number of migrations to PowerDNS.

   We would like to thank Amit Klein of Trusteer for bringing a
   serious vulnerability to our attention which would enable a
   smart attacker to 'spoof' previous versions of the PowerDNS
   Recursor into accepting possibly mallicious data.

   Details can be found on this Trusteer page.

   It is recommended that all users of the PowerDNS Recursor
   upgrade to 3.1.5 as soon as practicable, while we
   simultaneously note that busy servers are less susceptible to
   the attack, but not immune.

   The PowerDNS Security Advisory can be found in Section 1.7.

   This version can properly benefit from all IPv4 and IPv6
   addresses in use at the root-servers as of early February 2008.
   In order to implement this, changes were made to how the
   Recursor deals internally with A and AAAA queries for
   nameservers, see below for more details.

   Additionally, newer releases of the G++ compiler required some
   fixes (see ticket 173).

   This release was made possible by the help of Wichert Akkerman,
   Winfried Angele, Arnoud Bakker (Fox-IT), Niels Bakker (no
   relation!), Leo Baltus (Nederlandse Publieke Omroep), Marco
   Davids (SIDN), David Gavarret (Neuf Cegetel), Peter Gervai,
   Marcus Goller (UPC), Matti Hiljanen (Saunalahti/Elisa), Ruben
   Kerkhof, Alex Kiernan, Amit Klein (Trusteer), Kenneth Marshall
   (Rice University), Thomas Rietz, Marcus Rueckert (OpenSUSE),
   Augie Schwer (Sonix), Sten Spans (Bit), Stefan Schmidt
   (Freenet), Kai Storbeck (xs4all), Alex Trull, Andrew Turnbull
   (No Wires) and Aaron Thompson, and many more who filed bugs
   anonymously, or who we forgot to mention.

   Security related issues:

     * Amit Klein has informed us that System random generator
       output can be predicted based on its past behaviour,
       allowing a smart attacker to 'spoof' our nameserver. Full
       details in Section 1.7.
     * The Recursor will by default no longer query private-space
       nameservers. This closes a slight security risk and
       simultaneously improves performance and stability. For more
       information, see dont-query in Section 12.1. Implemented in
       commit 923.
     * Applied fix for ticket 110 ('PowerDNS should change
       directory to '/' in chroot), implemented in commit 944.

   Performance:

     * The DNS packet writing and parsing infrastructure
       performance was improved in several ways, see commits 925,
       926, 928, 931, 1021, 1050.
     * Remove multithreading overhead from the Recursor (commit
       999).

   Bug fixes:

     * Built-in authoritative server now properly derives the TTL
       from the SOA record if not specified. Implemented in commit
       1165. Additionally, even when TTL was specified for the
       built-in authoritative server, it was ignored. Reported by
       Stefan Schmidt, closing ticket 147.
     * Empty TXT record components can now be served. Implemented
       in commit 1166, closing ticket 178. Spotted by Matti
       Hiljanen.
     * The Recursor would not properly override old data with new,
       sometimes serving old and new data concurrently. Fixed in
       commit 1137.
     * SOA records with embedded carriage-return characters are
       now parsed correctly. Implemented in commit 1167, closing
       ticket 162.
     * Some routing conditions could cause UDP connected sockets
       to generate an error which PowerDNS did not deal with
       properly, leading to a leaked file descriptor. As these run
       out over time, the recursor could crash. This would also
       happen for IPv6 queries on a host with no IPv6
       connectivity. Thanks to Kai of xs4all and Wichert Akkerman
       for reporting this issue. Fix in commit 1133.
     * Empty unknown record types can now be stored without
       generating a scary error (commit 1129)
     * Applied fix for ticket 111, ticket 112 and ticket 153 -
       large (multipart) TXT records are now retrieved and served
       properly. Fix in commit 996.
     * Solaris compilation instructions in Recursor documentation
       were wrong, leading to an instant crash on startup. Luckily
       nobody reads the documentation, except for Marcus Goller
       who found the error. Fixed in commit 1124.
     * On Solaris, finally fix the issue where queries get
       distributed strangely over CPUs, or not get distributed at
       all. Much debugging and analysing performed by Alex
       Kiernan, who also supplied fixes. Implemented in commit
       1091, commit 1093.
     * Various fixes for modern G++ versions, most spotted by
       Marcus Rueckert (commits 964, 965, 1028, 1052), and Ruben
       Kerkhof (commit 1136, closing ticket 175).
     * Recursor would not properly clean up pidfile and control
       socket, closing ticket 120, code in commit 988, commit 1098
       (part of fix by Matti Hiljanen, spotted by Leo Baltus)
     * Recursor can now serve multi-line records from its limited
       authoritative server (commit 1014).
     * When parsing zones, the 'm' time specification stands for
       minutes, not months! Closing Debian bug 406462 (commit
       1026)
     * Authoritative zone parser did not support '@' in the
       content of records. Spotted by Marco Davids, fixed in
       commit 1030.
     * Authoritative zone parser could be confused by trailing
       TABs on record lines (commit 1062).
     * EINTR error code could block entire server if received at
       the wrong time. Spotted by Arnoud Bakker, fix in commit
       1059.
     * Fix crash on NetBSD on Alpha CPUs, might improve startup
       behaviour on empty caches on other architectures as well
       (commit 1061).
     * Outbound TCP queries were being performed sub-optimally
       because of an interaction with the 'Mplexer'. Fixes in
       commit 1115, commit 1116.

   New features:

     * Implemented rec_control command get uptime, as suggested by
       Niels Bakker (commit 935). Added to default rrdtool scripts
       in commit 940.
     * The Recursor Authorative component, meant for having the
       Recursor serve some zones authoritatively, now supports
       $INCLUDE and $GENERATE. Implemented in commit 951 and
       commit 952, commit 967 (discovered by Thomas Rietz),
     * Implemented forward-zones-file option in order to support
       larger amounts of zones which should be forwarded to
       another nameserver (commit 963).
     * Both forward-zones and forward-zones-file can now specify
       multiple forwarders per domain, implemented in commit 1168,
       closing ticket 81. Additionally, both these settings can
       also specify non-standard port numbers, as suggested in
       ticket ticket 122. Patch authored by Aaron Thompson, with
       additional work by Augie Schwer.
     * Sten Spans contributed allow-from-file, implemented in
       commit 1150. This feature allows the Recursor to read
       access rules from a (large) file.

   General improvements:

     * Ruben Kerkhof fixed up weird permission bits as well as our
       SGML documentation code in commit 936 and commit 937.
     * Full IPv6 parity. If configured to use IPv6 for outgoing
       queries (using query-local-address6=::0 for example), IPv6
       and IPv4 addresses are finally treated 100% identically,
       instead of 'mostly'. This feature is implemented using
       'ANY' queries to find A and AAAA addresses in one query,
       which is a new approach. Treat with caution.
     * Now perform EDNS0 root refreshing queries, so as to benefit
       from all returned addresses. Relevant since early February
       2008 when the root-servers started to respond with IPv6
       addresses, which made the default non-EDNS0 maximum packet
       length reply no longer contain all records. Implemented in
       commit 1130. Thanks to dns-operations AT mail.oarc.isc.org
       for quick suggestions on how to deal with this change.
     * rec_control now has a timeout in case the Recursor does not
       respond. Implemented in commit 945.
     * (Error) messages are now logged with saner priorities
       (commit 955).
     * Outbound query IP interface stemmed from 1997 (!) and was
       in dire need of a cleanup (commit 1117).
     * L.ROOT-SERVERS.NET moved (commit 1118).
     __________________________________________________________

1.3.7. PowerDNS Authoritative Server version 2.9.21

   Released the 21st of April 2007.

   This is the first release the PowerDNS Authoritative Server
   since the Recursor was split off to a separate product, and
   also marks the transfer of the new technology developed
   specifically for the recursor, back to the authoritative
   server.

   This move has reduced the amount of code of the Authoritative
   server by over 2000 lines, while improving the quality of the
   program enormously.

   However, since so much has been changed, care should be taken
   when deploying 2.9.21.

   To signify the magnitude of the underlying improvements, the
   next release of the PowerDNS Authoritative Server will be
   called 3.0.

   This release would not have been possible without large amounts
   of help and support from the PowerDNS Community. We
   specifically want to thank Massimo Bandinelli of Italy's
   Register.it, Dave Aaldering of Aaldering ICT, True BV, XS4ALL,
   Daniel Bilik of Neosystem, EasyDNS, Heinrich Ruthensteiner of
   Siemens, Augie Schwer, Mark Bergsma, Marco Davids, Marcus
   Rueckert of OpenSUSE, Andre Muraro of Locaweb, Antony Lesuisse,
   Norbert Sendetzky, Marco Chiavacci, Christoph Haas, Ralf van
   der Enden and Ruben Kerkhof.

   Security issues:

     * The previous packet parsing and generating code contained
       no known bugs, but was however very lengthy and overly
       complex, and might have had security problems. The new code
       is 'inherently safe' because it relies on bounds-checking
       C++ constructs. Therefore, a move to 2.9.21 is highly
       recommended.
     * Pre-2.9.21, communication between master and server
       nameservers was not checked as rigidly as possible,
       possibly allowing third parties to disrupt but not modify
       such communications.

   Warning

           The 'bind1' legacy version of our BIND backend has been
           dropped! There should be no need to rely on this old version
           anymore, as the main BIND backend has been very well tested
           recently.

   Bugs:

     * Multi-part TXT records weren't supported. This has been
       fixed, and regression tests have been added. Code in
       commits 1016, 996, 994.
     * Email addresses with embedded dots in SOA records were not
       parsed correctly, nor were other embedded dots. Noted by
       'Bastiaan', fixed in commit 1026.
     * BIND backend treated the 'm' TTL modifier as 'months' and
       not 'minutes'. Closes Debian bug 406462. Addressed in
       commit 1026.
     * Our snapshots were built against a static version of
       PosgreSQL that was incompatible with many Linux
       distributions, leading to instant crashes on startup. Fixed
       in 1022 and 1023.
     * CNAME referrals to child zones gave improper responses.
       Noted by Augie Schwer in ticket 123, fixed in commit 992.
     * When passing a port number with the recursor setting, this
       would sometimes generate errors during additional
       processing. Switched off overly helpful additional
       processing for recursive queries to remove this problem.
       Implemented in commit 1031, spotted by Ralf van der Enden.
     * NS to a nameserver with the name of the zone itself
       generated problems. Spotted by Augie Schwer, fixed in
       commit 947.
     * Multi-line records in the BIND backend were not always
       parsed correctly. Fixed in commit 1014.
     * The LOC-record had problems operating outside of the
       eastern hemisphere of the northern part of the world! Fixed
       in commit 1011.
     * Backends were compiled without multithreading preprocessor
       flags. As far as we can determine, this would only cause
       problems for the BIND backend, but we cannot rule out this
       caused instability in other backends. Fixed in commit 1001.
     * The BIND backend was highly unstable under reloads, and
       leaked memory and file descriptors. Thanks to Mark Bergsma
       and Massimo Bandinelli for respectively pointing this out
       to us and testing large amounts of patches to fix the
       problem. The fixes have resulted in better performance,
       less code, and a remarkable simplification of this backend.
       Commits 1039, 1034, 1035, 1006, 999, 905 and previous.
     * BIND backend gave convincing NXDOMAINS on unloaded zones in
       some cases. Spotted and fixed by Daniel Bilik in commit
       984.
     * SOA records in zone transfers sometimes contained the wrong
       SOA TTL. Spotted by Christian Kuehn, fixed in commit 902.
     * PowerDNS could get confused by very high SOA serial
       numbers. Spotted and fixed by Dan Billik, fixed in commit
       626.
     * Some versions of FreeBSD perform very strict checks on
       socket address sizes passed to 'connect', which could lead
       to problems retrieving zones over AXFR. Fixed in commit
       891.
     * Some versions of FreeBSD perform very strict checks on IPv6
       socket addresses, leading to problems. Discovered by Sten
       Spans, fixed in commit 885 and commit 886.
     * IXFR requests were not logged properly. Noted by Ralf van
       der Enden, fixed in commit 990.
     * Some NAPTR records needed an additional space character to
       encode correctly. Spotted by Heinrich Ruthensteiner, fixed
       in commit 1029.
     * Many bugs in the TCP nameserver, leading to a PowerDNS
       process that did not respond to TCP queries over time. Many
       fixes provided by Dan Bilik, other problems were fixed by
       rewriting our TCP handling code. Commits 982 and 980, 950,
       924, 889, 874, 869, 685, 684.
     * Fix crashes on the ARM processor due to alignment errors.
       Thanks to Sjoerd Simons. Closes Debian bug 397031.
     * Missing data in generic SQL backends would sometimes lead
       to faked SOA serial data. Spotted by Leander Lakkas from
       True. Fix in commit 866.
     * When receiving two quick notifications in succession, the
       packet cache would sometimes "process" the second one,
       leading PowerDNS to ignore it. Spotted by Dan Bilik, fixed
       in commit 686.
     * Geobackend (by Mark Bergsma) did not properly override the
       getSOA method, breaking non-overlay operation of this fine
       backend. The geobackend now also skips '.hidden'
       configuration files, and now properly disregards empty
       configuration files. Additionally, the overlapping
       abilities were improved. Details available in commit 876,
       by Mark.

   Features:

     * Thanks to EasyDNS, PowerDNS now supports multiple masters
       per domain. For configuration details, see Section 13.2.
       Implemented in commit 1018, commit 1017.
     * Thanks to EasyDNS, PowerDNS now supports the KEY record
       type, as well the SPF record. In commit 976.
     * Added support for CERT, SSHFP, DNSKEY, DS, NSEC, RRSIG
       record types, as part of the move to the new DNS
       parsing/generating code.
     * Support for the AFSDB record type, as requested by
       'Bastian'. Implemented in commit 978, closing ticket 129.
     * Support for the MR record type. Implemented in commit 941
       and commit 1019.
     * Gsqlite3 backend was added by Antony Lesuisse in commit
       942;
     * Added the ability to send out light-weight root-referrals
       that save bandwidth yet still placate mediocre resolver
       implementations. Implemented in commit 912, enable with
       'root-referral=lean'.

   Improvements:

     * Miscellaneous OpenDBX and LDAP backend improvements by
       Norbert Sendetzky. Applied in commit 977 and commit 1040.
     * SGML source of the documentation was cleaned up by Ruben
       Kerkhof in commit 936.
     * Speedups in core DNS label processing code. Implemented in
       commit 928, commit 654, commit 1020.
     * When communicating with master servers and encountering
       errors, more useful details are logged. Reported by Stefan
       Arentz in ticket 137, closed by commit 1015.
     * Database errors are now logged with more details. Addressed
       in commit 1004.
     * pdns_control problems are now logged more verbosely. Change
       in commit 910.
     * Erroneous address configuration was logged unclearly.
       Spotted by River Tarnell, fixed in commit 888.
     * Example configuration shipped with PowerDNS was very old.
       Noted by Leen Besselink, fixed in commit 946.
     * PowerDNS neglected to chdir to the root when chrooted. This
       closes ticket 110, fixed in commit 944.
     * Microsoft resolver had problems with responses we generated
       for CNAMEs pointing out of our bailiwick. Fixed in commit
       983 and expedited by Locaweb.com.br.
     * Built-in webserver logs errors more verbosely. Closes
       ticket 82, gixed in commit 991.
     * Queries containing '@' no longer flood the logs. Addressed
       in commit 1014.
     * The build process now looks for PostgreSQL in more places.
       Implemented in commit 998, closes ticket 90.
     * Speedups in the BIND backend now mean large installations
       enjoy startup times up to 30 times faster than with the
       original BIND nameserver. Many thanks to Massimo
       Bandinelli.
     * BIND backend now offers full support for query logging,
       implemented in commit 1026, commit 1029.
     * BIND backend named.conf parsing is now fully
       case-insensitive for domain names. This closes Debian bug
       406461, fixed in commit 1027.
     * IPv6 and IPv4 address parsing routines have been replaced,
       which should result in prettier output in some cases.
       commit 962, commit 1012 and others.
     * 5 new regression tests have been added to insure old bugs
       do not return.
     * Fix small issues with very modern compilers and BOOST
       snapshots. Noted by Marcus Rueckert, addressed in commit
       954, commit 964 commit 965, commit 1003.
     __________________________________________________________

1.3.8. Recursor version 3.1.4

   Released the 13th of November 2006.

   This release contains almost no new features, but consists
   mostly of minor and major bug fixes. It also addresses two
   major security issues, which makes this release a highly
   recommended upgrade.

   Security issues:

     * Large TCP questions followed by garbage could cause the
       recursor to crash. This critical security issue has been
       assigned CVE-2006-4251, and is fixed in commit 915. More
       information can be found in Section 1.5.
     * CNAME loops with zero second TTLs could cause crashes in
       some conditions. These loops could be constructed by
       malicious parties, making this issue a potential denial of
       service attack. This security issue has been assigned
       CVE-2006-4252 and is fixed by commit 919. More information
       can be found in Section 1.6. Many thanks to David Gavarret
       for helping pin down this problem.

   Bugs:

     * On certain error conditions, PowerDNS would neglect to
       close a socket, which might therefore eventually run out.
       Spotted by Stefan Schmidt, fixed in commits 892, 897, 899.
     * Some nameservers (including PowerDNS in rare circumstances)
       emit a SOA record in the authority section. The recursor
       mistakenly interpreted this as an authoritative "NXRRSET".
       Spotted by Bryan Seitz, fixed in commit 893.
     * In some circumstances, PowerDNS could end up with a useless
       (not working, or no longer working) set of nameserver
       records for a domain. This release contains logic to
       invalidate such broken NSSETs, without overloading
       authoritative servers. This problem had previously been
       spotted by Bryan Seitz, 'Cerb' and Darren Gamble.
       Invalidations of NSSETs can be plotted using the
       "nsset-invalidations" metric, available through rec_control
       get. Implemented in commit 896 and commit 901.
     * PowerDNS could crash while dumping the cache using
       rec_control dump-cache. Reported by Wouter of WideXS and
       Stefan Schmidt and many others, fixed in commit 900.
     * Under rare circumstances (depleted TCP buffers), PowerDNS
       might send out incomplete questions to remote servers.
       Additionally, on big-endian systems (non-Intel and non-AMD
       generally), sending out large TCP answers questions would
       not work at all, and possibly crash. Brought to our
       attention by David Gavarret, fixed in commit 903.
     * The recursor contained the potential for a dead-lock
       processing an invalid domain name. It is not known how this
       might be triggered, but it has been observed by 'Cerb' on
       #powerdns. Several dead-locks where PowerDNS consumed all
       CPU, but did not answer questions, have been reported in
       the past few months. These might be fixed by commit 904.
     * IPv6 'allow-from' matching had problems with the least
       significant bits, sometimes allowing disallowed addresses,
       but mostly disallowing allowed addresses. Spotted by Wouter
       from WideXS, fixed in commit 916.

   Improvements:

     * PowerDNS has support to drop answers from so called
       'delegation only' zones. A statistic ("dlg-only-drops") is
       now available to plot how often this happens. Implemented
       in commit 890.
     * Hint-file parameter was mistakenly named "hints-file" in
       the documentation. Spotted by my Marco Davids, fixed in
       commit 898.
     * rec_control quit should be near instantaneous now, as it no
       longer meticulously cleans up memory before exiting.
       Problem spotted by Darren Gamble, fixed in commit 914,
       closing ticket 84.
     * init.d script no longer refers to the Recursor as the
       Authoritative Server. Spotted by Wouter of WideXS, fixed in
       commit 913.
     * A potentially serious warning for users of the GNU C
       Library version 2.5 was fixed. Spotted by Marcus Rueckert,
       fixed in commit 920.
     __________________________________________________________

1.3.9. Recursor version 3.1.3

   Released the 12th of September 2006.

   Compared to 3.1.2, this release again consists of a number of
   mostly minor bug fixes, and some slight improvements.

   Many thanks are again due to Darren Gamble who together with
   his team has discovered many misconfigured domains that do work
   with some other name servers. DNS has long been tolerant of
   misconfigurations, PowerDNS intends to uphold that tradition.
   Almost all of the domains found by Darren now work as well in
   PowerDNS as in other name server implementations.

   Thanks to some recent migrations, this release, or something
   very close to it, is powering over 40 million internet
   connections that we know of. We appreciate hearing about
   succesful as well as unsuccesful migrations, please feel free
   to notify pdns.bd@powerdns.com of your experiences, good or
   bad.

   Bug-fixes:

     * The MThread default stack size was too small, which led to
       problems, mostly on 64-bit platforms. This stack size is
       now configurable using the stack-size setting should our
       estimate be off. Discovered by Darren Gamble, Sten Spans
       and a number of others. Fixed in commit 868.
     * Plug a small memory leak discovered by Kai and Darren
       Gamble, fixed in commit 870.
     * Switch from the excellent nedmalloc to dlmalloc, based on
       advice by the nedmalloc author. Nedmalloc is optimised for
       multithreaded operation, whereas the PowerDNS recursor is
       single threaded. The version of nedmalloc shipped contained
       a number of possible bugs, which are probably resolved by
       moving to dlmalloc. Some reported crashes on hitting 2G of
       allocated memory on 64 bit systems might be solved by this
       switch, which should also increase performance. See commit
       873 for details.

   Improvements:

     * The cache is now explicitly aware of the difference between
       authoritative and unauthoritative data, allowing it to deal
       with some domains that have different data in the parent
       zone than in the authoritative zone. Patch in commit 867.
     * No longer try to parse DNS updates as if they were queries.
       Discovered and fixed by Jan Gyselinck, fix in commit 871.
     * Rebalance logging priorities for less log cluttering and
       add IP address to a remote server error message. Noticed
       and fixed by Jan Gyselinck (commit 877).
     * Add logging-facility setting, allowing syslog to send
       PowerDNS logging to a separate file. Added in commit 871.
     __________________________________________________________

1.3.10. Recursor version 3.1.2

   Released Monday 26th of June 2006.

   Compared to 3.1.1, this release consists almost exclusively of
   bug-fixes and speedups. A quick update is recommended, as some
   of the bugs impact operators of authoritative zones on the
   internet. This version has been tested by some of the largest
   internet providers on the planet, and is expected to perform
   well for everybody.

   Many thanks are due to Darren Gamble, Stefan Schmidt and Bryan
   Seitz who all provided excellent feedback based on their
   large-scale tests of the recursor.

   Bug-fixes:

     * Internal authoritative server did not differentiate between
       'NXDOMAIN' and 'NXRRSET', in other words, it would answer
       'no such host' when an AAAA query came in for a domain that
       did exist, but did not have an AAAA record. This only
       affects users with auth-zones configured. Discovered by
       Bryan Seitz, fixed in commit 848.
     * ANY queries for hosts where nothing was present in the
       cache would not work. This did not cause real problems as
       ANY queries are not reliable (by design) for anything other
       than debugging, but did slow down the nameserver and cause
       unnecessary load on remote nameservers. Fixed in commit
       854.
     * When exceeding the configured maximum amount of TCP
       sessions, TCP support would break and the nameserver would
       waste CPU trying to accept TCP connections on UDP ports.
       Noted by Bryan Seitz, fixed in commit 849.
     * DNS queries come in two flavours: recursion desired and
       non-recursion desired. The latter is not very useful for a
       recursor, but is sometimes (erroneously) used by monitoring
       software or loadbalancers to detect nameserver
       availability. A non-rd query would not only not recurse,
       but also not query authoritative zones, which is confusing.
       Fixed in commit 847.
     * Non-standard DNS TCP queries, that did occur however, could
       drive the recursor to 100% CPU usage for extended periods
       of time. This did not disrupt service immediately, but does
       waste a lot of CPU, possibly exhausting resources.
       Discovered by Bryan Seitz, fixed in commit 858, which is
       post-3.1.2-rc1.
     * The PowerDNS recursor did not honour the rare but
       standardised 'ANY' query class (normally 'ANY' refers to
       the query type, not class), upsetting the Wildfire Jabber
       server. Discovered and debugged by Daniel Nauck, fixed in
       commit 859, which is post-3.1.2-rc1.
     * Everybody's favorite, when starting up under high load, a
       bogus line of statistics was sometimes logged. Fixed in
       commit 851.
     * Remove some spurious debugging output on dropping a packet
       by an unauthorized host. Discovered by Kai. Fixed in commit
       854.

   Improvements:

     * Misconfigured domains, with a broken nameserver in the
       parent zone, should now work better. Changes motivated and
       suggested by Darren Gamble. This makes PowerDNS more
       compliant with RFC 2181 by making it prefer authoritative
       data over non-authoritative data. Implemented in commit
       856.
     * PowerDNS can now listen on multiple ports, using the
       local-address setting. Added in commit 845.
     * A number of speedups which should have a noticeable impact,
       implemented in commits 850, 852, 853, 855
     * The recursor now works around an issue with the Linux
       kernel 2.6.8, as shipped by Debian. Fixed by Christof
       Meerwald in commit 860, which is post 3.1.2-rc1.
     __________________________________________________________

1.3.11. Recursor version 3.1.1

  Warning

          3.1.1 is identical to 3.1 except for a bug in the packet
          chaining code which would mainly manifest itself for IPv6
          enabled Konqueror users with very fast connections to their
          PowerDNS installation. However, all 3.1 users are urged to
          upgrade to 3.1.1. Many thanks to Alessandro Bono for his quick
          aid in solving this problem.

   Released on the 23rd of May 2006. Many thanks are due to the
   operators of some of the largest internet access providers in
   the world, each having many millions of customers, who have
   tested the various 3.1 pre-releases for suitability. They have
   uncovered and helped fix bugs that could impact us all, but are
   only (quickly) noticeable with such vast amounts of DNS
   traffic.

   After version 3.0.1 has proved to hold up very well under
   tremendous loads, 3.1 adds important new features:

     * Ability to serve authoritative data from 'BIND' style zone
       files (using auth-zones statement).
     * Ability to forward domains so configured to external
       servers (using forward-zones).
     * Possibility of 'serving' the contents of /etc/hosts over
       DNS, which is very well suited to simple domestic
       router/DNS setups. Enabled using export-etc-hosts.
     * As recommended by recent standards documents, the PowerDNS
       recursor is now authoritative for RFC-1918 private IP space
       zones by default (suggested by Paul Vixie).
     * Full outgoing IPv6 support (off by default) with IPv6
       servers getting equal treatment with IPv4, nameserver
       addresses are chosen based on average response speed,
       irrespective of protocol.
     * Initial Windows support, including running as a service
       ('NET START "POWERDNS RECURSOR"'). rec_channel is still
       missing, the rest should work. Performance appears to be
       below that of the UNIX versions, this situation is expected
       to improve.

   Bug fixes:

     * No longer send out SRV and MX record priorities as zero on
       big-endian platforms (UltraSPARC). Discovered by Eric
       Sproul, fixed in commit 773.
     * SRV records need additional processing, especially in an
       Active Directory setting. Reported by Kenneth Marshall,
       fixed in commit 774.
     * The root-records were not being refreshed, which could lead
       to problems under inconceivable conditions. Fixed in commit
       780.
     * Fix resolving domain names for nameservers with multiple IP
       addresses, with one of these addresses being lame. Other
       nameserver implementations were also unable to resolve
       these domains, so not a big bug. Fixed in commit 780.
     * For a period of 5 minutes after expiring a negative cache
       entry, the domain would not be re-cached negatively,
       leading to a lot of duplicate outgoing queries for this
       short period. This fix has raised the average cache hit
       rate of the recursor by a few percent. Fixed in commit 783.
     * Query throttling was not aggressive enough and not all
       sorts of queries were throttled. Implemented in commit 786.
     * Fix possible crash during startup when parsing empty
       configuration lines (commit 807).
     * Fix possible crash when the first query after wiping a
       cache entry was for the just deleted entry. Rare in
       production servers. Fixed in commit 820.
     * Recursor would send out differing TTLs when receiving a
       misconfigured, standards violating, RRSET with different
       TTLs. Implement fix as mandated by RFC 2181, paragraph 5.2.
       Reported by Stephen Harker (commit 819).
     * The top-remotes would list remotes duplicately, once per
       source port. Discovered by Jorn Ekkelenkamp, fixed in
       commit 827, which is post 3.1-pre1.
     * Default allow-from allowed queries from fe80::/16,
       corrected to fe80::/10. Spotted by Niels Bakker, fixed in
       commit 829, which is post 3.1-pre1.
     * While PowerDNS blocks failing queries quickly, multiple
       packets could briefly be in flight for the same domain and
       nameserver. This situation is now explicitly detected and
       queries are chained to identical queries already in flight.
       Fixed in commit 833 and commit 834, post 3.1-pre1.

   Improvements:

     * ANY queries are now implemented as in other nameserver
       implementations, leading to a decrease in outgoing queries.
       The RFCs are not very clear on desired behaviour, what is
       implemented now saves bandwidth and CPU and brings us in
       line with existing practice. Previously ANY queries were
       not cached by the PowerDNS recursor. Implemented in commit
       784.
     * rec_control was very sparse in its error reporting, and
       user unfriendly as well. Reported by Erik Bos, fixed in
       commit 818 and commit 820.
     * IPv6 addresses were printed in a non-standard way, fixed in
       commit 788.
     * TTLs of records are now capped at two weeks, commit 820.
     * allow-from IPv4 netmasks now automatically work for
       IP4-to-IPv6 mapper IPv4 addresses, which appear when
       running on the wildcard :: IPv6 address. Lack of feature
       noted by Marcus 'darix' Rueckert. Fixed in commit 826,
       which is post 3.1-pre1.
     * Errors before daemonizing are now also sent to syslog.
       Suggested by Marcus 'darix' Rueckert. Fixed in commit 825,
       which is post 3.1-pre1.
     * When launching without any form of configured network
       connectivity, all root-servers would be cached as 'down'
       for some time. Detect this special case and treat it as a
       resource-constraint, which is not accounted against
       specific nameservers. Spotted by Seth Arnold, fixed in
       commit 835, which is post 3.1-pre1.
     * The recursor now does not allow authoritative servers to
       keep supplying its own NS records into perpetuity, which
       causes problems when a domain is redelegated but the old
       authorative servers are not updated to this effect. Noticed
       and explained at length by Darren Gamble of Shaw
       Communications, addressed by commit 837, which is post
       3.1-pre2.
     * Some operators may want to follow RFC 2181 paragraph 5.2
       and 5.4. This harms performance and does not solve any real
       problem, but does make PowerDNS more compliant. If you want
       this, enable auth-can-lower-ttl. Implemented in commit 838,
       which is post 3.1-pre2.
     __________________________________________________________

1.3.12. Recursor version 3.0.1

   Released 25th of April 2006, download.

   This release consists of nothing but tiny fixes to 3.0,
   including one with security implications. An upgrade is highly
   recommended.

     * Compilation used both cc and gcc, leading to the
       possibility of compiling with different compiler versions
       (commit 766).
     * rec_control would leave files named lsockXXXXXX around in
       the configured socket-dir. Operators may wish to remove
       these files from their socket-dir (often /var/run), quite a
       few might have accumulated already (commit 767).
     * Certain malformed packets could crash the recursor. As far
       as we can determine these packets could only lead to a
       crash, but as always, there are no guarantees. A quick
       upgrade is highly recommended (commits 760, 761). Reported
       by David Gavarret.
     * Recursor would not distinguish between NXDOMAIN and NXRRSET
       (commit 756). Reported and debugged by Jorn Ekkelenkamp.
     * Some error messages and trace logging statements were
       improved (commits 756, 758, 759).
     * stderr was closed during daemonizing, but not dupped to
       /dev/null, leading to slight chance of odd behaviour on
       reporting errors (commit 757)

   Operating system specific fixes:

     * The stock Debian sarge Linux kernel, 2.6.8, claims to
       support epoll but fails at runtime. The epoll self-testing
       code has been improved, and PowerDNS will fall back to a
       select based multiplexer if needed (commit 758) Reported by
       Michiel van Es.
     * Solaris 8 compilation and runtime issues were addressed.
       See the README for details (commit 765). Reported by
       Juergen Georgi and Kenneth Marshall.
     * Solaris 10 x86_64 compilation issues were addressed (commit
       755). Reported and debugged by Eric Sproul.
     __________________________________________________________

1.3.13. Recursor version 3.0

   Released 20th of April 2006, download.

   This is the first separate release of the PowerDNS Recursor.
   There are many reasons for this, one of the most important ones
   is that previously we could only do a release when both the
   recursor and the authoritative nameserver were fully tested and
   in good shape. The split allows us to release new versions when
   each part is ready.

   Now for the real news. This version of the PowerDNS recursor
   powers the network access of over two million internet
   connections. Two large access providers have been running
   pre-releases of 3.0 for the past few weeks and results are
   good. Furthermore, the various pre-releases have been tested
   nearly non-stop with DNS traffic replayed at 3000
   queries/second.

   As expected, the 2 million househoulds shook out some very rare
   bugs. But even a rare bug happens once in a while when there
   are this many users.

   We consider this version of the PowerDNS recursor to be the
   most advanced resolver publicly available. Given current levels
   of spam, phishing and other forms of internet crime we think no
   recursor should offer less than the best in spoofing
   protection. We urge all operators of resolvers without proper
   spoofing countermeasures to consider PowerDNS, as it is a
   Better Internet Nameserver Daemon.

   A good article on DNS spoofing can be found here. Some more
   information, based on a previous version of PowerDNS, can be
   found on the PowerDNS development blog.

 Warning

         Because of recent DNS based denial of service attacks, running
         an open recursor has become a security risk. Therefore, unless
         configured otherwise this version of PowerDNS will only listen
         on localhost, which means it does not resolve for hosts on your
         network. To fix, configure the local-address setting with all
         addresses you want to listen on. Additionally, by default
         service is restricted to RFC 1918 private IP addresses. Use
         allow-from to selectively open up the recursor for your own
         network. See Section 12.1 for details.

   Important new features of the PowerDNS recursor 3.0:

     * Best spoofing protection and detection we know of. Not only
       is spoofing made harder by using a new network address for
       each query, PowerDNS detects when an attempt is made to
       spoof it, and temporarily ignores the data. For details,
       see Section 12.4.1.
     * First nameserver to benefit from epoll/kqueue/Solaris
       completion ports event reporting framework, for stellar
       performance.
     * Best statistics of any recursing nameserver we know of, see
       Section 12.5.
     * Last-recently-used based cache cleanup algorithm, keeping
       the 'best' records in memory
     * First class Solaris support, built on a 'try and buy' Sun
       CoolThreads T 2000.
     * Full IPv6 support, implemented natively.
     * Access filtering, both for IPv4 and IPv6.
     * Experimental SMP support for nearly double performance. See
       Section 12.3.

   Many people helped package and test this release. Jorn
   Ekkelenkamp of ISP-Services helped find the '8000 SOAs' bug and
   spotted many other oddities and XS4ALL internet funded a lot of