]>
Commit | Line | Data |
---|---|---|
335359b4 | 1 | PowerDNS manual |
33ccb468 | 2 | |
3 | PowerDNS BV | |
4 | ||
335359b4 | 5 | <pdns.bd@powerdns.com> |
33ccb468 | 6 | |
335359b4 AG |
7 | It is a book about a Spanish guy called Manual. You shou |
8 | ld read it. | |
33ccb468 | 9 | -- Dilbert |
335359b4 | 10 | __________________________________________________________ |
33ccb468 | 11 | |
12 | Table of Contents | |
d16e0461 TP |
13 | 1. The PowerDNS dynamic nameserver |
14 | ||
335359b4 AG |
15 | 1.1. Function & design of PDNS |
16 | 1.2. About this document | |
17 | 1.3. Release notes | |
18 | ||
19 | 1.3.1. Authoritative Server version 2.9.22 | |
20 | 1.3.2. Authoritative Server version 2.9.21.2 | |
21 | 1.3.3. Authoritative Server version 2.9.21.1 | |
22 | 1.3.4. Recursor version 3.1.7 | |
23 | 1.3.5. Recursor version 3.1.6 | |
24 | 1.3.6. Recursor version 3.1.5 | |
25 | 1.3.7. PowerDNS Authoritative Server version 2.9.21 | |
26 | 1.3.8. Recursor version 3.1.4 | |
27 | 1.3.9. Recursor version 3.1.3 | |
28 | 1.3.10. Recursor version 3.1.2 | |
29 | 1.3.11. Recursor version 3.1.1 | |
30 | 1.3.12. Recursor version 3.0.1 | |
31 | 1.3.13. Recursor version 3.0 | |
32 | 1.3.14. Version 2.9.20 | |
33 | 1.3.15. Version 2.9.19 | |
34 | 1.3.16. Version 2.9.18 | |
35 | 1.3.17. Version 2.9.17 | |
36 | 1.3.18. Version 2.9.16 | |
37 | 1.3.19. Version 2.9.15 | |
38 | 1.3.20. Version 2.9.14 | |
39 | 1.3.21. Version 2.9.13 | |
40 | 1.3.22. Version 2.9.12 | |
41 | 1.3.23. Version 2.9.11 | |
42 | 1.3.24. Version 2.9.10 | |
43 | 1.3.25. Version 2.9.8 | |
44 | 1.3.26. Version 2.9.7 | |
45 | 1.3.27. Version 2.9.6 | |
46 | 1.3.28. Version 2.9.5 | |
47 | 1.3.29. Version 2.9.4 | |
48 | 1.3.30. Version 2.9.3a | |
49 | 1.3.31. Version 2.9.2 | |
50 | 1.3.32. Version 2.9.1 | |
51 | 1.3.33. Version 2.9 | |
52 | 1.3.34. Version 2.8 | |
53 | 1.3.35. Version 2.7 and 2.7.1 | |
54 | 1.3.36. Version 2.6.1 | |
55 | 1.3.37. Version 2.6 | |
56 | 1.3.38. Version 2.5.1 | |
57 | 1.3.39. Version 2.5 | |
58 | 1.3.40. Version 2.4 | |
59 | 1.3.41. Version 2.3 | |
60 | 1.3.42. Version 2.2 | |
61 | 1.3.43. Version 2.1 | |
62 | 1.3.44. Version 2.0.1 | |
63 | 1.3.45. Version 2.0 | |
64 | 1.3.46. Version 2.0 Release Candidate 2 | |
65 | 1.3.47. Version 2.0 Release Candidate 1 | |
66 | 1.3.48. Version 1.99.12 Prerelease | |
67 | 1.3.49. Version 1.99.11 Prerelease | |
68 | 1.3.50. Version 1.99.10 Prerelease | |
69 | 1.3.51. Version 1.99.9 Early Access Prerelease | |
70 | 1.3.52. Version 1.99.8 Early Access Prerelease | |
71 | 1.3.53. Version 1.99.7 Early Access Prerelease | |
72 | 1.3.54. Version 1.99.6 Early Access Prerelease | |
73 | 1.3.55. Version 1.99.5 Early Access Prerelease | |
74 | 1.3.56. Version 1.99.4 Early Access Prerelease | |
75 | 1.3.57. Version 1.99.3 Early Access Prerelease | |
76 | 1.3.58. Version 1.99.2 Early Access Prerelease | |
77 | 1.3.59. Version 1.99.1 Early Access Prerelease | |
78 | ||
79 | 1.4. Security | |
80 | 1.5. PowerDNS Security Advisory 2006-01: Malformed TCP | |
81 | queries can lead to a buffer overflow which might | |
82 | be exploitable | |
83 | ||
84 | 1.6. PowerDNS Security Advisory 2006-02: Zero second CNAME | |
85 | TTLs can make PowerDNS exhaust allocated stack | |
86 | space, and crash | |
87 | ||
88 | 1.7. PowerDNS Security Advisory 2008-01: System random | |
89 | generator can be predicted, leading to the | |
90 | potential to 'spoof' PowerDNS Recursor | |
91 | ||
92 | 1.8. PowerDNS Security Advisory 2008-02: By not responding | |
93 | to certain queries, domains become easier to spoof | |
94 | ||
95 | 1.9. PowerDNS Security Advisory 2008-02: Some PowerDNS | |
96 | Configurations can be forced to restart remotely | |
97 | ||
98 | 1.10. Acknowledgements | |
d16e0461 | 99 | |
335359b4 | 100 | 2. Installing on Unix |
d16e0461 | 101 | |
335359b4 AG |
102 | 2.1. Possible problems at this point |
103 | 2.2. Testing your install | |
d16e0461 | 104 | |
335359b4 | 105 | 2.2.1. Typical errors |
d16e0461 | 106 | |
335359b4 | 107 | 2.3. Running PDNS on unix |
d16e0461 | 108 | |
335359b4 | 109 | 3. Installing on Microsoft Windows |
d16e0461 | 110 | |
335359b4 AG |
111 | 3.1. Configuring PDNS on Microsoft Windows |
112 | 3.2. Running PDNS on Microsoft Windows | |
d16e0461 | 113 | |
335359b4 | 114 | 4. Basic setup: configuring database connectivity |
d16e0461 | 115 | |
335359b4 | 116 | 4.1. Example: configuring MySQL |
d16e0461 | 117 | |
335359b4 | 118 | 4.1.1. Common problems |
d16e0461 | 119 | |
335359b4 | 120 | 5. Dynamic resolution using the PipeBackend |
d16e0461 | 121 | |
335359b4 | 122 | 5.1. Deploying the PipeBackend with the BindBackend |
d16e0461 | 123 | |
335359b4 | 124 | 6. Logging & Monitoring Authoritative Server performance |
d16e0461 | 125 | |
335359b4 AG |
126 | 6.1. Webserver |
127 | 6.2. Via init.d commands | |
128 | 6.3. Operational logging using syslog | |
d16e0461 | 129 | |
335359b4 | 130 | 7. Security settings & considerations |
d16e0461 | 131 | |
335359b4 | 132 | 7.1. Settings |
d16e0461 | 133 | |
335359b4 AG |
134 | 7.1.1. Running as a less privileged identity |
135 | 7.1.2. Jailing the process in a chroot | |
d16e0461 | 136 | |
335359b4 | 137 | 7.2. Considerations |
d16e0461 | 138 | |
335359b4 AG |
139 | 8. Virtual hosting |
140 | 9. Performance | |
d16e0461 | 141 | |
335359b4 AG |
142 | 9.1. General advice |
143 | 9.2. Native Posix Thread Library vs LinuxThreads | |
144 | 9.3. Performance related settings | |
d16e0461 | 145 | |
335359b4 AG |
146 | 9.3.1. Packet Cache |
147 | 9.3.2. Query Cache | |
d16e0461 | 148 | |
335359b4 | 149 | 10. Migrating to PDNS |
d16e0461 | 150 | |
335359b4 | 151 | 10.1. Zone2sql |
d16e0461 | 152 | |
335359b4 | 153 | 11. Recursion |
d16e0461 | 154 | |
335359b4 | 155 | 11.1. Details |
d16e0461 | 156 | |
335359b4 | 157 | 12. PowerDNS resolver/recursing nameserver |
d16e0461 | 158 | |
335359b4 AG |
159 | 12.1. pdns_recursor settings |
160 | 12.2. Controlling and querying the recursor | |
161 | 12.3. PowerDNS Recursor performance | |
162 | 12.4. Details | |
d16e0461 | 163 | |
335359b4 AG |
164 | 12.4.1. Anti-spoofing |
165 | 12.4.2. Throttling | |
d16e0461 | 166 | |
335359b4 AG |
167 | 12.5. Statistics |
168 | 12.6. Scripting | |
d16e0461 | 169 | |
335359b4 AG |
170 | 12.6.1. Configuring Lua scripts |
171 | 12.6.2. Writing Lua PowerDNS Recursor scripts | |
d16e0461 | 172 | |
335359b4 | 173 | 12.7. Design and Engineering of the PowerDNS Recursor |
d16e0461 | 174 | |
335359b4 AG |
175 | 12.7.1. The PowerDNS Recursor |
176 | 12.7.2. Synchronous code using MTasker | |
177 | 12.7.3. MPlexer | |
178 | 12.7.4. MOADNSParser | |
179 | 12.7.5. The C++ Standard Library / Boost | |
180 | 12.7.6. Actual DNS Algorithm | |
181 | 12.7.7. The non-cached case | |
182 | 12.7.8. Some of the things we glossed over | |
183 | 12.7.9. The Recursor Cache | |
184 | 12.7.10. Some small things | |
d16e0461 | 185 | |
335359b4 | 186 | 13. Master/Slave operation & replication |
d16e0461 | 187 | |
335359b4 AG |
188 | 13.1. Native replication |
189 | 13.2. Slave operation | |
d16e0461 | 190 | |
335359b4 | 191 | 13.2.1. Supermaster automatic provisioning of slaves |
d16e0461 | 192 | |
335359b4 | 193 | 13.3. Master operation |
d16e0461 | 194 | |
335359b4 AG |
195 | 14. Fancy records for seamless email and URL integration |
196 | 15. Index of all Authoritative Server settings | |
197 | 16. Index of all Authoritative Server metrics | |
d16e0461 | 198 | |
335359b4 | 199 | 16.1. Counters & variables |
d16e0461 | 200 | |
335359b4 AG |
201 | 16.1.1. Counters |
202 | 16.1.2. Ring buffers | |
d16e0461 | 203 | |
335359b4 AG |
204 | 17. Supported record types and their storage |
205 | 18. HOWTO & Frequently Asked Questions | |
d16e0461 | 206 | |
335359b4 AG |
207 | 18.1. Getting support, free and paid FAQ |
208 | 18.2. Using and Compiling PowerDNS FAQ | |
209 | 18.3. Backend developer HOWTO | |
210 | 18.4. About PowerDNS.COM BV, 'the company' | |
d16e0461 | 211 | |
335359b4 | 212 | 19. Other tools included with PowerDNS |
fc2fb8ea | 213 | |
335359b4 | 214 | 19.1. Notification proxy (nproxy) |
fc2fb8ea | 215 | |
335359b4 AG |
216 | 20. Tools to analyse DNS traffic |
217 | A. Backends in detail | |
fc2fb8ea | 218 | |
335359b4 | 219 | A.1. PipeBackend |
d16e0461 | 220 | |
335359b4 | 221 | A.1.1. PipeBackend protocol |
d16e0461 | 222 | |
335359b4 | 223 | A.2. MySQL backend |
d16e0461 | 224 | |
335359b4 AG |
225 | A.2.1. Configuration settings |
226 | A.2.2. Notes | |
d16e0461 | 227 | |
335359b4 AG |
228 | A.3. Random Backend |
229 | A.4. MySQL PDNS backend | |
d16e0461 | 230 | |
335359b4 | 231 | A.4.1. Notes |
d16e0461 | 232 | |
335359b4 | 233 | A.5. Generic MySQL and PgSQL backends |
d16e0461 | 234 | |
335359b4 AG |
235 | A.5.1. MySQL specifics |
236 | A.5.2. PostgresSQL specifics | |
237 | A.5.3. Oracle specifics | |
238 | A.5.4. Basic functionality | |
239 | A.5.5. Master/slave queries | |
240 | A.5.6. Fancy records | |
241 | A.5.7. Settings and specifying queries | |
242 | A.5.8. Native operation | |
243 | A.5.9. Slave operation | |
244 | A.5.10. Superslave operation | |
245 | A.5.11. Master operation | |
d16e0461 | 246 | |
335359b4 | 247 | A.6. Oracle backend |
d16e0461 | 248 | |
335359b4 | 249 | A.6.1. Setting up Oracle for use with PowerDNS |
d16e0461 | 250 | |
335359b4 | 251 | A.7. Generic SQLite backend (2 and 3) |
d16e0461 | 252 | |
335359b4 AG |
253 | A.7.1. Compiling the SQLite backend |
254 | A.7.2. Setting up the database | |
255 | A.7.3. Using the SQLite backend | |
d16e0461 | 256 | |
335359b4 AG |
257 | A.8. DB2 backend |
258 | A.9. Bind zone file backend | |
d16e0461 | 259 | |
335359b4 AG |
260 | A.9.1. Operation |
261 | A.9.2. Pdns_control commands | |
262 | A.9.3. Performance | |
263 | A.9.4. Master/slave configuration | |
264 | A.9.5. Commands | |
d16e0461 | 265 | |
335359b4 AG |
266 | A.10. ODBC backend |
267 | A.11. XDB Backend | |
268 | A.12. LDAP backend | |
269 | A.13. OpenDBX backend | |
270 | A.14. Geo backend | |
d16e0461 | 271 | |
335359b4 | 272 | B. PDNS internals |
d16e0461 | 273 | |
335359b4 | 274 | B.1. Controlsocket |
d16e0461 | 275 | |
335359b4 | 276 | B.1.1. pdns_control |
d16e0461 | 277 | |
335359b4 AG |
278 | B.2. Guardian |
279 | B.3. Modules & Backends | |
280 | B.4. How PDNS translates DNS queries into backend queries | |
d16e0461 | 281 | |
335359b4 | 282 | C. Backend writers' guide |
d16e0461 | 283 | |
335359b4 | 284 | C.1. Simple read-only native backends |
d16e0461 | 285 | |
335359b4 AG |
286 | C.1.1. A sample minimal backend |
287 | C.1.2. Interface definition | |
d16e0461 | 288 | |
335359b4 AG |
289 | C.2. Reporting errors |
290 | C.3. Declaring and reading configuration details | |
291 | C.4. Read/write slave-capable backends | |
d16e0461 | 292 | |
335359b4 | 293 | C.4.1. Supermaster/Superslave capability |
d16e0461 | 294 | |
335359b4 | 295 | C.5. Read/write master-capable backends |
d16e0461 | 296 | |
335359b4 | 297 | D. Compiling PowerDNS |
d16e0461 | 298 | |
335359b4 | 299 | D.1. Compiling PowerDNS on Unix |
d16e0461 | 300 | |
335359b4 AG |
301 | D.1.1. AIX |
302 | D.1.2. FreeBSD | |
303 | D.1.3. Linux | |
304 | D.1.4. MacOS X | |
305 | D.1.5. OpenBSD | |
306 | D.1.6. Solaris | |
d16e0461 | 307 | |
335359b4 | 308 | D.2. Compiling PowerDNS on Windows |
d16e0461 | 309 | |
335359b4 AG |
310 | D.2.1. Assumptions |
311 | D.2.2. Prequisites | |
312 | D.2.3. Nullsoft Installer | |
313 | D.2.4. Setting up the build-environment | |
314 | D.2.5. Compilation | |
315 | D.2.6. Miscellaneous | |
d16e0461 | 316 | |
335359b4 AG |
317 | E. PowerDNS license (GNU General Public License version 2) |
318 | F. Further copyright statements | |
d16e0461 | 319 | |
335359b4 | 320 | F.1. AES implementation by Brian Gladman |
d16e0461 | 321 | |
335359b4 AG |
322 | List of Tables |
323 | 1-1. PowerDNS Security Advisory | |
324 | 1-2. PowerDNS Security Advisory | |
325 | 1-3. PowerDNS Security Advisory | |
326 | 1-4. PowerDNS Security Advisory | |
327 | 1-5. PowerDNS Security Advisory | |
328 | 17-1. SOA fields | |
329 | A-1. PipeBackend capabilities | |
330 | A-2. MySQL backend capabilities | |
331 | A-3. Random Backend capabilities | |
332 | A-4. MySQL backend capabilities | |
333 | A-5. Generic PgSQL and MySQL backend capabilities | |
334 | A-6. Oracle backend capabilities | |
335 | A-7. Generic SQLite backend capabilities | |
336 | A-8. DB2 backend capabilities | |
337 | A-9. Bind zone file backend capabilities | |
338 | A-10. ODBC backend capabilities | |
339 | A-11. LDAP backend capabilities | |
340 | A-12. OpenDBX backend capabilities | |
341 | A-13. Geo backend capabilities | |
342 | C-1. DNSResourceRecord class | |
343 | C-2. SOAData struct | |
344 | C-3. DomainInfo struct | |
345 | __________________________________________________________ | |
d16e0461 | 346 | |
335359b4 | 347 | Chapter 1. The PowerDNS dynamic nameserver |
d16e0461 | 348 | |
335359b4 AG |
349 | The PowerDNS daemon is a versatile nameserver which supports a |
350 | large number of backends. These backends can either be plain | |
351 | zonefiles or be more dynamic in nature. Additionally, through | |
352 | use of clever programming techniques, PowerDNS offers very high | |
353 | domain resolution performance. | |
d16e0461 | 354 | |
335359b4 AG |
355 | Prime examples of backends include relational databases, but |
356 | also (geographical) loadbalancing and failover algorithms. | |
d16e0461 | 357 | |
335359b4 AG |
358 | The company is called PowerDNS.COM BV, the nameserver daemon is |
359 | called PDNS. | |
360 | __________________________________________________________ | |
d16e0461 | 361 | |
335359b4 | 362 | 1.1. Function & design of PDNS |
d16e0461 | 363 | |
335359b4 AG |
364 | PowerDNS consists of two parts: the Authoritative Server and |
365 | the Recursor. Other nameservers fully combine these functions, | |
366 | PowerDNS offers them separately, but can mix both authoritative | |
367 | and recursive usage seamlessly. The Authoritative Server will | |
368 | answer questions about domains it knows about, but will not go | |
369 | out on the net to resolve queries about other domains. However, | |
370 | it can use a recursing backend to provide that functionality. | |
371 | Depending on your needs, this backend can either be the | |
372 | PowerDNS recursor or an external one. | |
373 | ||
374 | When the Authoritative Server answers a question, it comes out | |
375 | of the database, and can be trusted as being authoritative. | |
376 | There is no way to pollute the cache or to confuse the daemon. | |
377 | ||
378 | The Recursor, conversely, by default has no knowledge of | |
379 | domains itself, but will always consult other authoritative | |
380 | servers to answer questions given to it. | |
381 | ||
382 | PDNS has been designed to serve both the needs of small | |
383 | installations by being easy to setup, as well as for serving | |
384 | very large query volumes on large numbers of domains. | |
385 | ||
386 | Another prime goal is security. By the use of language | |
387 | features, the PDNS source code is very small (in the order of | |
388 | 10.000 lines) which makes auditing easy. In the same way, | |
389 | library features have been used to mitigate the risks of buffer | |
390 | overflows. | |
391 | ||
392 | Finally, PDNS is able to give a lot of statistics on its | |
393 | operation which is both helpful in determining the scalability | |
394 | of an installation as well as for spotting problems. | |
395 | __________________________________________________________ | |
d16e0461 | 396 | |
335359b4 | 397 | 1.2. About this document |
d16e0461 | 398 | |
335359b4 AG |
399 | If you are reading this document from disk, you may want to |
400 | check http://doc.powerdns.com for updates. The PDF version is | |
401 | available on http://doc.powerdns.com/pdf, a text file is on | |
402 | http://doc.powerdns.com/txt/. | |
403 | __________________________________________________________ | |
d16e0461 | 404 | |
335359b4 | 405 | 1.3. Release notes |
33ccb468 | 406 | |
335359b4 AG |
407 | Before proceeding, it is advised to check the release notes for |
408 | your PDNS version, as specified in the name of the distribution | |
409 | file. | |
33ccb468 | 410 | |
335359b4 AG |
411 | Beyond PowerDNS 2.9.20, the Authoritative Server and Recursor |
412 | are released separately. | |
413 | __________________________________________________________ | |
33ccb468 | 414 | |
335359b4 | 415 | 1.3.1. Authoritative Server version 2.9.22 |
33ccb468 | 416 | |
335359b4 | 417 | Warning |
33ccb468 | 418 | |
335359b4 | 419 | Released on the 27th of January 2009. |
33ccb468 | 420 | |
335359b4 AG |
421 | This is a huge release, spanning almost 20 months of |
422 | development. Besides fixing a lot of bugs, of note is the | |
423 | addition of the so called 'Notification Proxy', which allows | |
424 | PowerDNS to function as a master server behind a firewall, plus | |
425 | the huge performance improvement of the internal caches. | |
33ccb468 | 426 | |
335359b4 AG |
427 | This work has been made possible by UPC Broadband and Directi, |
428 | respectively. | |
33ccb468 | 429 | |
335359b4 AG |
430 | Finally, the release candidates of this version have been |
431 | tested & improved by Jorn Ekkelenkamp, Ton van Rosmalen, Jeff | |
432 | Sipek, Tyler Hall, Christof Meerwald and Stefan Schmidt. | |
33ccb468 | 433 | |
335359b4 | 434 | Fixed between rc1 and rc2, but not an issue in 2.9.21. |
33ccb468 | 435 | |
335359b4 AG |
436 | * pdns_control ccounts again outputs proper cache statistics. |
437 | Implemented in commit 1304. | |
438 | * Negative query caching was reinstated, leading to 6 times | |
439 | fewer backend queries than rc1 on the Express.powerdns.com | |
440 | servers. | |
441 | * Packetcache no longer needlessly parses outgoing packets | |
442 | before sending them. | |
443 | * Fancy records work again. This work has been sponsored by | |
444 | ISP Services. Implemented in commit 1302 and commit 1299. | |
33ccb468 | 445 | |
335359b4 | 446 | New features: |
33ccb468 | 447 | |
335359b4 AG |
448 | * pdns_control can now also work over TCP/IP. Sponsored by |
449 | Directi. Commits 1246, 1251, 1254, 1255. | |
450 | * Implemented a notification proxy, see Section 19.1. This | |
451 | work was sponsored by UPC Broadband. Implemented in commits | |
452 | 1075, 1077, 1082, 1083, 1085 and 1086. | |
453 | * IXFR queries are now supported in the sense that we treat | |
454 | them as AXFR queries, silencing warnings in other | |
455 | nameservers. Suggested in ticket 131. | |
456 | * The PIPE backend has been extended by David Apgar to allow | |
457 | the reporting of errors using the 'FAIL' command, plus | |
458 | support for responses with whitespace. Implemented in | |
459 | commit 1114. | |
460 | * PowerDNS Authoritative server now parses incoming EDNS | |
461 | options, like maximum allowed packet size. Implemented in | |
462 | commit 1123 and commit 1281. | |
463 | * Added support for DHCID, IPSECKEY and KX records, thanks | |
464 | Norbert Sendetzky for the hint. Implemented in commit 1144. | |
465 | * Norbert Sendetzky has has added support for all record | |
466 | types supported by PowerDNS to the LDAPBackend. | |
467 | Furthermore, the detection of OpenLDAP in autoconf has been | |
468 | improved. Finally, debian has supplied some fixes to | |
469 | PowerLDAP. Implemented in commit 1152 and commit 1153. | |
470 | * Implemented EDNS NSID option for retrieving the nameserver | |
471 | ID out of band. Defaults to hostname, can be specified | |
472 | using the server-id setting. Code in commit 1232. | |
473 | * Implemented experimental EDNS PING for enhanced forgery | |
474 | resilience. Code in commit 1232. | |
33ccb468 | 475 | |
335359b4 | 476 | Performance: |
33ccb468 | 477 | |
335359b4 AG |
478 | * Improve packet generation performance, in some cases by |
479 | 25%. Code in 1258, 1259. | |
480 | * Improved access list checking performance. commit 1261. | |
481 | * PowerDNS Authoritative caches were completely redone, and | |
482 | are now based on the same cache that is in the resolver. | |
483 | This work has been sponsored by Directi. In large | |
484 | benchmarks, PowerDNS performance has improved by an order | |
485 | of magnitude or more. This new version allows for | |
486 | near-instantaneous cache purging, plus very rapid purging | |
487 | based on suffix. Purge commands can also be batched. This | |
488 | work is partially based on an innovative reverse-string | |
489 | comparison function authored by Aki Tuomi. | |
490 | * Installations which run with very high cache hitrates can | |
491 | now benefit from multiple CPUs by setting receiver-threads | |
492 | to the number of desired CPUs to utilize in cache | |
493 | operations. Implemented in commit 1316. | |
494 | * BIND backend speedups in commit 1108, measured at around a | |
495 | 20% improvement, possibly more on very large setups. | |
33ccb468 | 496 | |
335359b4 | 497 | Bugs fixed: |
33ccb468 | 498 | |
335359b4 AG |
499 | * Tyler Hall discovered the PowerDNS configuration file |
500 | parser had problems with trailing tabs. This turned out to | |
501 | be a wider problem in PowerDNS. Buggy code replaced by a | |
502 | library call in commit 1237 and commit 1240. | |
503 | * David Apgar of Yahoo discovered that our 'guardian' method | |
504 | of restarting PowerDNS in case of problems was not fool | |
505 | proof, and submitted a fix. A variation of this fix can be | |
506 | found in commit 1323. Also reported by Directi. | |
507 | * Connection reset by peer events in the TCP nameserver no | |
508 | longer lead to the cycling of database connections. Code in | |
509 | commit 1241. | |
510 | * FreeBSD compilation with Generic PostgreSQL backend was | |
511 | fixed. Reported by Wouter de Jong of WideXS, fixed in | |
512 | commit 1305, closes ticket 95. | |
513 | * Webserver no longer prints '1e2%'. Finally closes ticket | |
514 | 26. Much friendly nagging for over 3 years by Jeff Sipek, | |
515 | code in commit 1303. | |
516 | * PowerDNS used to ignore certain queries it could not | |
517 | answer. These queries are no longer ignored, but get a | |
518 | SERVFAIL response. Implemented in commit 1239. | |
519 | * Fix subtle CNAME and wildcard interactions reported by | |
520 | 'zzyzz', implemented in commit 1147. | |
521 | * The generic backends did not honour the default-ttl | |
522 | setting. Spotted and implemented by Matti Hiljanen. | |
523 | * Matti Hiljanen discovered that the OpenDBX backend did not | |
524 | fill out the SOA ttl value properly. Matti also improved | |
525 | the SQL statements for better compatibility. Implemented in | |
526 | commit 1181. | |
527 | * Treat invalid WWW requests better. Spotted by Maikel | |
528 | Verheijen, implemented in commit 1092. | |
529 | * Documentation errors and typos, spotted by Marco Davids | |
530 | (commit 1097) and Rejo Zengers (commit 1119) | |
531 | * Properly fill out the 'recursion available'-flag. Spotted | |
532 | by Augie Schwer in ticket 167. | |
533 | * Several memory leaks on bad data in the database or other | |
534 | errors have been fixed. Addressed in 1078 and 1079. | |
535 | * In contravention to the documentation, the domain type as | |
536 | specified in the database ('MASTER', 'SLAVE' or 'NATIVE') | |
537 | was interpreted case sensitively. 1084. | |
538 | * BIND backend could crash on processing information about | |
539 | slave zones to be checked. Spotted by Stefan Schmidt, fixed | |
540 | in 1089. | |
541 | * Jelte Jansen of Stichting NLNetLabs discovered PowerDNS in | |
542 | BIND mode couldn't operate as a root-server! Fixed in 1057. | |
543 | * 'DPS' discovered there was a rare opportunity for PowerDNS | |
544 | to lock up waiting for new data. Addressed in 1076. | |
545 | * Make singlethreaded mode more resilient against errors. | |
546 | commit 1272. | |
547 | * DNSSEC records were part of 2.9.21, but were not actually | |
548 | hooked up. Please note that while PowerDNS can serve most | |
549 | DNSSEC records, it does not do DNSSEC processing. | |
550 | Implemented in 1046. | |
551 | * Shawn Starr migrated all his domains to PowerDNS in one | |
552 | evening, from an installation that had been used since | |
553 | BIND4. In doing so, he found 3 bugs in as many hours. An IN | |
554 | statement in the BIND named.conf with a zone with a | |
555 | trailing dot was misparsed, fixed in commit 1233. Secondly, | |
556 | the zonefile parser tripped over a line consisting of | |
557 | nothing but comments in the wrong place. Finally '$ORIGIN | |
558 | .' was misparsed. Last two issues fixed in commit 1234. | |
559 | * Our statistics counters did not wrap correctly after the | |
560 | 2.15 billion mark. Spotted by Stefan Schmidt, reported in | |
561 | ticket 179, fixed in commit 1284. | |
562 | * Bindbackend could sometimes generate very strange error | |
563 | messages while processing a malformed zone file. Sometimes | |
564 | such error messages could cause a crash (reported on | |
565 | HP-UX). Addressed by commit 1279. This could not be | |
566 | triggered remotely. Closes ticket ticket 203. | |
567 | * Pipe backend did not clean up killed coprocesses. Found and | |
568 | fixed by Daniel Drown | |
569 | * Installations with tens of thousands of slave domains would | |
570 | never complete the cycle to check the freshness of all | |
571 | zones as each incoming notification disrupted this cycle. | |
572 | Addressed in cooperation with Tyler Hall of EditDNS. | |
33ccb468 | 573 | |
335359b4 | 574 | Improvements: |
33ccb468 | 575 | |
335359b4 AG |
576 | * Zoneparser improvements mean $TTL and $INCLUDES now work a |
577 | lot better. Implemented in 1056, 1062. | |
578 | * No longer report temporary recvfrom errors, which used to | |
579 | spam the log on many systems. Addressed in commit 1320. | |
580 | * Direct queries for 'fancy records' would lead to errors, | |
581 | such queries now fail early. Spotted by Jorn Ekkelenkamp, | |
582 | implemented in 1051. | |
583 | * Fix typo in geobackend, closing ticket 157, implemented in | |
584 | 1090. | |
585 | * Initial work on TSIG support - not done yet. Spurred on by | |
586 | Marco Davids. | |
587 | * Embarrassingly, the 'master' configuration setting was not | |
588 | documented in the list of all settings! | |
589 | * Norbert has updated OpenDBX so that SQLite reads and writes | |
590 | no longer deadlock, plus compliation fixes on Solaris, plus | |
591 | the addition of autoserials to backends that support | |
592 | triggers. Implemented in commit 1154. | |
593 | * Random generator is now based on AES, improving the | |
594 | security of certain proxy operations. This is the same | |
595 | random generator that is in the recursor. Implemented in | |
596 | commit 1256. | |
597 | * Documentation for 'supermaster' mode was improved due to | |
598 | popular demand. | |
599 | * When binding to a UDP port failed, supply a more precise | |
600 | error message (commit 1245) | |
601 | * The zoneparser error messages were vastly improved, | |
602 | partially inspired by Shawn's cowboy migration. Code in | |
603 | commit 1235. | |
604 | * Labels are compressed more efficiently | |
605 | (case-insensitively), leading to smaller packets. | |
606 | Implemented in commit 1156. | |
607 | * Fix handling of TCP timeouts to not cause a reload of the | |
608 | backends. Implemented in commit 1092. | |
609 | * TCP Receiver no longer spams the log with common network | |
610 | errors. Implemented in commit 1306. | |
611 | * Move from select() to poll()-based multiplexing, allowing | |
612 | PowerDNS to listen on more than 1024 sockets | |
613 | simultaneously. One big PowerDNS user needs this. | |
614 | Implemented in 1072. | |
615 | * Zone2sql now reads source files in performance enhancing | |
616 | inode order. Additionally, zone2sql no longer dies on a | |
617 | missing zone file if --on-error-resume-next was specified. | |
618 | Finally, statistics of zone2sql conversion have been | |
619 | improved. Implemented in 1055. | |
620 | * Address issues found by more recent g++ versions. Spotted | |
621 | and/or fixed by Jorn Ekkelenkamp (commit 1051), Marcus | |
622 | Rueckert (commit 1094), Norbert Sendetzky (commit 1107), | |
623 | Serge Belyshev (commit 1171). | |
624 | * The Intel C Compiler implements certain things differently, | |
625 | causing the master/slave communicator to malfunction. | |
626 | Spotted by Marcus Rueckert, implemented in 1052, plus | |
627 | fallout in 1105. | |
628 | * PowerDNS can now be compiled with Boost 1.37.0. | |
629 | * Andre Lorbach of Adiscon discovered the microsoft windows | |
630 | 2003 nameserver adds out of zone data to zonetransfers, | |
631 | which we need to ignore, instead of rejecting the entire | |
632 | zone. Implemented in 1048. | |
633 | * PowerDNS now skips remote master servers which consistently | |
634 | generate timeout messages, improving the master checking | |
635 | cycle time tremendously. Developed in cooperation with | |
636 | Tyler Hall. Implemented in commit 1278. | |
637 | * When binding to a UDP port failed, supply a more precise | |
638 | error message (commit 1245) | |
639 | * dnsreplay now waits for the final answers to arrive, making | |
640 | it possible to process even small pcap files and get | |
641 | meaningful statistics. commit 1268. | |
642 | * dnsreplay has a more sane default timeout now, which can be | |
643 | configured too. Suggested by Augie Schwer in ticket 163, | |
644 | implemented in commit 1287. | |
645 | __________________________________________________________ | |
646 | ||
647 | 1.3.2. Authoritative Server version 2.9.21.2 | |
648 | ||
649 | Released on the 18th of November 2008. | |
650 | ||
651 | This release consists of a single patch to PowerDNS | |
652 | Authoritative Server version 2.9.21.1. In some configurations, | |
653 | notably with configuration option 'distributor-threads=1', the | |
654 | PowerDNS Authoritative Server crashes easily in some error | |
655 | conditions. | |
656 | ||
657 | All users are urged to upgrade. Even though PowerDNS restarts | |
658 | itself on encountering such error conditions, and even though | |
659 | most PowerDNS configurations do not run in single threaded | |
660 | mode, an upgrade is recommended. | |
661 | ||
662 | More detail can be found in Section 1.9. | |
663 | __________________________________________________________ | |
664 | ||
665 | 1.3.3. Authoritative Server version 2.9.21.1 | |
666 | ||
667 | Released on the 6th of August 2008. | |
668 | ||
669 | This release consists of a single patch to PowerDNS | |
670 | Authoritative Server version 2.9.21. Brian J. Dowling of | |
671 | Simplicity Communications has discovered a security implication | |
672 | of the previous PowerDNS behaviour to drop queries it considers | |
673 | malformed. We are grateful that Brian notified us quickly about | |
674 | this problem. | |
675 | ||
676 | This issue has been assigned CVE-2008-3337. The single patch is | |
677 | in commit 1239. More detail can be found in Section 1.8. | |
678 | ||
679 | The implication is that while the PowerDNS Authoritative server | |
680 | itself does not face a security risk because of dropping these | |
681 | malformed queries, other resolving nameservers run a higher | |
682 | risk of accepting spoofed answers for domains being hosted by | |
683 | PowerDNS Authoritative Servers before 2.9.21.1. | |
684 | ||
685 | While the dropping of queries does not aid sophisticated | |
686 | spoofing attempts, it does facilitate simpler attacks. | |
687 | ||
688 | It may be good to know that several large sites already run | |
689 | with this patch applied, as it has been in the public codebase | |
690 | for some weeks already. | |
691 | __________________________________________________________ | |
692 | ||
693 | 1.3.4. Recursor version 3.1.7 | |
694 | ||
695 | Released the 25th of June 2008. | |
696 | ||
697 | This version contains powerful scripting abilities, allowing | |
698 | operators to modify DNS responses in many interesting ways. | |
699 | Among other things, these abilities can be used to filter out | |
700 | malware domains, to perform load balancing, to comply with | |
701 | legal and other requirements and finally, to implement | |
702 | 'NXDOMAIN' redirection. | |
703 | ||
704 | It is hoped that the addition of Lua scripting will enable | |
705 | responsible DNS modification for those that need it. | |
706 | ||
707 | For more details about the Lua scripting, which can be | |
708 | modified, loaded and unloaded at runtime, see Section 12.6. | |
709 | Many thanks are due to the #lua irc channel, for excellent | |
710 | near-realtime Lua support. In addition, a number of PowerDNS | |
711 | users have been enthousiastically testing prereleases of the | |
712 | scripting support, and have found and solved many issues. | |
713 | ||
714 | In addition, 3.1.7 fixes a number of bugs: | |
715 | ||
716 | * In 3.1.5 and 3.1.6, an authoritative server could continue | |
717 | to renew its authority, even though a domain had been | |
718 | delegated to other servers in the meantime. | |
719 | In the rare cases where this happened, and the old servers | |
720 | were not shut down, the observed effect is that users were | |
721 | fed outdated data. | |
722 | Bug spotted and analysed by Darren Gamble, fix in commit | |
723 | 1182 and commit 1183. | |
724 | * Thanks to long time PowerDNS contributor Stefan Arentz, for | |
725 | the first time, Mac OS X 10.5 users can compile and run the | |
726 | PowerDNS Recursor! Patch in commit 1185. | |
727 | * Sten Spans spotted that for outgoing TCP/IP queries, the | |
728 | query-local-address setting was not honored. Fixed in | |
729 | commit 1190. | |
730 | * rec_control wipe-cache now also wipes domains from the | |
731 | negative cache, hurrying up the expiry of negatively cached | |
732 | records. Suggested by Simon Kirby, implemented in commit | |
733 | 1204. | |
734 | * When a forwarder server is configured for a domain, using | |
735 | the forward-zones setting, this server IP address was | |
736 | filtered using the dont-query setting, which is generally | |
737 | not what is desired: the server to which queries are | |
738 | forwarded will often live in private IP space, and the | |
739 | operator should be trusted to know what he is doing. | |
740 | Reported and argued by Simon Kirby, fix in commit 1211. | |
741 | * Marcus Rueckert of OpenSUSE reported that very recent gcc | |
742 | versions emitted a (correct) warning on an overly | |
743 | complicated line in syncres.cc, fixed in commit 1189. | |
744 | * Stefan Schmidt discovered that the netmask matching code, | |
745 | used by the new Lua scripts, but also by all other parts of | |
746 | PowerDNS, had problems with explicit '/32' matches. Fixed | |
747 | in commit 1205. | |
748 | __________________________________________________________ | |
749 | ||
750 | 1.3.5. Recursor version 3.1.6 | |
751 | ||
752 | Released on the 1st of May 2008. | |
753 | ||
754 | This version fixes two important problems, each on its own | |
755 | important enough to justify a quick upgrade. | |
756 | ||
757 | * Version 3.1.5 had problems resolving several slightly | |
758 | misconfigured domains, including for a time 'juniper.net'. | |
759 | Nameserver timeouts were not being processed correctly, | |
760 | leading PowerDNS to not update the internal clock, which in | |
761 | turn meant that any queries immediately following an error | |
762 | would time out as well. Because of retries, this would | |
763 | usually not be a problem except on very busy servers, for | |
764 | domains with different nameservers at different levels of | |
765 | the DNS-hierarchy, like 'juniper.net'. | |
766 | This issue was fixed rapidly because of the help of XS4ALL | |
767 | (Eric Veldhuyzen, Kai Storbeck), Brad Dameron and Kees | |
768 | Monshouwer. Fix in commit 1178. | |
769 | * The new high-quality random generator was not used for all | |
770 | random numbers, especially in source port selection. This | |
771 | means that 3.1.5 is still a lot more secure than 3.1.4 was, | |
772 | and its algorithms more secure than most other nameservers, | |
773 | but it also means 3.1.5 is not as secure as it could be. A | |
774 | quick upgrade is recommended. Discovered by Thomas Biege of | |
775 | Novell (SUSE), fixed in commit 1179. | |
776 | __________________________________________________________ | |
777 | ||
778 | 1.3.6. Recursor version 3.1.5 | |
779 | ||
780 | Released on the 31st of March 2008. | |
781 | ||
782 | Much like 3.1.4, this release does not add a lot of major | |
783 | features. Instead, performance has been improved significantly | |
784 | (estimated at around 20%), and many rare and not so rare issues | |
785 | were addressed. Multi-part TXT records now work as expected - | |
786 | the only significant functional bug found in 15 months. One of | |
787 | the oldest feature requests was fulfilled: version 3.1.5 can | |
788 | finally forward queries for designated domains to multiple | |
789 | servers, on differing port numbers if needed. Previously only | |
790 | one forwarder address was supported. This lack held back a | |
791 | number of migrations to PowerDNS. | |
792 | ||
793 | We would like to thank Amit Klein of Trusteer for bringing a | |
794 | serious vulnerability to our attention which would enable a | |
795 | smart attacker to 'spoof' previous versions of the PowerDNS | |
796 | Recursor into accepting possibly mallicious data. | |
797 | ||
798 | Details can be found on this Trusteer page. | |
799 | ||
800 | It is recommended that all users of the PowerDNS Recursor | |
801 | upgrade to 3.1.5 as soon as practicable, while we | |
802 | simultaneously note that busy servers are less susceptible to | |
803 | the attack, but not immune. | |
804 | ||
805 | The PowerDNS Security Advisory can be found in Section 1.7. | |
806 | ||
807 | This version can properly benefit from all IPv4 and IPv6 | |
808 | addresses in use at the root-servers as of early February 2008. | |
809 | In order to implement this, changes were made to how the | |
810 | Recursor deals internally with A and AAAA queries for | |
811 | nameservers, see below for more details. | |
812 | ||
813 | Additionally, newer releases of the G++ compiler required some | |
814 | fixes (see ticket 173). | |
815 | ||
816 | This release was made possible by the help of Wichert Akkerman, | |
817 | Winfried Angele, Arnoud Bakker (Fox-IT), Niels Bakker (no | |
818 | relation!), Leo Baltus (Nederlandse Publieke Omroep), Marco | |
819 | Davids (SIDN), David Gavarret (Neuf Cegetel), Peter Gervai, | |
820 | Marcus Goller (UPC), Matti Hiljanen (Saunalahti/Elisa), Ruben | |
821 | Kerkhof, Alex Kiernan, Amit Klein (Trusteer), Kenneth Marshall | |
822 | (Rice University), Thomas Rietz, Marcus Rueckert (OpenSUSE), | |
823 | Augie Schwer (Sonix), Sten Spans (Bit), Stefan Schmidt | |
824 | (Freenet), Kai Storbeck (xs4all), Alex Trull, Andrew Turnbull | |
825 | (No Wires) and Aaron Thompson, and many more who filed bugs | |
826 | anonymously, or who we forgot to mention. | |
827 | ||
828 | Security related issues: | |
829 | ||
830 | * Amit Klein has informed us that System random generator | |
831 | output can be predicted based on its past behaviour, | |
832 | allowing a smart attacker to 'spoof' our nameserver. Full | |
833 | details in Section 1.7. | |
834 | * The Recursor will by default no longer query private-space | |
835 | nameservers. This closes a slight security risk and | |
836 | simultaneously improves performance and stability. For more | |
837 | information, see dont-query in Section 12.1. Implemented in | |
838 | commit 923. | |
839 | * Applied fix for ticket 110 ('PowerDNS should change | |
840 | directory to '/' in chroot), implemented in commit 944. | |
33ccb468 | 841 | |
335359b4 | 842 | Performance: |
33ccb468 | 843 | |
335359b4 AG |
844 | * The DNS packet writing and parsing infrastructure |
845 | performance was improved in several ways, see commits 925, | |
846 | 926, 928, 931, 1021, 1050. | |
847 | * Remove multithreading overhead from the Recursor (commit | |
848 | 999). | |
33ccb468 | 849 | |
335359b4 | 850 | Bug fixes: |
33ccb468 | 851 | |
335359b4 AG |
852 | * Built-in authoritative server now properly derives the TTL |
853 | from the SOA record if not specified. Implemented in commit | |
854 | 1165. Additionally, even when TTL was specified for the | |
855 | built-in authoritative server, it was ignored. Reported by | |
856 | Stefan Schmidt, closing ticket 147. | |
857 | * Empty TXT record components can now be served. Implemented | |
858 | in commit 1166, closing ticket 178. Spotted by Matti | |
859 | Hiljanen. | |
860 | * The Recursor would not properly override old data with new, | |
861 | sometimes serving old and new data concurrently. Fixed in | |
862 | commit 1137. | |
863 | * SOA records with embedded carriage-return characters are | |
864 | now parsed correctly. Implemented in commit 1167, closing | |
865 | ticket 162. | |
866 | * Some routing conditions could cause UDP connected sockets | |
867 | to generate an error which PowerDNS did not deal with | |
868 | properly, leading to a leaked file descriptor. As these run | |
869 | out over time, the recursor could crash. This would also | |
870 | happen for IPv6 queries on a host with no IPv6 | |
871 | connectivity. Thanks to Kai of xs4all and Wichert Akkerman | |
872 | for reporting this issue. Fix in commit 1133. | |
873 | * Empty unknown record types can now be stored without | |
874 | generating a scary error (commit 1129) | |
875 | * Applied fix for ticket 111, ticket 112 and ticket 153 - | |
876 | large (multipart) TXT records are now retrieved and served | |
877 | properly. Fix in commit 996. | |
878 | * Solaris compilation instructions in Recursor documentation | |
879 | were wrong, leading to an instant crash on startup. Luckily | |
880 | nobody reads the documentation, except for Marcus Goller | |
881 | who found the error. Fixed in commit 1124. | |
882 | * On Solaris, finally fix the issue where queries get | |
883 | distributed strangely over CPUs, or not get distributed at | |
884 | all. Much debugging and analysing performed by Alex | |
885 | Kiernan, who also supplied fixes. Implemented in commit | |
886 | 1091, commit 1093. | |
887 | * Various fixes for modern G++ versions, most spotted by | |
888 | Marcus Rueckert (commits 964, 965, 1028, 1052), and Ruben | |
889 | Kerkhof (commit 1136, closing ticket 175). | |
890 | * Recursor would not properly clean up pidfile and control | |
891 | socket, closing ticket 120, code in commit 988, commit 1098 | |
892 | (part of fix by Matti Hiljanen, spotted by Leo Baltus) | |
893 | * Recursor can now serve multi-line records from its limited | |
894 | authoritative server (commit 1014). | |
895 | * When parsing zones, the 'm' time specification stands for | |
896 | minutes, not months! Closing Debian bug 406462 (commit | |
897 | 1026) | |
898 | * Authoritative zone parser did not support '@' in the | |
899 | content of records. Spotted by Marco Davids, fixed in | |
900 | commit 1030. | |
901 | * Authoritative zone parser could be confused by trailing | |
902 | TABs on record lines (commit 1062). | |
903 | * EINTR error code could block entire server if received at | |
904 | the wrong time. Spotted by Arnoud Bakker, fix in commit | |
905 | 1059. | |
906 | * Fix crash on NetBSD on Alpha CPUs, might improve startup | |
907 | behaviour on empty caches on other architectures as well | |
908 | (commit 1061). | |
909 | * Outbound TCP queries were being performed sub-optimally | |
910 | because of an interaction with the 'Mplexer'. Fixes in | |
911 | commit 1115, commit 1116. | |
33ccb468 | 912 | |
335359b4 | 913 | New features: |
33ccb468 | 914 | |
335359b4 AG |
915 | * Implemented rec_control command get uptime, as suggested by |
916 | Niels Bakker (commit 935). Added to default rrdtool scripts | |
917 | in commit 940. | |
918 | * The Recursor Authorative component, meant for having the | |
919 | Recursor serve some zones authoritatively, now supports | |
920 | $INCLUDE and $GENERATE. Implemented in commit 951 and | |
921 | commit 952, commit 967 (discovered by Thomas Rietz), | |
922 | * Implemented forward-zones-file option in order to support | |
923 | larger amounts of zones which should be forwarded to | |
924 | another nameserver (commit 963). | |
925 | * Both forward-zones and forward-zones-file can now specify | |
926 | multiple forwarders per domain, implemented in commit 1168, | |
927 | closing ticket 81. Additionally, both these settings can | |
928 | also specify non-standard port numbers, as suggested in | |
929 | ticket ticket 122. Patch authored by Aaron Thompson, with | |
930 | additional work by Augie Schwer. | |
931 | * Sten Spans contributed allow-from-file, implemented in | |
932 | commit 1150. This feature allows the Recursor to read | |
933 | access rules from a (large) file. | |
934 | ||
935 | General improvements: | |
936 | ||
937 | * Ruben Kerkhof fixed up weird permission bits as well as our | |
938 | SGML documentation code in commit 936 and commit 937. | |
939 | * Full IPv6 parity. If configured to use IPv6 for outgoing | |
940 | queries (using query-local-address6=::0 for example), IPv6 | |
941 | and IPv4 addresses are finally treated 100% identically, | |
942 | instead of 'mostly'. This feature is implemented using | |
943 | 'ANY' queries to find A and AAAA addresses in one query, | |
944 | which is a new approach. Treat with caution. | |
945 | * Now perform EDNS0 root refreshing queries, so as to benefit | |
946 | from all returned addresses. Relevant since early February | |
947 | 2008 when the root-servers started to respond with IPv6 | |
948 | addresses, which made the default non-EDNS0 maximum packet | |
949 | length reply no longer contain all records. Implemented in | |
950 | commit 1130. Thanks to dns-operations AT mail.oarc.isc.org | |
951 | for quick suggestions on how to deal with this change. | |
952 | * rec_control now has a timeout in case the Recursor does not | |
953 | respond. Implemented in commit 945. | |
954 | * (Error) messages are now logged with saner priorities | |
955 | (commit 955). | |
956 | * Outbound query IP interface stemmed from 1997 (!) and was | |
957 | in dire need of a cleanup (commit 1117). | |
958 | * L.ROOT-SERVERS.NET moved (commit 1118). | |
959 | __________________________________________________________ | |
960 | ||
961 | 1.3.7. PowerDNS Authoritative Server version 2.9.21 | |
962 | ||
963 | Released the 21st of April 2007. | |
964 | ||
965 | This is the first release the PowerDNS Authoritative Server | |
966 | since the Recursor was split off to a separate product, and | |
967 | also marks the transfer of the new technology developed | |
968 | specifically for the recursor, back to the authoritative | |
969 | server. | |
970 | ||
971 | This move has reduced the amount of code of the Authoritative | |
972 | server by over 2000 lines, while improving the quality of the | |
973 | program enormously. | |
974 | ||
975 | However, since so much has been changed, care should be taken | |
976 | when deploying 2.9.21. | |
977 | ||
978 | To signify the magnitude of the underlying improvements, the | |
979 | next release of the PowerDNS Authoritative Server will be | |
980 | called 3.0. | |
981 | ||
982 | This release would not have been possible without large amounts | |
983 | of help and support from the PowerDNS Community. We | |
984 | specifically want to thank Massimo Bandinelli of Italy's | |
985 | Register.it, Dave Aaldering of Aaldering ICT, True BV, XS4ALL, | |
986 | Daniel Bilik of Neosystem, EasyDNS, Heinrich Ruthensteiner of | |
987 | Siemens, Augie Schwer, Mark Bergsma, Marco Davids, Marcus | |
988 | Rueckert of OpenSUSE, Andre Muraro of Locaweb, Antony Lesuisse, | |
989 | Norbert Sendetzky, Marco Chiavacci, Christoph Haas, Ralf van | |
990 | der Enden and Ruben Kerkhof. | |
991 | ||
992 | Security issues: | |
993 | ||
994 | * The previous packet parsing and generating code contained | |
995 | no known bugs, but was however very lengthy and overly | |
996 | complex, and might have had security problems. The new code | |
997 | is 'inherently safe' because it relies on bounds-checking | |
998 | C++ constructs. Therefore, a move to 2.9.21 is highly | |
999 | recommended. | |
1000 | * Pre-2.9.21, communication between master and server | |
1001 | nameservers was not checked as rigidly as possible, | |
1002 | possibly allowing third parties to disrupt but not modify | |
1003 | such communications. | |
1004 | ||
1005 | Warning | |
1006 | ||
1007 | The 'bind1' legacy version of our BIND backend has been | |
1008 | dropped! There should be no need to rely on this old version | |
1009 | anymore, as the main BIND backend has been very well tested | |
1010 | recently. | |
33ccb468 | 1011 | |
335359b4 | 1012 | Bugs: |
33ccb468 | 1013 | |
335359b4 AG |
1014 | * Multi-part TXT records weren't supported. This has been |
1015 | fixed, and regression tests have been added. Code in | |
1016 | commits 1016, 996, 994. | |
1017 | * Email addresses with embedded dots in SOA records were not | |
1018 | parsed correctly, nor were other embedded dots. Noted by | |
1019 | 'Bastiaan', fixed in commit 1026. | |
1020 | * BIND backend treated the 'm' TTL modifier as 'months' and | |
1021 | not 'minutes'. Closes Debian bug 406462. Addressed in | |
1022 | commit 1026. | |
1023 | * Our snapshots were built against a static version of | |
1024 | PosgreSQL that was incompatible with many Linux | |
1025 | distributions, leading to instant crashes on startup. Fixed | |
1026 | in 1022 and 1023. | |
1027 | * CNAME referrals to child zones gave improper responses. | |
1028 | Noted by Augie Schwer in ticket 123, fixed in commit 992. | |
1029 | * When passing a port number with the recursor setting, this | |
1030 | would sometimes generate errors during additional | |
1031 | processing. Switched off overly helpful additional | |
1032 | processing for recursive queries to remove this problem. | |
1033 | Implemented in commit 1031, spotted by Ralf van der Enden. | |
1034 | * NS to a nameserver with the name of the zone itself | |
1035 | generated problems. Spotted by Augie Schwer, fixed in | |
1036 | commit 947. | |
1037 | * Multi-line records in the BIND backend were not always | |
1038 | parsed correctly. Fixed in commit 1014. | |
1039 | * The LOC-record had problems operating outside of the | |
1040 | eastern hemisphere of the northern part of the world! Fixed | |
1041 | in commit 1011. | |
1042 | * Backends were compiled without multithreading preprocessor | |
1043 | flags. As far as we can determine, this would only cause | |
1044 | problems for the BIND backend, but we cannot rule out this | |
1045 | caused instability in other backends. Fixed in commit 1001. | |
1046 | * The BIND backend was highly unstable under reloads, and | |
1047 | leaked memory and file descriptors. Thanks to Mark Bergsma | |
1048 | and Massimo Bandinelli for respectively pointing this out | |
1049 | to us and testing large amounts of patches to fix the | |
1050 | problem. The fixes have resulted in better performance, | |
1051 | less code, and a remarkable simplification of this backend. | |
1052 | Commits 1039, 1034, 1035, 1006, 999, 905 and previous. | |
1053 | * BIND backend gave convincing NXDOMAINS on unloaded zones in | |
1054 | some cases. Spotted and fixed by Daniel Bilik in commit | |
1055 | 984. | |
1056 | * SOA records in zone transfers sometimes contained the wrong | |
1057 | SOA TTL. Spotted by Christian Kuehn, fixed in commit 902. | |
1058 | * PowerDNS could get confused by very high SOA serial | |
1059 | numbers. Spotted and fixed by Dan Billik, fixed in commit | |
1060 | 626. | |
1061 | * Some versions of FreeBSD perform very strict checks on | |
1062 | socket address sizes passed to 'connect', which could lead | |
1063 | to problems retrieving zones over AXFR. Fixed in commit | |
1064 | 891. | |
1065 | * Some versions of FreeBSD perform very strict checks on IPv6 | |
1066 | socket addresses, leading to problems. Discovered by Sten | |
1067 | Spans, fixed in commit 885 and commit 886. | |
1068 | * IXFR requests were not logged properly. Noted by Ralf van | |
1069 | der Enden, fixed in commit 990. | |
1070 | * Some NAPTR records needed an additional space character to | |
1071 | encode correctly. Spotted by Heinrich Ruthensteiner, fixed | |
1072 | in commit 1029. | |
1073 | * Many bugs in the TCP nameserver, leading to a PowerDNS | |
1074 | process that did not respond to TCP queries over time. Many | |
1075 | fixes provided by Dan Bilik, other problems were fixed by | |
1076 | rewriting our TCP handling code. Commits 982 and 980, 950, | |
1077 | 924, 889, 874, 869, 685, 684. | |
1078 | * Fix crashes on the ARM processor due to alignment errors. | |
1079 | Thanks to Sjoerd Simons. Closes Debian bug 397031. | |
1080 | * Missing data in generic SQL backends would sometimes lead | |
1081 | to faked SOA serial data. Spotted by Leander Lakkas from | |
1082 | True. Fix in commit 866. | |
1083 | * When receiving two quick notifications in succession, the | |
1084 | packet cache would sometimes "process" the second one, | |
1085 | leading PowerDNS to ignore it. Spotted by Dan Bilik, fixed | |
1086 | in commit 686. | |
1087 | * Geobackend (by Mark Bergsma) did not properly override the | |
1088 | getSOA method, breaking non-overlay operation of this fine | |
1089 | backend. The geobackend now also skips '.hidden' | |
1090 | configuration files, and now properly disregards empty | |
1091 | configuration files. Additionally, the overlapping | |
1092 | abilities were improved. Details available in commit 876, | |
1093 | by Mark. | |
33ccb468 | 1094 | |
335359b4 | 1095 | Features: |
33ccb468 | 1096 | |
335359b4 AG |
1097 | * Thanks to EasyDNS, PowerDNS now supports multiple masters |
1098 | per domain. For configuration details, see Section 13.2. | |
1099 | Implemented in commit 1018, commit 1017. | |
1100 | * Thanks to EasyDNS, PowerDNS now supports the KEY record | |
1101 | type, as well the SPF record. In commit 976. | |
1102 | * Added support for CERT, SSHFP, DNSKEY, DS, NSEC, RRSIG | |
1103 | record types, as part of the move to the new DNS | |
1104 | parsing/generating code. | |
1105 | * Support for the AFSDB record type, as requested by | |
1106 | 'Bastian'. Implemented in commit 978, closing ticket 129. | |
1107 | * Support for the MR record type. Implemented in commit 941 | |
1108 | and commit 1019. | |
1109 | * Gsqlite3 backend was added by Antony Lesuisse in commit | |
1110 | 942; | |
1111 | * Added the ability to send out light-weight root-referrals | |
1112 | that save bandwidth yet still placate mediocre resolver | |
1113 | implementations. Implemented in commit 912, enable with | |
1114 | 'root-referral=lean'. | |
33ccb468 | 1115 | |
335359b4 | 1116 | Improvements: |
33ccb468 | 1117 | |
335359b4 AG |
1118 | * Miscellaneous OpenDBX and LDAP backend improvements by |
1119 | Norbert Sendetzky. Applied in commit 977 and commit 1040. | |
1120 | * SGML source of the documentation was cleaned up by Ruben | |
1121 | Kerkhof in commit 936. | |
1122 | * Speedups in core DNS label processing code. Implemented in | |
1123 | commit 928, commit 654, commit 1020. | |
1124 | * When communicating with master servers and encountering | |
1125 | errors, more useful details are logged. Reported by Stefan | |
1126 | Arentz in ticket 137, closed by commit 1015. | |
1127 | * Database errors are now logged with more details. Addressed | |
1128 | in commit 1004. | |
1129 | * pdns_control problems are now logged more verbosely. Change | |
1130 | in commit 910. | |
1131 | * Erroneous address configuration was logged unclearly. | |
1132 | Spotted by River Tarnell, fixed in commit 888. | |
1133 | * Example configuration shipped with PowerDNS was very old. | |
1134 | Noted by Leen Besselink, fixed in commit 946. | |
1135 | * PowerDNS neglected to chdir to the root when chrooted. This | |
1136 | closes ticket 110, fixed in commit 944. | |
1137 | * Microsoft resolver had problems with responses we generated | |
1138 | for CNAMEs pointing out of our bailiwick. Fixed in commit | |
1139 | 983 and expedited by Locaweb.com.br. | |
1140 | * Built-in webserver logs errors more verbosely. Closes | |
1141 | ticket 82, gixed in commit 991. | |
1142 | * Queries containing '@' no longer flood the logs. Addressed | |
1143 | in commit 1014. | |
1144 | * The build process now looks for PostgreSQL in more places. | |
1145 | Implemented in commit 998, closes ticket 90. | |
1146 | * Speedups in the BIND backend now mean large installations | |
1147 | enjoy startup times up to 30 times faster than with the | |
1148 | original BIND nameserver. Many thanks to Massimo | |
1149 | Bandinelli. | |
1150 | * BIND backend now offers full support for query logging, | |
1151 | implemented in commit 1026, commit 1029. | |
1152 | * BIND backend named.conf parsing is now fully | |
1153 | case-insensitive for domain names. This closes Debian bug | |
1154 | 406461, fixed in commit 1027. | |
1155 | * IPv6 and IPv4 address parsing routines have been replaced, | |
1156 | which should result in prettier output in some cases. | |
1157 | commit 962, commit 1012 and others. | |
1158 | * 5 new regression tests have been added to insure old bugs | |
1159 | do not return. | |
1160 | * Fix small issues with very modern compilers and BOOST | |
1161 | snapshots. Noted by Marcus Rueckert, addressed in commit | |
1162 | 954, commit 964 commit 965, commit 1003. | |
1163 | __________________________________________________________ | |
1164 | ||
1165 | 1.3.8. Recursor version 3.1.4 | |
1166 | ||
1167 | Released the 13th of November 2006. | |
1168 | ||
1169 | This release contains almost no new features, but consists | |
1170 | mostly of minor and major bug fixes. It also addresses two | |
1171 | major security issues, which makes this release a highly | |
1172 | recommended upgrade. | |
1173 | ||
1174 | Security issues: | |
1175 | ||
1176 | * Large TCP questions followed by garbage could cause the | |
1177 | recursor to crash. This critical security issue has been | |
1178 | assigned CVE-2006-4251, and is fixed in commit 915. More | |
1179 | information can be found in Section 1.5. | |
1180 | * CNAME loops with zero second TTLs could cause crashes in | |
1181 | some conditions. These loops could be constructed by | |
1182 | malicious parties, making this issue a potential denial of | |
1183 | service attack. This security issue has been assigned | |
1184 | CVE-2006-4252 and is fixed by commit 919. More information | |
1185 | can be found in Section 1.6. Many thanks to David Gavarret | |
1186 | for helping pin down this problem. | |
33ccb468 | 1187 | |
335359b4 | 1188 | Bugs: |
33ccb468 | 1189 | |
335359b4 AG |
1190 | * On certain error conditions, PowerDNS would neglect to |
1191 | close a socket, which might therefore eventually run out. | |
1192 | Spotted by Stefan Schmidt, fixed in commits 892, 897, 899. | |
1193 | * Some nameservers (including PowerDNS in rare circumstances) | |
1194 | emit a SOA record in the authority section. The recursor | |
1195 | mistakenly interpreted this as an authoritative "NXRRSET". | |
1196 | Spotted by Bryan Seitz, fixed in commit 893. | |
1197 | * In some circumstances, PowerDNS could end up with a useless | |
1198 | (not working, or no longer working) set of nameserver | |
1199 | records for a domain. This release contains logic to | |
1200 | invalidate such broken NSSETs, without overloading | |
1201 | authoritative servers. This problem had previously been | |
1202 | spotted by Bryan Seitz, 'Cerb' and Darren Gamble. | |
1203 | Invalidations of NSSETs can be plotted using the | |
1204 | "nsset-invalidations" metric, available through rec_control | |
1205 | get. Implemented in commit 896 and commit 901. | |
1206 | * PowerDNS could crash while dumping the cache using | |
1207 | rec_control dump-cache. Reported by Wouter of WideXS and | |
1208 | Stefan Schmidt and many others, fixed in commit 900. | |
1209 | * Under rare circumstances (depleted TCP buffers), PowerDNS | |
1210 | might send out incomplete questions to remote servers. | |
1211 | Additionally, on big-endian systems (non-Intel and non-AMD | |
1212 | generally), sending out large TCP answers questions would | |
1213 | not work at all, and possibly crash. Brought to our | |
1214 | attention by David Gavarret, fixed in commit 903. | |
1215 | * The recursor contained the potential for a dead-lock | |
1216 | processing an invalid domain name. It is not known how this | |
1217 | might be triggered, but it has been observed by 'Cerb' on | |
1218 | #powerdns. Several dead-locks where PowerDNS consumed all | |
1219 | CPU, but did not answer questions, have been reported in | |
1220 | the past few months. These might be fixed by commit 904. | |
1221 | * IPv6 'allow-from' matching had problems with the least | |
1222 | significant bits, sometimes allowing disallowed addresses, | |
1223 | but mostly disallowing allowed addresses. Spotted by Wouter | |
1224 | from WideXS, fixed in commit 916. | |
33ccb468 | 1225 | |
335359b4 | 1226 | Improvements: |
33ccb468 | 1227 | |
335359b4 AG |
1228 | * PowerDNS has support to drop answers from so called |
1229 | 'delegation only' zones. A statistic ("dlg-only-drops") is | |
1230 | now available to plot how often this happens. Implemented | |
1231 | in commit 890. | |
1232 | * Hint-file parameter was mistakenly named "hints-file" in | |
1233 | the documentation. Spotted by my Marco Davids, fixed in | |
1234 | commit 898. | |
1235 | * rec_control quit should be near instantaneous now, as it no | |
1236 | longer meticulously cleans up memory before exiting. | |
1237 | Problem spotted by Darren Gamble, fixed in commit 914, | |
1238 | closing ticket 84. | |
1239 | * init.d script no longer refers to the Recursor as the | |
1240 | Authoritative Server. Spotted by Wouter of WideXS, fixed in | |
1241 | commit 913. | |
1242 | * A potentially serious warning for users of the GNU C | |
1243 | Library version 2.5 was fixed. Spotted by Marcus Rueckert, | |
1244 | fixed in commit 920. | |
1245 | __________________________________________________________ | |
1246 | ||
1247 | 1.3.9. Recursor version 3.1.3 | |
1248 | ||
1249 | Released the 12th of September 2006. | |
1250 | ||
1251 | Compared to 3.1.2, this release again consists of a number of | |
1252 | mostly minor bug fixes, and some slight improvements. | |
1253 | ||
1254 | Many thanks are again due to Darren Gamble who together with | |
1255 | his team has discovered many misconfigured domains that do work | |
1256 | with some other name servers. DNS has long been tolerant of | |
1257 | misconfigurations, PowerDNS intends to uphold that tradition. | |
1258 | Almost all of the domains found by Darren now work as well in | |
1259 | PowerDNS as in other name server implementations. | |
1260 | ||
1261 | Thanks to some recent migrations, this release, or something | |
1262 | very close to it, is powering over 40 million internet | |
1263 | connections that we know of. We appreciate hearing about | |
1264 | succesful as well as unsuccesful migrations, please feel free | |
1265 | to notify pdns.bd@powerdns.com of your experiences, good or | |
1266 | bad. | |
1267 | ||
1268 | Bug-fixes: | |
1269 | ||
1270 | * The MThread default stack size was too small, which led to | |
1271 | problems, mostly on 64-bit platforms. This stack size is | |
1272 | now configurable using the stack-size setting should our | |
1273 | estimate be off. Discovered by Darren Gamble, Sten Spans | |
1274 | and a number of others. Fixed in commit 868. | |
1275 | * Plug a small memory leak discovered by Kai and Darren | |
1276 | Gamble, fixed in commit 870. | |
1277 | * Switch from the excellent nedmalloc to dlmalloc, based on | |
1278 | advice by the nedmalloc author. Nedmalloc is optimised for | |
1279 | multithreaded operation, whereas the PowerDNS recursor is | |
1280 | single threaded. The version of nedmalloc shipped contained | |
1281 | a number of possible bugs, which are probably resolved by | |
1282 | moving to dlmalloc. Some reported crashes on hitting 2G of | |
1283 | allocated memory on 64 bit systems might be solved by this | |
1284 | switch, which should also increase performance. See commit | |
1285 | 873 for details. | |
33ccb468 | 1286 | |
335359b4 | 1287 | Improvements: |
33ccb468 | 1288 | |
335359b4 AG |
1289 | * The cache is now explicitly aware of the difference between |
1290 | authoritative and unauthoritative data, allowing it to deal | |
1291 | with some domains that have different data in the parent | |
1292 | zone than in the authoritative zone. Patch in commit 867. | |
1293 | * No longer try to parse DNS updates as if they were queries. | |
1294 | Discovered and fixed by Jan Gyselinck, fix in commit 871. | |
1295 | * Rebalance logging priorities for less log cluttering and | |
1296 | add IP address to a remote server error message. Noticed | |
1297 | and fixed by Jan Gyselinck (commit 877). | |
1298 | * Add logging-facility setting, allowing syslog to send | |
1299 | PowerDNS logging to a separate file. Added in commit 871. | |
1300 | __________________________________________________________ | |
1301 | ||
1302 | 1.3.10. Recursor version 3.1.2 | |
1303 | ||
1304 | Released Monday 26th of June 2006. | |
1305 | ||
1306 | Compared to 3.1.1, this release consists almost exclusively of | |
1307 | bug-fixes and speedups. A quick update is recommended, as some | |
1308 | of the bugs impact operators of authoritative zones on the | |
1309 | internet. This version has been tested by some of the largest | |
1310 | internet providers on the planet, and is expected to perform | |
1311 | well for everybody. | |
1312 | ||
1313 | Many thanks are due to Darren Gamble, Stefan Schmidt and Bryan | |
1314 | Seitz who all provided excellent feedback based on their | |
1315 | large-scale tests of the recursor. | |
1316 | ||
1317 | Bug-fixes: | |
1318 | ||
1319 | * Internal authoritative server did not differentiate between | |
1320 | 'NXDOMAIN' and 'NXRRSET', in other words, it would answer | |
1321 | 'no such host' when an AAAA query came in for a domain that | |
1322 | did exist, but did not have an AAAA record. This only | |
1323 | affects users with auth-zones configured. Discovered by | |
1324 | Bryan Seitz, fixed in commit 848. | |
1325 | * ANY queries for hosts where nothing was present in the | |
1326 | cache would not work. This did not cause real problems as | |
1327 | ANY queries are not reliable (by design) for anything other | |
1328 | than debugging, but did slow down the nameserver and cause | |
1329 | unnecessary load on remote nameservers. Fixed in commit | |
1330 | 854. | |
1331 | * When exceeding the configured maximum amount of TCP | |
1332 | sessions, TCP support would break and the nameserver would | |
1333 | waste CPU trying to accept TCP connections on UDP ports. | |
1334 | Noted by Bryan Seitz, fixed in commit 849. | |
1335 | * DNS queries come in two flavours: recursion desired and | |
1336 | non-recursion desired. The latter is not very useful for a | |
1337 | recursor, but is sometimes (erroneously) used by monitoring | |
1338 | software or loadbalancers to detect nameserver | |
1339 | availability. A non-rd query would not only not recurse, | |
1340 | but also not query authoritative zones, which is confusing. | |
1341 | Fixed in commit 847. | |
1342 | * Non-standard DNS TCP queries, that did occur however, could | |
1343 | drive the recursor to 100% CPU usage for extended periods | |
1344 | of time. This did not disrupt service immediately, but does | |
1345 | waste a lot of CPU, possibly exhausting resources. | |
1346 | Discovered by Bryan Seitz, fixed in commit 858, which is | |
1347 | post-3.1.2-rc1. | |
1348 | * The PowerDNS recursor did not honour the rare but | |
1349 | standardised 'ANY' query class (normally 'ANY' refers to | |
1350 | the query type, not class), upsetting the Wildfire Jabber | |
1351 | server. Discovered and debugged by Daniel Nauck, fixed in | |
1352 | commit 859, which is post-3.1.2-rc1. | |
1353 | * Everybody's favorite, when starting up under high load, a | |
1354 | bogus line of statistics was sometimes logged. Fixed in | |
1355 | commit 851. | |
1356 | * Remove some spurious debugging output on dropping a packet | |
1357 | by an unauthorized host. Discovered by Kai. Fixed in commit | |
1358 | 854. | |
33ccb468 | 1359 | |
335359b4 | 1360 | Improvements: |
33ccb468 | 1361 | |
335359b4 AG |
1362 | * Misconfigured domains, with a broken nameserver in the |
1363 | parent zone, should now work better. Changes motivated and | |
1364 | suggested by Darren Gamble. This makes PowerDNS more | |
1365 | compliant with RFC 2181 by making it prefer authoritative | |
1366 | data over non-authoritative data. Implemented in commit | |
1367 | 856. | |
1368 | * PowerDNS can now listen on multiple ports, using the | |
1369 | local-address setting. Added in commit 845. | |
1370 | * A number of speedups which should have a noticeable impact, | |
1371 | implemented in commits 850, 852, 853, 855 | |
1372 | * The recursor now works around an issue with the Linux | |
1373 | kernel 2.6.8, as shipped by Debian. Fixed by Christof | |
1374 | Meerwald in commit 860, which is post 3.1.2-rc1. | |
1375 | __________________________________________________________ | |
1376 | ||
1377 | 1.3.11. Recursor version 3.1.1 | |
1378 | ||
1379 | Warning | |
1380 | ||
1381 | 3.1.1 is identical to 3.1 except for a bug in the packet | |
1382 | chaining code which would mainly manifest itself for IPv6 | |
1383 | enabled Konqueror users with very fast connections to their | |
1384 | PowerDNS installation. However, all 3.1 users are urged to | |
1385 | upgrade to 3.1.1. Many thanks to Alessandro Bono for his quick | |
1386 | aid in solving this problem. | |
1387 | ||
1388 | Released on the 23rd of May 2006. Many thanks are due to the | |
1389 | operators of some of the largest internet access providers in | |
1390 | the world, each having many millions of customers, who have | |
1391 | tested the various 3.1 pre-releases for suitability. They have | |
1392 | uncovered and helped fix bugs that could impact us all, but are | |
1393 | only (quickly) noticeable with such vast amounts of DNS | |
1394 | traffic. | |
1395 | ||
1396 | After version 3.0.1 has proved to hold up very well under | |
1397 | tremendous loads, 3.1 adds important new features: | |
1398 | ||
1399 | * Ability to serve authoritative data from 'BIND' style zone | |
1400 | files (using auth-zones statement). | |
1401 | * Ability to forward domains so configured to external | |
1402 | servers (using forward-zones). | |
1403 | * Possibility of 'serving' the contents of /etc/hosts over | |
1404 | DNS, which is very well suited to simple domestic | |
1405 | router/DNS setups. Enabled using export-etc-hosts. | |
1406 | * As recommended by recent standards documents, the PowerDNS | |
1407 | recursor is now authoritative for RFC-1918 private IP space | |
1408 | zones by default (suggested by Paul Vixie). | |
1409 | * Full outgoing IPv6 support (off by default) with IPv6 | |
1410 | servers getting equal treatment with IPv4, nameserver | |
1411 | addresses are chosen based on average response speed, | |
1412 | irrespective of protocol. | |
1413 | * Initial Windows support, including running as a service | |
1414 | ('NET START "POWERDNS RECURSOR"'). rec_channel is still | |
1415 | missing, the rest should work. Performance appears to be | |
1416 | below that of the UNIX versions, this situation is expected | |
1417 | to improve. | |
33ccb468 | 1418 | |
335359b4 | 1419 | Bug fixes: |
33ccb468 | 1420 | |
335359b4 AG |
1421 | * No longer send out SRV and MX record priorities as zero on |
1422 | big-endian platforms (UltraSPARC). Discovered by Eric | |
1423 | Sproul, fixed in commit 773. | |
1424 | * SRV records need additional processing, especially in an | |
1425 | Active Directory setting. Reported by Kenneth Marshall, | |
1426 | fixed in commit 774. | |
1427 | * The root-records were not being refreshed, which could lead | |
1428 | to problems under inconceivable conditions. Fixed in commit | |
1429 | 780. | |
1430 | * Fix resolving domain names for nameservers with multiple IP | |
1431 | addresses, with one of these addresses being lame. Other | |
1432 | nameserver implementations were also unable to resolve | |
1433 | these domains, so not a big bug. Fixed in commit 780. | |
1434 | * For a period of 5 minutes after expiring a negative cache | |
1435 | entry, the domain would not be re-cached negatively, | |
1436 | leading to a lot of duplicate outgoing queries for this | |
1437 | short period. This fix has raised the average cache hit | |
1438 | rate of the recursor by a few percent. Fixed in commit 783. | |
1439 | * Query throttling was not aggressive enough and not all | |
1440 | sorts of queries were throttled. Implemented in commit 786. | |
1441 | * Fix possible crash during startup when parsing empty | |
1442 | configuration lines (commit 807). | |
1443 | * Fix possible crash when the first query after wiping a | |
1444 | cache entry was for the just deleted entry. Rare in | |
1445 | production servers. Fixed in commit 820. | |
1446 | * Recursor would send out differing TTLs when receiving a | |
1447 | misconfigured, standards violating, RRSET with different | |
1448 | TTLs. Implement fix as mandated by RFC 2181, paragraph 5.2. | |
1449 | Reported by Stephen Harker (commit 819). | |
1450 | * The top-remotes would list remotes duplicately, once per | |
1451 | source port. Discovered by Jorn Ekkelenkamp, fixed in | |
1452 | commit 827, which is post 3.1-pre1. | |
1453 | * Default allow-from allowed queries from fe80::/16, | |
1454 | corrected to fe80::/10. Spotted by Niels Bakker, fixed in | |
1455 | commit 829, which is post 3.1-pre1. | |
1456 | * While PowerDNS blocks failing queries quickly, multiple | |
1457 | packets could briefly be in flight for the same domain and | |
1458 | nameserver. This situation is now explicitly detected and | |
1459 | queries are chained to identical queries already in flight. | |
1460 | Fixed in commit 833 and commit 834, post 3.1-pre1. | |
33ccb468 | 1461 | |
335359b4 | 1462 | Improvements: |
33ccb468 | 1463 | |
335359b4 AG |
1464 | * ANY queries are now implemented as in other nameserver |
1465 | implementations, leading to a decrease in outgoing queries. | |
1466 | The RFCs are not very clear on desired behaviour, what is | |
1467 | implemented now saves bandwidth and CPU and brings us in | |
1468 | line with existing practice. Previously ANY queries were | |
1469 | not cached by the PowerDNS recursor. Implemented in commit | |
1470 | 784. | |
1471 | * rec_control was very sparse in its error reporting, and | |
1472 | user unfriendly as well. Reported by Erik Bos, fixed in | |
1473 | commit 818 and commit 820. | |
1474 | * IPv6 addresses were printed in a non-standard way, fixed in | |
1475 | commit 788. | |
1476 | * TTLs of records are now capped at two weeks, commit 820. | |
1477 | * allow-from IPv4 netmasks now automatically work for | |
1478 | IP4-to-IPv6 mapper IPv4 addresses, which appear when | |
1479 | running on the wildcard :: IPv6 address. Lack of feature | |
1480 | noted by Marcus 'darix' Rueckert. Fixed in commit 826, | |
1481 | which is post 3.1-pre1. | |
1482 | * Errors before daemonizing are now also sent to syslog. | |
1483 | Suggested by Marcus 'darix' Rueckert. Fixed in commit 825, | |
1484 | which is post 3.1-pre1. | |
1485 | * When launching without any form of configured network | |
1486 | connectivity, all root-servers would be cached as 'down' | |
1487 | for some time. Detect this special case and treat it as a | |
1488 | resource-constraint, which is not accounted against | |
1489 | specific nameservers. Spotted by Seth Arnold, fixed in | |
1490 | commit 835, which is post 3.1-pre1. | |
1491 | * The recursor now does not allow authoritative servers to | |
1492 | keep supplying its own NS records into perpetuity, which | |
1493 | causes problems when a domain is redelegated but the old | |
1494 | authorative servers are not updated to this effect. Noticed | |
1495 | and explained at length by Darren Gamble of Shaw | |
1496 | Communications, addressed by commit 837, which is post | |
1497 | 3.1-pre2. | |
1498 | * Some operators may want to follow RFC 2181 paragraph 5.2 | |
1499 | and 5.4. This harms performance and does not solve any real | |
1500 | problem, but does make PowerDNS more compliant. If you want | |
1501 | this, enable auth-can-lower-ttl. Implemented in commit 838, | |
1502 | which is post 3.1-pre2. | |
1503 | __________________________________________________________ | |
1504 | ||
1505 | 1.3.12. Recursor version 3.0.1 | |
1506 | ||
1507 | Released 25th of April 2006, download. | |
1508 | ||
1509 | This release consists of nothing but tiny fixes to 3.0, | |
1510 | including one with security implications. An upgrade is highly | |
1511 | recommended. | |
1512 | ||
1513 | * Compilation used both cc and gcc, leading to the | |
1514 | possibility of compiling with different compiler versions | |
1515 | (commit 766). | |
1516 | * rec_control would leave files named lsockXXXXXX around in | |
1517 | the configured socket-dir. Operators may wish to remove | |
1518 | these files from their socket-dir (often /var/run), quite a | |
1519 | few might have accumulated already (commit 767). | |
1520 | * Certain malformed packets could crash the recursor. As far | |
1521 | as we can determine these packets could only lead to a | |
1522 | crash, but as always, there are no guarantees. A quick | |
1523 | upgrade is highly recommended (commits 760, 761). Reported | |
1524 | by David Gavarret. | |
1525 | * Recursor would not distinguish between NXDOMAIN and NXRRSET | |
1526 | (commit 756). Reported and debugged by Jorn Ekkelenkamp. | |
1527 | * Some error messages and trace logging statements were | |
1528 | improved (commits 756, 758, 759). | |
1529 | * stderr was closed during daemonizing, but not dupped to | |
1530 | /dev/null, leading to slight chance of odd behaviour on | |
1531 | reporting errors (commit 757) | |
1532 | ||
1533 | Operating system specific fixes: | |
1534 | ||
1535 | * The stock Debian sarge Linux kernel, 2.6.8, claims to | |
1536 | support epoll but fails at runtime. The epoll self-testing | |
1537 | code has been improved, and PowerDNS will fall back to a | |
1538 | select based multiplexer if needed (commit 758) Reported by | |
1539 | Michiel van Es. | |
1540 | * Solaris 8 compilation and runtime issues were addressed. | |
1541 | See the README for details (commit 765). Reported by | |
1542 | Juergen Georgi and Kenneth Marshall. | |
1543 | * Solaris 10 x86_64 compilation issues were addressed (commit | |
1544 | 755). Reported and debugged by Eric Sproul. | |
1545 | __________________________________________________________ | |
1546 | ||
1547 | 1.3.13. Recursor version 3.0 | |
1548 | ||
1549 | Released 20th of April 2006, download. | |
1550 | ||
1551 | This is the first separate release of the PowerDNS Recursor. | |
1552 | There are many reasons for this, one of the most important ones | |
1553 | is that previously we could only do a release when both the | |
1554 | recursor and the authoritative nameserver were fully tested and | |
1555 | in good shape. The split allows us to release new versions when | |
1556 | each part is ready. | |
1557 | ||
1558 | Now for the real news. This version of the PowerDNS recursor | |
1559 | powers the network access of over two million internet | |
1560 | connections. Two large access providers have been running | |
1561 | pre-releases of 3.0 for the past few weeks and results are | |
1562 | good. Furthermore, the various pre-releases have been tested | |
1563 | nearly non-stop with DNS traffic replayed at 3000 | |
1564 | queries/second. | |
1565 | ||
1566 | As expected, the 2 million househoulds shook out some very rare | |
1567 | bugs. But even a rare bug happens once in a while when there | |
1568 | are this many users. | |
1569 | ||
1570 | We consider this version of the PowerDNS recursor to be the | |
1571 | most advanced resolver publicly available. Given current levels | |
1572 | of spam, phishing and other forms of internet crime we think no | |
1573 | recursor should offer less than the best in spoofing | |
1574 | protection. We urge all operators of resolvers without proper | |
1575 | spoofing countermeasures to consider PowerDNS, as it is a | |
1576 | Better Internet Nameserver Daemon. | |
1577 | ||
1578 | A good article on DNS spoofing can be found here. Some more | |
1579 | information, based on a previous version of PowerDNS, can be | |
1580 | found on the PowerDNS development blog. | |
1581 | ||
1582 | Warning | |
1583 | ||
1584 | Because of recent DNS based denial of service attacks, running | |
1585 | an open recursor has become a security risk. Therefore, unless | |
1586 | configured otherwise this version of PowerDNS will only listen | |
1587 | on localhost, which means it does not resolve for hosts on your | |
1588 | network. To fix, configure the local-address setting with all | |
1589 | addresses you want to listen on. Additionally, by default | |
1590 | service is restricted to RFC 1918 private IP addresses. Use | |
1591 | allow-from to selectively open up the recursor for your own | |
1592 | network. See Section 12.1 for details. | |
1593 | ||
1594 | Important new features of the PowerDNS recursor 3.0: | |
1595 | ||
1596 | * Best spoofing protection and detection we know of. Not only | |
1597 | is spoofing made harder by using a new network address for | |
1598 | each query, PowerDNS detects when an attempt is made to | |
1599 | spoof it, and temporarily ignores the data. For details, | |
1600 | see Section 12.4.1. | |
1601 | * First nameserver to benefit from epoll/kqueue/Solaris | |
1602 | completion ports event reporting framework, for stellar | |
1603 | performance. | |
1604 | * Best statistics of any recursing nameserver we know of, see | |
1605 | Section 12.5. | |
1606 | * Last-recently-used based cache cleanup algorithm, keeping | |
1607 | the 'best' records in memory | |
1608 | * First class Solaris support, built on a 'try and buy' Sun | |
1609 | CoolThreads T 2000. | |
1610 | * Full IPv6 support, implemented natively. | |
1611 | * Access filtering, both for IPv4 and IPv6. | |
1612 | * Experimental SMP support for nearly double performance. See | |
1613 | Section 12.3. | |
1614 | ||
1615 | Many people helped package and test this release. Jorn | |
1616 | Ekkelenkamp of ISP-Services helped find the '8000 SOAs' bug and | |
1617 | spotted many other oddities and XS4ALL internet funded a lot of | |
1618 |