Hi everybody, As an aside to these giant & impressive release notes, I would like to thank the PowerDNS open source community for the tremendous amount of work invested in 3.4.0. It is astounding.
For a small overview, check for example: https://github.com/PowerDNS/pdns/network/members https://github.com/PowerDNS/pdns/graphs/contributors?from=2013-12-17&to=2014-09-30&type=c Thank you very much everybody for your efforts in coding, packaging, testing, suggesting and sometimes even documenting ;-) Bert (PowerDNS) On Tue, Sep 30, 2014 at 12:41:27PM +0200, Peter van Dijk wrote: > Hi everybody, > > PowerDNS Authoritative Server 3.4.0 is now available! > > 3.4.0 is the best version of the PowerDNS Authoritative Server currently > available, and we recommend upgrading to it. Please read > http://doc.powerdns.com/html/from3.3.1to3.4.0.html before you do, however! > > Please see http://doc.powerdns.com/changelog.html#changelog-auth-3.4.0 for > full > release notes and all download links. > > You can get PowerDNS 3.4.0 from: > > http://downloads.powerdns.com/releases/pdns-3.4.0.tar.bz2 > http://downloads.powerdns.com/releases/deb/pdns-static_3.4.0-1_i386.deb > http://downloads.powerdns.com/releases/deb/pdns-static_3.4.0-1_amd64.deb > http://downloads.powerdns.com/releases/rpm/pdns-static-3.4.0-1.i386.rpm > http://downloads.powerdns.com/releases/rpm/pdns-static-3.4.0-1.x86_64.rpm > > These files also come with GPG signatures (append .sig). > > Additionally, Kees Monshouwer has kindly provided native builds for RHEL and > CentOS > at https://www.monshouwer.eu/download/3rd_party/pdns/ > > This is a performance, feature, bugfix and conformity update to > 3.3.1 and any earlier version. It contains a huge amount of > work by various contributors, to whom we are very grateful. > > A list of changes since 3.3.1 follows. > > Changes between RC2 and 3.4.0: > * gad189c9, g445d93c: also distribute the dnsdist manual page > * gb5a276d, g0b346e9, g74caf87, g642fd2e: Make sure all > backends actually work as dynamic modules > * g14b11c4: raise log level on dlerror(), fixes t1734, thanks > @James-TR > * g016d810: improve postgresql detection during ./configure > * gdce1e90: DNAME: don't sign the synthesised CNAME > * g25e7af3: send empty SERVFAIL after a backend throws a > DBException, instead of including useless content > > Changes between RC1 and RC2: > * gbb6e54f: document udp6-queries, udp4-queries, add > rd-queries, recursion-unanswered metrics & document. Closes > t1400. > * g4a23af7: init script: support DAEMON_ARGS; g7e5b3a0: init > script: ensure socket dir exists > * gdd930ed: don't import supermaster ips from other accounts > * ged3afdf: fall back to central bind if reuseport bind > fails; improves t1715 > * g709ca59: GeoIP backend implementation. This is a new > backend, still experimental! > * gbf5a484: support EVERY future version of OS X, fixes t1702 > * g4dbaec6: Check for __FreeBSD_kernel__ as per > https://lists.debian.org/debian-bsd/2006/03/msg00127.html, > fixes t1684; g74f389d: __FreeBSD_kernel__ is defined but > empty on systems with FreeBSD kernels, breaking compile. > Thanks pawal > * g882ca9d: revert setpgrp changes > * g2e6bbd8: Catch PDNSException in Signingpiper::helperWorker > to avoid abort > * g0ffd51d: improve error reporting on malformed labels > * gc48dec7: Fix forwarded TSIG message issue > * gdad70f2: skip TCP_DEFER_ACCEPT on platforms that do not > have it (like FreeBSD); fixes t1658 > * gc7287b6: should fix t1662, reloading while checking for > domains that need to be notified in BIND, causing lock > * g3e67ea8: allow OPT pseudo record type in IXFR query > * ga1caa8b: webserver: htmlescape VERSION and config name > * gdf9d980: Remove "log-failed-updates" leftover > * ga1fe72a: Remove unused "soa-serial-offset" option > > Changes between 3.3.1 and 3.4.0-RC1 follow. > > DNSSEC changes: > * gbba8413: add option (max-signature-cache-entries) to limit > the maximum number of cached signatures. > * g28b66a9: limit the number of NSEC3 iterations (see RFC5155 > 10.3), with the max-nsec3-iterations option. > * gb50efd6: drop the 'superfluous NSEC3' option that old BIND > validators need. > * The bindbackend 'hybrid' mode was reintroduced by Kees > Monshouwer. Enable it with bind-hybrid. > * Aki Tuomi contributed experimental PKCS#11 support for > DNSSEC key management with a (Soft)HSM. > * Direct RRSIG queries now return NOTIMP. > * gfa37777: add secure-all-zones command to pdnssec > * Unrectified zones can now get rectified 'on the fly' during > outgoing AXFR. This makes it possible to run a hidden > signing master without rectification. > * g82fb538: AXFR in: don't accept zones with a mixture of > Opt-Out NSEC3 RRs and non-Opt-Out NSEC3 RRs > * Various minor bugfixes, mostly from the unstoppable Kees > Monshouwer. > * g0c4c552: set non-zero exit status in pdnssec if an > exception was thrown, for easier automatic usage. > * gb8bd119: pdnssec -v show-zone: Print all keys instead of > just entry point keys. > * g52e0d78: answer direct NSEC queries without DO bit > * gca2eb01: output ZSK DNSKEY records if > experimental-direct-dnskey support is enabled > * g83609e2: SOA-EDIT: fix INCEPTION-INCREMENT handling > * gac4a2f1: AXFR-out can handle secure and insecure NSEC3 > optout delegations > * gff47302: AXFR-in can handle secure and insecure NSEC3 > optout delegations > > New features: > * DNAME support. Enable with experimental-dname-processing. > * PowerDNS can now send stats directly to Carbon servers. > Enable with carbon-server, tweak with carbon-ourname and > carbon-interval. > * g767da1a: Add list-zone capability to pdns_control > * g51f6bca: Add delete-zone to pdnssec. > * The gsql backends now support record comments, and > disabling records. > * The new reuseport config option allows setting > SO_REUSEPORT, which allows for some performance > improvements. > * local-address-nonexist-fail and local-ipv6-nonexist-fail > allow pdns to start up even if some addresses fail to bind. > * 'AXFR-SOURCE' in domainmetadata sets the source address for > an AXFR retrieval. > * g451ba51: Implement pdnssec get-meta/set-meta > * Experimental RFC2136/DNS UPDATE support from Ruben d'Arco, > with extensive testing by Kees Monshouwer. > * pdns_control bind-add-zone > * New option bind-ignore-broken-records ignores out-of-zone > records while loading zone files. > * pdnssec now has commands for TSIG key management. > * We now support other algorithms than MD5 for TSIG. > * gba7244a: implement pdns_control qtypes > * Support for += syntax for options > > Bugfixes: > * We verify the algorithm used for TSIG queries, and use the > right algorithm in signing if there is possible confusion. > Plus a few minor TSIG-related fixes. > * gff99a74: making *-threads settings empty now yields a > default of one instead of zero. > * g9215e60: we had a deadly embrace in getUpdatedMasters in > bindbackend reimplementation, thanks to Winfried for > detailed debugging! > * g9245fd9: don't addSuckRequest after supermaster zone > creation to avoid one cause of simultaneous AXFR for the > same zone > * g719f902: fix dual-stack superslave when multiple > namservers share a ip > * g33966bf: avoid address truncation in doNotifications > * geac85b1: prevent duplicate slave notications caused by > different ipv6 address formatting > * g3c8a711: make notification queue ipv6 compatible > * g0c13e45: make isMaster ip check more tolerant for > different ipv6 notations > * Various fixes for possible issues reported by Coverity Scan > (gf17c93b, ) > * g9083987: don't rely on included polarssl header files when > using system polarssl. Spotted by Oden Eriksson of > Mandriva, thanks! > * Various users reported pdns_control hangs, especially when > using the guardian. We are confident that all causes of > these hangs are now gone. > * Decreasing the webserver ringbuffer size could cause > crashes. > * g4c89cce: nproxy: Add missing chdir("/") after chroot() > * g016a0ab: actually notice timeout during AXFR retrieve, > thanks hkraal > > REST API changes: > * The REST API was much improved and is nearing stability, > thanks to Christian Hofstaedtler and others. > * Mark Schouten at Tuxis contributed a zone importer. > > Other changes: > * Our tarballs and packages now include *.sql schema files > for the SQL backends. > * The webserver (including API) now has an ACL > (webserver-allow-from). > * Webserver (including API) is now powered by YaHTTP. > * Various autotools usage improvements from Ruben Kerkhof. > * The dist tarball is now bzip2-compressed instead of gzip. > * Various remotebackend updates, including replacing curl > with (included) yahttp. > * Dynamic module loading is now allowed on Mac OS X. > * The AXFR ACL (allow-axfr-ips) now defaults to > 127.0.0.0/8,::1 instead of the whole world. > * gba91c2f: remove unused gpgsql-socket option and document > postgres socket usage > * Improved support for Lua 5.2. > * The edns-subnet option code is now fixed at 8, and the > edns-subnet-option-numbers option has been removed. > * geobackend now has very limited edns-subnet support - it > will use the 'real' remote if available. > * pipebackend ABI v4 adds the zone name to the AXFR command. > * We now avoid getaddrinfo() as much as possible. > * The packet cache now handles (forwarded) recursive answers > better, including TTL aging and respecting allow-recursion. > * gff5ba4f: pdns_server --help no longer exits with 1. > * Mark Zealey contributed an experimental LMDB backend. Kees > Monshouwer added experimental DNSSEC support to it. Thanks, > both! > * g81859ba: No longer attempt to answer questions coming in > from port 0, reply would not reach them anyhow. Thanks to > Niels Bakker and sid3windr for insight & debugging. Closes > t844. > * RCodes are now reported in text in various places, thanks > Aki. > * Kees Monshouwer set up automatic testing for the oracle and > goracle backends, and fixed various issues in them. > * Leftovers of previous support for Windows have been > removed, thanks to Kees Monshouwer, Aki Tuomi. > * Bundled PolarSSL has been upgraded to 1.3.2 > * PolarSSL replaced previously bundled implementations of AES > (ge22d9b4) and SHA (g9101035) > * bindbackend is now a module > * g14a2e52: Use the inet data type for supermasters.ip on > postgrsql. > * We now send an empty SERVFAIL when a CNAME chain is too > long, instead of including the partial chain. > * g3613a51: Show built-in features in --version output > * g4bd7d35: make domainmetadata queries case insensitive > * g088c334: output warning message when no to be notified > NS's are found > * g5631b44: gpsqlbackend: use empty defaults for dbname and > user; libpq will use the current user name for both by > default > * gd87ded3: implement udp-truncation-threshold to override > the previous 1680 byte maximum response datagram size - no > matter what EDNS0 said. Plus document it. > * Implement udp-truncation-threshold to override the previous > 1680 byte maximum response datagram size - no matter what > EDNS0 said. > * On shutdown, PowerDNS now attempts to stop all processes in > its process group, especially useful for pipe/remotebackend > users. Feature donated by Spotify. > * Removed settings related to fancy records, as we haven't > supported those since version 3.0 > * Based on earlier work by Mark Zealey, Kees Monshouwer > increased our packet cache performance between 200% and > 500% depending on the situation, by simplifying some code > in g801812e and g8403ade. > > _______________________________________________ > Pdns-users mailing list > pdns-us...@mailman.powerdns.com > http://mailman.powerdns.com/mailman/listinfo/pdns-users _______________________________________________ Pdns-dev mailing list Pdns-dev@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-dev