![[Note]](https://static.hsstatic.net/BlogImporterAssetsUI/ex/missing-image.png) |
Note |
|---|---|
| Downloads:
|
This is a performance, feature and bugfix update to 3.5/3.5.3. It contains important fixes for slightly broken domain names, which your users expect to work anyhow. It also brings robust resilience against certain classes of attacks.
Changes between RC1 and release:
- commit 30b13ef: do not apply some of our filters to root and gtlds, plus remove some useless {}
- commit cc81d90: fix yahttp copy in dist-recursor for BSD cp
- commit b798618: define __APPLE_USE_RFC_3542 during recursor build on Darwin, fixes ticket 1449
- commit 1d7f863: Merge pull request ticket 1443 from zeha/recursor-nostrip
- commit 5cdeede: remove (non-working) [aaaa-]additional-processing flags from the recursor. Closes ticket 1448
- commit 984d747: Support building recursor on kFreeBSD and Hurd
- commit 79240f1: Allow not stripping of binaries in recursor’s make install
- commit e9c2ad3: document pdns.DROP for recursor, add policy-drops metric for it
New features:
- commit aadceba: Implement minimum-ttl-override config setting, plus runtime configurability via ‘rec_control set-minimum-ttl’.
- Lots of work on the JSON API, which is exposed via Aki Tuomi’s ‘yahttp’. Massive thanks to Christian Hofstaedtler for delivering this exciting new functionality. Documentation & demo forthcoming, but code to use it is available on GitHub.
- Lua modules can now use ‘pdnslog(INFO..’), as described in ticket 1074, implemented in commit 674a305
- Adopt any-to-tcp feature to the recursor. Based on a patch by Winfried Angele. Closes ticket 836, commit 56b4d21 and commit e661a20.
- commit 2c78bd5: implement built-in statistics dumper using the ‘carbon’ protocol, which is also understood by metronome (our mini-graphite). Use ‘carbon-server’, ‘carbon-ourname’ and ‘carbon-interval’ settings.
- New setting ‘udp-truncation-threshold’ to configure from how many bytes we should truncate. commit a09a8ce.
- Proper support for CHaos class for CHAOS TXT queries. commit c86e1f2, addition for lua in commit f94c53d, some warnings in commit 438db54 however.
- Added support for Lua scripts to drop queries w/o further processing. commit 0478c54.
- Kevin Holly added qtype statistics to recursor and rec_control (get-qtypelist) (commit 79332bf)
- Add support for include-files in configuration, also reload ACLs and zones defined in them (commit 829849d, commit 242b90e, commit 302df81).
- Paulo Anes contributed server-down-max-fails which helps combat Recursive DNS based amplification attacks. Described in this post. Also comes with new metric ‘failed-host-entries’ in commit 406f46f.
- commit 21e7976: Implement “followCNAMERecords” feature in the Lua hooks.
Improvements:
- commit 06ea901: make pdns-distributes-queries use a hash so related queries get sent to the same thread. Original idea by Winfried Angele. Astoundingly effective, approximately halves CPU usage!
- commit b13e737: –help now writes to stdout instead of stderr. Thanks Winfried Angele.
- To aid in limiting DoS attacks, when truncating a response, we actually truncate all the way so only the question remains. Suggested inticket 1092, code in commit add935a.
- No longer experimental, the switch ‘pdns-distributes-queries’ can improve multi-threaded performance on Linux (various cleanup commits).
- Update to embedded PolarSSL, plus remove previous AES implementation and shift to PolarSSL (commit e22d9b4, commit 990ad9a)
- commit 92c0733 moves various Lua magic constants into an enum namespace.
- set group and supplementary groups before chroot (commit 6ee50ce, ticket 1198).
- commit 4e9a20e: raise our socket buffer setting so it no longer generates a warning about lowering it.
- commit 4e9a20e: warn about Linux suboptimal IPv6 settings if we detect them.
- SIGUSR2 turns on a ‘trace’ of all DNS traffic, a second SIGUSR2 now turns it off again. commit 4f217ce.
- Various fixes for Lua 5.2.
- commit 81859ba: No longer attempt to answer questions coming in from port 0, reply would not reach them anyhow. Thanks to Niels Bakker and ‘sid3windr’ for insight & debugging. Closes ticket 844.
- commit b1a2d6c: now, I’m not one to get OCD over things, but that log message about stats based on 1801 seconds got to me. 1800 now.
Fixes:
- 0c9de4fc: stay away from getaddrinfo unless we really can’t help it for ascii ipv6 conversions to binary
- commit 08f3f63: fix average latency calculation, closing ticket 424.
- commit 75ba907: Some of our counters were still 32 bits, now 64.
- commit 2f22827: Fix statistics and stability when running with pdns-distributes-queries.
- commit 6196f90: avoid merging old and new additional data, fixes an issue caused by weird (but probably legal) Akamai behaviour
- commit 3a8a4d6: make sure we don’t exceed the number of available filedescriptors for mthreads. Raises performance in case of DoS. See this post for further details.
- commit 7313fe6: implement indexed packet cache wiping for recursor, orders of magnitude faster. Important when reloading all zones, which causes massive cache cleaning.
- rec_control get-all would include ‘cache-bytes’ and ‘packetcache-bytes’, which were expensive operations, too expensive for frequent polling. Removed in commit 8e42d27.
- All old workarounds for supporting Windows of the XP era have been removed.
- Fix issues on S390X based systems which have unsigned characters (commit 916a0fd)
