Authoritative Server 3.4.2 Released

Warning: Version 3.4.2 of the PowerDNS Authoritative Server is a major upgrade if you are coming from 2.9.x. Additionally, if you are coming from any 3.x version (including 3.3.1), there is a mandatory SQL schema upgrade. Please refer to the Upgrade documentation for important information on correct and stable operation, as well as notes on performance and memory use.

Released February 3rd, 2015

Find the downloads on our download page.

This is a performance and bugfix update to 3.4.1 and any earlier version. For high traffic setups, including those using DNSSEC, upgrading to 3.4.2 may show tremendous performance increases. Please let us know!

We would like to thank Patrik Wallström of IIS, Kees Monshouwer and Fredrik Eriksson of Loopia for working with us on solving several issues that only became apparent on a 750000 domain (!) DNSSEC installation, the last of which we could eventually trace to memory fragmentation in the secure allocator of our cryptography library. This bug chase, which lasted for over a month, led to numerous other improvements, like better statistical metrics for plotting (actual CPU usage, uptime, key cache size, signatures/s) and the ‘sharding’ of our internal caches to better support multi-CPU operations.

A list of changes since 3.4.1 follows:


Bug fixes:

  • commit 60b2b7c, commit d962fbc: refuse overly long labels in names
  • commit a64fd6a: auth: limit long version strings to 63 characters and catch exceptions in secpoll
  • commit fa52e02: pdnssec: fix ttl check for RRSIG records
  • commit 0678b25: fix up latency reporting for sub-millisecond latencies (would clip to 0)
  • commit d45c1f1: make sure we don’t throw an exception on “pdns_control show” of an unknown variable
  • commit 63c8088: fix startup race condition with carbon thread already trying to broadcast uninitialized data
  • commit 796321c: make qsize-q more robust
  • commit 407867c: Kees Monshouwer discovered we count corrupt packets and EAGAIN situations as validly received packets, skewing the udp questions/answers graphs on auth.
  • commit f06d069: make latency & qsize reporting ‘live’. Plus fix that we only reported the qsize of the first distributor.
  • commit 2f3498e: fix up statbag for carbon protocol and function pointers
  • commit 0f2f999: get priority from table in Lua axfrfilter; fixes ticket #1857
  • commit 96963e2, commit bbcbbbe, commit d5c9c07: various backends: fix records pointing at root
  • commit e94c2c4: remove additional layer of trailing . stripping, which broke MX records to the root in the BIND backend. Should close ticket #1243.
  • commit 8f35ba2: api: use uncached results for getKeys()
  • commit c574336: read ALLOW-AXFR-FROM from the backend with the metadata

Minor changes:

New features:

  • commit 1b97ba0: add signatures metric to auth, so we can plot signatures/second
  • commit 92cef2d: pdns_control: make it posible to notify all zones at once
  • commit f648752: JSON API: provide flush-cache, notify, axfr-receive
  • commit 02653a7: add ‘bench-db’ to do very simple database backend performance benchmark
  • commit a83257a: enable callback based metrics to statbas, and add 5 such metrics: uptime, sys-msec, user-msec, key-cache-size, meta-cache-size, signature-cache-size

Performance improvements:


  1. Pingback: PowerDNS Authoritative Server 3.4.2 Released | FirstDNS
  2. Pingback: PowerDNS Authoritative Server 3.4.2 Released | DNS & network news

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s