We’re pleased to announce version 3.4.10 of our Authoritative Server.
This release fixes several bugs, decreases CPU usage and allows better interoperability with PowerDNS 4.0.X databases. It also adds a feature to limit AXFR sizes in response to CVE-2016-6172.
Tar.gz and packages are available on:
- Soon: https://www.monshouwer.eu/download/3rd_party/pdns/ (RHEL/CentOS, with the usual huge thanks to Kees Monshouwer).
Warning: Version 3.4.10 of the PowerDNS Authoritative Server is a major upgrade if you are coming from 2.9.x. Additionally, if you are coming from any 3.x version (including 3.3.1), there is a mandatory SQL schema upgrade. Please refer to the Upgrade documentation for important information on correct and stable operation, as well as notes on performance and memory use.
Find the downloads on our download page, https://www.powerdns.com/downloads.html
Changes since 3.4.9:
- commit 1f8078c: Enable mbedtls threading abstraction layer (Kees Monshouwer)
- commit 63a6800: Update polarssl 1.3.9 to mbedtls 1.3.17 (Kees Monshouwer)
- commit dc73734: Report DHCID type (Kees Monshouwer)
- commit 2c6e628: Fix TSIG for single thread distributor (Kees Monshouwer)
- commit 09bdd9f: Don’t send covering nsec records for direct nsec queries (Kees Monshouwer)
- commit da231a4: Ignore trailing dot in signer name (Kees Monshouwer)
- commit a014f4c: Add limits to the size of received AXFR, in megabytes
- commit 881b5b0: Reject qnames with wirelength > 255, chopOff() handle dot inside labels
- commit 210fb15: Gmysql get-order-after-query was slow (Kees Monshouwer)
- commit 7bab770: Sync boost.m4 with upstream (Kees Monshouwer)
- commit 9740371: Fix shorter best matching names in getAuth() (Kees Monshouwer)
- commit 991528c: change default for any-to-tcp to yes (Kees Monshouwer)