PowerDNS: 2016 in review

Hi everyone,

As 2016 draws to a close, we’d like to share a few words on what has been achieved over the past year, our second year within Open-Xchange. This post will cover both our technical and commercial efforts, including the PowerDNS Platform which provides per-subscriber malware filtering & parental control. And, we are hiring!

At the end of 2015, we released ‘Technology Preview Releases’ of PowerDNS Authoritative Server 4, PowerDNS Recursor 4 and dnsdist 1.0. This was done to somewhat keep our promise of releasing those versions in 2015, but fell short of what we had hoped to achieve.

Now at the end of 2016 the news is a lot better. The actual 4.0 and 1.0 (dnsdist) releases have happened and are being deployed far faster than we’d been hoping for. This is probably due to some of the exciting new features:

  • RPZ for security & DNS filtering purposes (including IXFR)
  • dnsdist for reliability, flexibility and DoS protection
  • pdnsutil edit-zone for a pretty awesome way to edit DNS zones
  • DNSSEC validation in Recursor
  • Vastly more powerful Lua engines
  • ALIAS record type that now powers many of the .GOV search engines DNSSEC (including the White House!)

A notable DNSSEC deployment is over at our friends of xs4all who not only sign domains with the PowerDNS Authoritative Server, but recently have also turned on validation on their PowerDNS Recursors for their large userbase.

4.0 and dnsdist were both part of a ‘spring cleaning’ exercise. It is good to realize how rare it is for a software project to go through such an exercise. 4.0 and dnsdist are based on a much cleaned up and improved codebase.

We are also very grateful for our community that stepped up to contribute to 4.x in the form of code, great bug reports, design ideas, documentation and actual bug fixes. Our meagre offering of ‘PowerDNS Crew’ mugs is the least we could do!

Some stats that bear out the community involvement: In 2016, our Github repository was forked over a 100 times, yielding almost a 1000 Pull Requests most of which were merged, for a total of over 2500 new commits. These commits closed 1300 issue tickets.

As you may recall, since 2015 PowerDNS is part of OX, together with our cousins from Dovecot. When we announced the merger, some voiced fear about what this would mean for PowerDNS. We can now safely say that the state of the PowerDNS source in 2016 is way stronger than it was in 2015.

Besides finishing the spring cleaning of our open source products, 2016 also saw the release of the PowerDNS Platform which, unusually for us, is not fully open source. We explained this in our blog post as follows:

Putting it more strongly: we have learned that many organizations simply no longer have the time or desire to assemble all the technologies themselves around our Open Source products.

We will therefore be marketing the additional functionalities we have been delivering to our customers as a product tentatively called the “PowerDNS Platform”

The “PowerDNS Platform” as we ship it consists of our core unmodified Open Source products, plus loads of other open source technologies, combined with a management shell that is not an Open Source product that we’ll in fact sell.

The PowerDNS Platform is described here. Feedback on the move to supply the Platform has been good, both from our commercial users and from the PowerDNS development  and wider DNS community, for which we are grateful.

Now at the end of 2016 we can report that the PowerDNS Platform has been selected to provide a malware & parental control enabled DNS solution for over 10 million Internet subscribers in Europe. We will be displacing a fully closed solution, which is a win for an open internet.

In addition, this commercial progress provides a healthy & sustainable basis on which to continue to develop the PowerDNS nameservers and dnsdist.

PowerDNS.org

We have regained control over powerdns.org. As outlined in our blogpost:

Recently we decided it was time to get the .org back anyhow and after negotiating for a few days we finally paid up, and shortly after that we were back in control of powerdns.org, at a cost of $1000.

This personally left me with a bad aftertaste since effectively we have paid a chain of people that specialise in taking over domains for ransom purposes.

msf

To compensate for all this, we’ve decided to donate €1000 to the Doctors without Borders charity.

Mugs

We have shipped close to 500 PowerDNS Release mugs to contributors, friends and conference visitors. If you missed out on our giveaway, you can order PowerDNS mugs online from our friends over at Mugbug, who have been an absolute joy to work with.

Root-server speedup

We also had a good time working with the fine people of the RIPE NCC. Anand Buddhdev there decided to do some benchmarking to determine the root-server suitability of a bunch of nameservers. And lo, during his testing, he found that PowerDNS 4.0 was not very suitable. After a good month of investigations & improvements, we managed to achieve a 400% speedup in the PowerDNS Authoritative Server which actually also helped the PowerDNS Recursor.

We shared our learnings on modern optimization in this Medium post which at >10k visits is the second best read post we have ever done. These speedups will be available in the 4.1 releases of our software.

People

PowerDNS grew this year! Open-Xchange gained a product manager (Alexander ter Haar) and we are also benefiting greatly from Nico Cartron (previously of EfficientIP) and Andrea Tosatto who are helping with automation, deployability and pre-sales work. In addition, we continue to work happily with members of the extended PowerDNS family who we contract with for development, training, documentation and professional services.

But.. it is not enough. We are still looking for two permanent positions, one in professional services, one in front-end development with a smattering of backend. For more details, please head to our careers page.

Finally

Thank you for being involved with PowerDNS, the software and the community. Reading this post to the end means you really care. 🙂

We wish you a great 2017!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s