PowerDNS Authoritative Server 4.1.0 Release Candidate 1 Released

Aug 31, 2017

PowerDNS Authoritative Server 4.1.0 RC1 is here!

This release marks The Return of the LDAP Backend. Also recursion has been removed from the authoritative server (see #4752 below) and a CryptoKey API endpoint is now available.

The full changelog looks like this:

New Features

  • #4624: Add TCP management options described in section 10 of RFC 7766.
  • #5137: Add TCP Fast Open support.
  • #5258, #5132: Hash the entire query in the packet cache, split caches. This makes the authoritative server pass the EDNS compliance test. Add cache hit/miss statistics (Kees Monshouwer).
  • #5190, #5271: Add an adjustable statistics interval (#phonedph1).
  • #5316: Add option to set a global lua-axfr-script (Kees Monshouwer).
  • #4964, #1701, #4965: Allow forwarding of NOTIFY messages using forward-notify (#DrRemorse).
  • #5038, #4093: Add API endpoints for Domain metadata (Christian Kröger).
  • #4106: Implement CryptoKey in the API (Wolfgang Studier, #MrM0nkey, Tudor Soroceanu, Benjamin Zengin).
  • #5339: calidns: add –increment and –want-recursion flags.
  • #4058: Allow the use of a Lua script to validate DNS Update requests (Aki Tuomi).
  • #5264, #5263, #5321: Send a notification to all slave servers after every dnsupdate (Kees Monshouwer, Florian Obser).
  • #5115: Support “native” zones in the BIND backend.
  • #4477: Many improvements and additions to the LDAP backend (Grégory Oestreicher).
  • #5270, #5266, #5269: Support 2-character country codes and the MaxMind cities database in the GeoIP backend (Aki Tuomi).
  • #5043: Add function to the MyDNS backend to allow backend-to-backend migrations (Aki Tuomi).
  • #5379: Support the SMIMEA RRType.

Removed Features

Improvements

  • #4373: Revamp and clean label compression code. Speeds up large packet creation by ~40%.
  • #4332: Apply non-local-bind to query-local-address and query-local-address6 when possible.
  • #4492, #4467: A number of fixes and improvements that are difficult to untangle:
    • Remove the ASCII DNSResourceRecord from the hot path of packet assembly,
    • Hash the storage of records in the BindBackend,
    • Hash the packetcache,
    • Fix some bugs in the LDAP backend and in the MyDNS backend,
    • Make the randombackend go ‘native’ and directly supply records that can be sent to packets,
    • The performance benefit of this PR is measured in “factors” for being a root-server.
  • #4504: Improve cleaning, remove an unnecessary lock and improve performance of the packetcache (Kees Monshouwer).
  • #4485: Improve SOA records caching (Kees Monshouwer).
  • #4829: Make sure AXFR only deletes records from a SLAVE domain in a multi backend setup (Kees Monshouwer).
  • #4908: Tidy up UeberBackend (Christian Hofstaedtler).
  • #4944: Improve API performance by instantiating only one DNSSECKeeper per request.
  • #4953: Incremental backoff for failed slave checks.When a SOA record for a slave domain can’t be retrieved, use an increasing interval between checking the domain again. This prevents hammering down on already busy servers.
  • #4549: Remove d_place from DNSResourceRecord (Christian Hofstaedtler).
  • #5169: Add an option to allow AXFR of zones with a different (higher/lower) serial (Kees Monshouwer).
  • #5112: Use the resolver setting for the stub resolver, use resolv.conf as fallback.
  • #5250: Re-implement the AXFR Filter with LuaContext (Aki Tuomi).
  • #5387: Allow control socket to listen on IPv6 (#Gibheer).
  • #5523: Fix typo in two log messages (Ruben Kerkhof).
  • #5542: Update YaHTTP (to fix a warning reported by Coverity).
  • #5541: Clarify how we check the return value of std::string::find() (reported by Coverity).
  • #5543: Wrap the webserver’s and Resolver::tryGetSOASerial objects into smart pointers.
  • #4692: SSql: Use unique_ptr for statements (Aki Tuomi).
  • #5599: Fix libatomic detection on ppc64 (Sander Hoentjen).
  • #5588: Switch the default webserver’s ACL to “127.0.0.1, ::1”.
  • #5611: NOTIMP is only appropriate for an unsupported opcode (Kees Monshouwer).
  • #5641: Catch DNSName exception in the Zoneparser.
  • #5583: Listen on 127.0.0.1 during regression tests (#tcely).
  • #4408: Enable the webserver when api is ‘yes’ (Christian Hofstaedtler).
  • #4751: Prevent sending nameservers list and zone-level NS in rrsets in the API (Christian Hofstaedtler).
  • #5389: Forbid mixing CNAMEs and other RRSets in the API (Christan Hofstaedtler).
  • #4195: Prevent duplicate records in single RRset (Christian Hofstaedtler).
  • #4007: Implement subcommand printing all KSK DS records in pdnsutil (Jonas Wielicki).
  • #4584: Allow setting the account of a zone via pdnsutil (Tuxis Internet Engineering).
  • #4719: Print “$ORIGIN .” on “pdnsutil list-zone”, so the output can be used in “pdnsutil load-zone” (Tuxis Internet Engineering).
  • #4478: pdnsutil: clarify error message when set-presigned fails with DNSSEC disabled (Peter Thomassen).
  • #3913: pdnsutil: Validate names with address records to be valid hostnames (Håkan Lindqvist).
  • #5118: Correct pdnsutil help output for add-zone-key.
  • #5062: Check for valid hostnames in SRV, NS and MX records.
  • #5182: Disable ALIAS expansion by default.
  • #5094: Make the zone parser adhere to RFC 2308 with regards to implicit TTLs. Existing zone files may now be interpreted differently. Specifically, where we previously used the SOA minimum field for the default TTL if none was set explictly, or no $TTL was set, we now use the TTL from the previous line.
  • #5605: mydnsbackend: Initialize d_query_stmt (Aki Tuomi).
  • #4711: Enable setting custom pgsql connection parameters, like TLS parameters (Tarjei Husøy).
  • #5121, #5221: Use pkg-config to detect PostgreSQL libraries.
  • #5426: Use BIGSERIAL for records.id in the gpgsql backend (Arsen Stasic).
  • #5509: Ship ldapbackend schema files in tarball (Christian Hofstaedtler).
  • #5548: Add ability to have service record for apex record and any other static record (Aki Tuomi).
  • #5116: Report query statistics as full numbers, not scientific notation in the webserver.
  • #5518: Schema changes for MySQL / MariaDB and PostgreSQL to for storage requirements of various versions (Kees Monshouwer).

Bug Fixes

  • #4424: Fix compilation on systems with Boost < 1.54
  • #4560, #4548: Fix possible variable shadowing (Kees Monshouwer, Christian Hofstaedtler).
  • #4855: Fix “getaddrinfo()” returning address in triplicate.
  • #5117: Turn exception in a qthread into an error instead of a crash.
  • #5249, #5212: Remove duplicate dns2_tolower() function and move ascii-related function to one file (Thiago Farina).
  • #5209: Make copying locks impossible.
  • #5320: Properly truncate trailing bits of EDNS Client Subnet masks.
  • #5161, #5083: Fix regressions in the AXFR rectification code (Kees Monshouwer, Arthur Gautier).
  • #5408: Zero the port when creating a netmask from a ComboAddress.
  • #5512: Drop (broken) support for packet-specific SOA replies from backends (Christian Hofstaedtler).
  • #5525: Fix validation at the exact RRSIG inception or expiration time
  • #5519: Lookups one level (or more) below apex did confuse getAuth() for qytpe DS (Kees Monshouwer).
  • #5633: First and last SOA in an AXFR must be identical (Kees Monshouwer).
  • #4526: Make the URL in zone info absolute (Christian Hofstaedtler).
  • #5516: Avoid creating fake DNSPacket objects just for calling getAuth() from API code (Christian Hofstaedtler).
  • #5589: Check if the API is read-only on crypto keys methods.
  • #5556: Fix getSOA() in luabackend (#zilopbg).
  • #4740: Avoid undefined behaviour in Clang vs. GCC when printing DS records in pdnsutil.
  • #5125: In “pdnsutil create-slave-zone”, actually add all slaves.
  • #5303: Fix off-by-one in dnsreplay –packet-limit.
  • #5610: Fix that pdnsutil edit-zone complains about auth=1 problems on all data.
  • #4650: Do not corrupt data supplied by other backends in getAllDomains (Christian Hofstaedtler).
  • #5245: Reconnect to the server if the My/Pg connection has been closed.
  • #4929: Make statement actually unique (Christian Hofstaedtler).
  • #5506: Add missing query for last key insert id in the goracle backend (Aki Tuomi).
  • #4922: Fix ldap-strict autoptr feature.
  • #5340: Fix an erroneous ‘.’ in “.ip6.arpa” (#shantikulkarni).
  • #5267: Apply weights consistently during GeoIP lookups (Aki Tuomi).
  • #4997: Fix two problems with remotebackend (Aki Tuomi):
    • list method used domain-id json parameter, when it was supposed to use domain_id
    • NULL ordername was not passed as empty string in POST parameters builder, instead it threw an exception
  • #5308: Don’t copy data around in the Remote Backend when sending and receiving in the Unix Connector.

The tarball is available on downloads.powerdns.com (signature) and packages for CentOS 6 and 7, Debian Jessie and Stretch, Ubuntu Trusty, Yakkety, Xenial and Zesty are available from repo.powerdns.com.

We invite you to test this alpha and send us all feedback and issues you might have via the mailinglist, or in case of a bug, via GitHub.

About the author

Peter van Dijk

Peter van Dijk

Senior Developer at PowerDNS

Related Articles

PowerDNS Authoritative Server 4.9.0

This is release 4.9.0 of the Authoritative Server. It brings a few new features, and a collection of small improvements and...

Peter van Dijk Mar 15, 2024

PowerDNS Recursor: Extended DNS Errors Help You Troubleshooting

This is the seventh episode of a series of blog posts we are publishing, mostly around recent developments with respect to...

Otto Moerbeek Mar 12, 2024

PowerDNS Recursor 4.8.7, 4.9.4 and 5.0.3 Released

Today we have released PowerDNS Recursor 4.8.7, 4.9.4 and 5.0.3. These releases are maintenance releases that fix a few...

Otto Moerbeek Mar 7, 2024

PowerDNS Authoritative Server 4.9.0-beta2

This is release 4.9.0-beta2 (beta1 was not released, due to a tagging mistake) of the Authoritative Server. It brings a few...

Peter van Dijk Feb 16, 2024