We’re proud to release the first alpha version of the PowerDNS Authoritative Server 4.2 series. While some users have already deployed this version straight from our package builders or master repositories, this is still a very fresh release.
4.2 represents almost a year of development over 4.1 and contains some major new features and improvements, while deprecating some functionality you may have been relying on (autoserial, for example).
This release was made possible by contributions from: Gibheer, @KamagoNet, Privex, @RvdE, Sven Kieske, Alexander Fisher, @bandzoogle, Olivier Voortman, Leon Xu, @cclauss, Aki Tuomi, Ruben, @dkoster, Doug Freed, Anhad Jai Singh, Florian Obser, Richard Gibson, Oli, Jan-Arve Nygård, JP Mens, Josh Soref, Klaus Darilion, Kirill Ponomarev, Olivier van der Toorn, Kees Monshouwer, Matt Nordhoff, Aleksejs Spiridonovs, @oridistor, OSSO B.V., Peter Thomassen, Pierce Lopez, Ruben Kerkhof, spirillen, Stefan Bühler, Tom Ivar Helbekkmo, Sander Hoentjen, Wild Kat, Chris Hofstaedtler and @zilopbg.
Lua records
An important new feature is the support for Lua Records, which make the following possible, from any backend (even BIND!):
@ IN LUA A "ifportup(443, {'52.48.64.3', '45.55.10.200'})"
This will poll the named IP addresses (in the background) and only serve up hosts that are available. Far more powerful constructs are possible, for example to pick servers from regional pools close to the user, except if all servers in that pool are down. It is also possible to do traffic engineering based on subnets or AS numbers. A simple example:
@ IN LUA A ( "ifportup(443, {'52.48.64.3', '45.55.10.200'}, "
"{selector='closest'})
For more about this feature, please head to the documentation.
Deprecations
4.2 will see the removal of the poorly documented ‘autoserial’ feature. This removal decision was not taken lightly but as noted, its removal allows us to fix other bugs. Autoserial was holding us back. We realise it is no fun when a feature disappears, but since Authoritative Server 4.1 is still around, you can still use that if you require ‘autoserial’.
Following RFC6986 and anticipating the publication of Algorithm Implementation Requirements and Usage Guidance for DNSSEC, support for both ECC-GOST signing and GOST DS digests have been removed.
ixfrdist
A new tool ixfrdist transfers zones from an authoritative server and re-serves these zones over AXFR and IXFR. It checks the SOA serial for all configured domains and downloads new versions to disk. This makes it possible for hundreds of PowerDNS Recursors (or authoritative servers) to slave an (RPZ) zone from a single server, without overwhelming providers like our friends over at Spamhaus/Deteque and Farsight.
Inspired by our Open-Xchange colleagues our API is now described by a Swagger spec!
Log-log histograms
Over at PowerDNS, we love statistics. Making sense of DNS performance is not that easy however – most queries get answered very quickly, but it is the outliers that determine how users “experience the internet”. It turns out that log-log histograms make it possible to fully capture the quality of a DNS service. As explained in this blog post, PowerDNS now comes with tooling to make such histograms:
Note that this tooling is not specific to PowerDNS Authoritative or even PowerDNS: it will analyse any PCAP file with DNS in there.
Improvements, fixes
- Threads now set their name
- Massive speedup in record deduplication code, which was causing problems when serving very large responses
- Support for OpenSSL 1.1.1’s ed25519 and ed448
- Enhance query-logging with timing for MySQL, PostgreSQL and SQLite. Slow databases are a frequent cause for bad PowerDNS performance. This logging delivers detail on how slow/fast your backend is for specific queries.
Much more
The changelog lists many more improvements and bug fixes.
Please also see the recent Important Changes in PowerDNS Authoritative Server 4.2.0 and Enabling continuous fuzzing of PowerDNS products blog posts.
