We are proud to announce the first release candidate of PowerDNS Recursor 4.9.0.
Compared to the previous major (4.8) release of PowerDNS Recursor, this release contains the following major changes:
- The performance impact of metrics collection has been reduced by using lock-free non-atomic thread-local counters.
- The packet cache is sharded and shared by all threads.
- The TTL of negative answers in the packet cache can now be controlled separately from positive and failure answers.
- The rec_control trace_regex command writes the generated trace information to a specified file instead of the general log. The trace information contains more precise timestamps and DNSSEC validation information.
- If extended-resolution-errors is enabled EDNS errors are now generated in more cases, specifically when authoritative servers for a zone are unreachable or when synthesising answers by e.g. using the aggressive NSEC cache.
- The aggressive NSEC cache has been changed not to store NSEC3 entries which cover only a small fraction of possible names. This also allows switching off the aggressive cache for NSEC3 only.
- It is now possible to switch off root-refreshing completely.
- Proper handling of security policies that restrict the use of specific DNSSEC algorithms on RHEL9 derived systems.
Feedback is appreciated!
As a follow-up to the shared packet cache, the default way the recursor distributes requests over worker threads has now been changed to let the operating system kernel do that, by changing the defaults of pdns-distributes-queries to no and reuseport to yes. Though our testing has shown benefits to this approach, we have seen that in some rare cases (depending on OS and client traffic patterns) this can have negative consequences: the queries are not distributed equally over the worker threads. If you are running this pre-release, we would appreciate your feedback to be able to confirm the change of defaults benefits the vast majority of cases. Watch the periodic statistics printed by the recursor to see if the worker threads process about roughly amounts of queries. Especially if you see an imbalance, send us details about the OS, hardware and configuration.
With the future final 4.9.0 release, the 4.6.x releases will be EOL and the 4.7.x and 4.8.x releases will go into critical fixes only mode. Consult the EOL policy for more details.
We would also like to mention that with the 4.5 release we stopped supporting systems using 32-bit time. This includes many 32-bit Linux platforms.
We are grateful to the PowerDNS community for the reporting of bugs, issues, feature requests, and especially to the submitters of fixes and implementations of features.